Free tools and resources for Data Protection Officers!

Tag Archives for " software "

Instagram GDPR Tool Exposes Subscriber Passwords

A warning has been issued by Instagram that a number of users of the social media platform have had their password details exposed by a security leak.

Ironically, this breach occurred due to a flaw in the ‘Download Your Data’ tool that Instagram added to the platform to allow users to download a copy of their own data. Instagram sent these users their passwords in plain text. This feature was implemented in April in order to ensure compliance with the European Union General Data Protection legislation which became enforceable on May 25 this year. The tool was developed due to privacy concerns in the aftermath of Facebook’s Cambridge Analytica scandal.

Full article: Instagram GDPR Tool Exposes Subscriber Passwords – Compliance Junction

Google is Adding Force-Installed Extension Removal to the Chrome Cleanup Tool

Google Chrome includes a built-in utility called the Chrome Cleanup Tool that scans for and remove malware that injects ads or performs other unwanted behavior in Chrome. A problem, though, is that this tool does not allow the removal of Chrome extensions that are force-installed through Windows group policies.

This is about to change according to a Chrome source code commit, which has the description of “Update chrome_cleaner/chrome_utils to remove force-installed extensions.” According to this update, the Chrome Cleanup Tool will now be able to detect and remove force-installed extensions. It will, though, utilize a whitelist of Google extensions that should continue to be automatically installed.

Full article: Google is Adding Force-Installed Extension Removal to the Chrome Cleanup Tool

Widely used open source software contained bitcoin-stealing backdoor

A hacker or hackers sneaked a backdoor into a widely used open source code library with the aim of surreptitiously stealing funds stored in bitcoin wallets. The malicious code was inserted in two stages into event-stream, a code library with 2 million downloads that’s used by Fortune 500 companies and small startups alike.

In stage one, version 3.3.6, published on September 8, included a benign module known as flatmap-stream. Stage two was implemented on October 5 when flatmap-steam was updated to include malicious code that attempted to steal bitcoin wallets and transfer their balances to a server located in Kuala Lumpur. The backdoor came to light last Tuesday with this report from Github user Ayrton Sparling.

Full article: Widely used open source software contained bitcoin-stealing backdoor | Ars Technica

The Hack Millions of People Are Installing Themselves

Security conscious users keep their operating system and other software up to date, but a huge risk is often overlooked: the underground trade of malicious browser extensions that people install themselves.

Extensions are in such as prime position for hackers because, depending on the purpose of the extension, they may have special permissions to access information inside the web browser. These can range from the data on all the websites you visit, which lets the extension potentially read, request, or modify data on anything, from your online banking site to Facebook. Others may request access to your browsing history, your clipboard, or bookmarks. The security of the particular browser may be great—it is getting more and more expensive for someone to remotely hack Chrome, for example—but that protection can be undermined if a malicious extension is just sitting inside the browser.

Full article: The Hack Millions of People Are Installing Themselves – Motherboard

It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price

We’re living in the golden age of spyware and government hacking, with companies rushing to join a blossoming billion dollar market. The weakest among us—activists or journalists—will suffer the consequences if we don’t regulate it appropriately.

Full article: It’s Amateur Hour in the World of Spyware and Victims Will Pay the Price – Motherboard

China surveillance tech can ID people by their walk

Chinese authorities have started using “gait recognition” software – artificial intelligence that identifies people by their body shape and the way they walk – for mass surveillance on the streets of Beijing and Shanghai. The tech can reportedly recognize people from up to 50 meters away, even if their face is hidden or their back is facing the camera.

Full article: China surveillance tech can ID people by their walk, report says – CNET

GDPR Readiness Survey for Software and SMEs

The GDPR Readiness Survey for Software and SMEs will show you the latest approach taken by entrepreneurs to comply with the GDPR. In this GDPR Readiness Survey, 100 different software companies and startups of varying sizes, ranging from 1-250 employees, were surveyed.

50% of respondents indicated they managed GDPR compliance internally without the consultation of an external body or an external lawyer. 42% of respondents contacted a lawyer to advise on GDPR compliance.

52% of survey respondents believed that they are fully GDPR compliant

Full article: GDPR Readiness Survey for Software and SMEs

Am I logged in or not? GDPR case study on the example of Chrome browser change

Starting with Chrome 69, when you log into a Google service (GMail, or so), Google Chrome is effectively logging you into the browser. This change apparently “solves” the hypothetical issue of user confusion: “am I logged into the system or into the browser?” And at the same time is creating others.

Full article: Am I logged in or not? GDPR case study on the example of Chrome browser change

French cyber-security agency open-sources CLIP OS, a security hardened OS

The National Cybersecurity Agency of France, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), has open-sourced CLIP OS, an in-house operating system its engineers had developed to address the needs of the French government administration.

In a press release, ANSSI described CLIP OS as a “Linux-based operating system [that] incorporates a set of security mechanisms that give it a very high level of resistance to malicious code and allow it to protect sensitive information.”

Source: French cyber-security agency open-sources CLIP OS, a security hardened OS | ZDNet

Cybersecurity Firm Finds Way to Alter WhatsApp Messages

A cybersecurity company said it had discovered a flaw in WhatsApp, the Facebook-owned messaging service with 1.5 billion users, that allows scammers to alter the content or change the identity of the sender of a previously delivered message. WhatsApp, however, says it is still safe, and what Check Point Software discovered was a system operating as it was intended.

Source: Cybersecurity Firm Finds Way to Alter WhatsApp Messages – The New York Times

1 2 3
>