Major security flaws in popular smart doorbells are putting consumers at risk of being targeted by hackers inside their homes, according to Which.#technology #tech #security #privacy #hacking #malware #SmartHome
The consumer group says devices being sold on marketplaces such as Amazon and eBay, could easily be hacked or switched off by criminals.
It is asking the government for new legislation to safeguard consumers.
Amazon has removed at least seven product listings in response to the findings.
Purism, a Social Purpose Company (SPC) focusing on security and privacy with its hardware and software, has begun shipping its mass-produced Librem 5 phone to customers.#technology #tech #security #privacy #cellphone #mobile #Purism #Librem
The Librem 5 is a one-of-a-kind general-purpose computer in a phone form-factor that Purism has designed and built from scratch following a successful crowdfunding campaign that raised over $2.2 million. Both the hardware and software design is focused on respecting the end user’s freedom and giving them control over their privacy and security. The Librem 5 doesn’t run Android nor iOS but instead runs the same PureOS operating system as Purism’s laptops and mini PC.
A team of academics has detailed this week novel research that converted a smart vacuum cleaner into a microphone capable of recording nearby conversations.The other day I managed to convert my Twitter device into a telephone.
Named LidarPhone, the technique works by taking the vacuum's built-in LiDAR laser-based navigational component and converting it into a laser microphone.
Starting in Firefox version 83, you can change your preferences to HTTPS-Only Mode. This security enhancing mode forces all connections to websites to use HTTPS. Most websites already support HTTPS; some support both HTTP and HTTPS. Enabling this mode provides a guarantee that all of your connections to websites are upgraded to use HTTPS and hence secure. Learn more about the benefits and how to enable HTTPS-Only Mode.The latest version (83.0) of Firefox web browser is out today and it features the ability to only use HTTPS secure connections. To turn it on, go into Preferences, click the Privacy & Security link, then scroll down to the bottom of the page. You can turn it on for all windows, private windows only, or turn it off.
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.#technology #tech #privacy #security #US #military
Now, it’s been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple.The daemon that does this is MacOS 11's new ContentFilterExclusionList, meaning that it cannot be blocked by any user-controlled firewall or VPN. That list also includes CommCenter (the tool that lets you make phone calls from your Mac) and Maps.
The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don’t permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.
Those shiny new Apple Silicon macs that Apple just announced, three times faster and 50% more battery life? They won’t run any OS before Big Sur.[...]
Your computer now serves a remote master, who has decided that they are entitled to spy on you. If you’ve the most efficient high-res laptop in the world, you can’t turn this off.Apple can ALSO, via online certificate checks, prevent you from launching any application it doesn't want you to open — or is told not to let you open. And the article goes on to explain how all of your iMessage traffic is captured as well, via insecure iCloud backups.
Google on Thursday was sued for allegedly stealing Android users' cellular data allowances though unapproved, undisclosed transmissions to the web giant's servers.#technology #tech #Google #privacy #security #DontBeEvil
Google Maps knows everything. Not just about every street, and every cafe, bar and shop on that street, but the people who go to them. With 1 billion monthly active users, the app is embedded in people’s lives – directing them on their commute, to their friends’ and families’ homes, to doctor’s appointments and on their travels abroad.#technology #tech #Google #Maps #navigation #privacy #security
The fact that Google Maps has the power to follow your every step doesn't automatically mean it’s misusing that power. But they could, which is an issue in and of itself, especially since Google’s headquarters are in the US, where privacy legislation is looser than in Europe and intelligence agencies have a history of surveilling private citizens (I see you, NSA)
It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.https://sneak.berlin/20201112/your-computer-isnt-yours/
Currently, we all have personal data stored on servers owned by tech giants like Apple, Facebook, and Google. With Solid, all our personal data is stored in a secure repository which we control. That could be our own server at home, or a Solid supplier chosen by us – but the key is that we control our data, and we decide which websites and apps are given access to which elements of it. We can also revoke permissions at any time.#technology #tech #internet #TimBernersLee #Solid #privacy #security #DataProtection
youtube-dlIs Not Gone
youtube-dlis not gone. It's only gone from GitHub, which all right-thinking projects have already left, anyway. (Check out https://codeberg.org/).
youtube-dlnow the way we always have.
sudo curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o /usr/local/bin/youtube-dl sudo chmod a+rx /usr/local/bin/youtube-dl
curl -L [url=https://yt-dl.org/downloads/latest/youtube-dl]https://yt-dl.org/downloads/latest/youtube-dl[/url] -o ~/bin/youtube-dl chmod 755 ~/bin/youtube-dl
sudo. We update
youtube-dl -U. It's necessary to update
If you want to protect your email from prying eyes, but don’t need the kind of protection that keeps spies and whistleblowers alive, ProtonMail could be the secure email service for you. It utilizes PGP encryption standards, is based in Switzerland, and has a solid reputation in the privacy community.. Editor’s Note: Guest author Sven Taylor...
A new Bluetooth vulnerability could allow an attacker to downgrade or bypass Bluetooth encryption keys, opening the door to man-in-the-middle attacks or other types of malicious exploits.#technology #tech #Bluetooth #security #privacy #hacking
Amazon PR demanding we correct an article because we referred to an Echo as a "microphone"-- Jason Koebler / Vice
While it’s natural to be chiefly concerned about privacy when your apartment comes with an Amazon microphone pre-installed...
The next time you unlock your front door, it might be worth trying to insert your key as quietly as possible; researchers have discovered that the sound of your key being inserted into the lock gives attackers all they need to make a working copy of your front door key.A bit of nominative determinism going on with that researcher? Anyway, this article leads to a couple of other worrying facts.
How Soundarya Ramesh and her team accomplished this is a fascinating read.
Twitter on Wednesday disclosed a new security vulnerability that may have exposed the direct messages of users who access the service using Android devices.#technology #tech #security #privacy #hacking #Android
Specifically, the vulnerability could have exposed the private data of Twitter users running devices with Android OS versions 8 and 9, the company said.
“This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this,” the company said in a blog post.