Tag Archives: eBay

Security News for the Week Ending May 29, 2020

Hackers Have Access to iOS 14 Months Before You Will

Apple gives developers early prototypes of their new software so that Apple doesn’t have a disaster on its hands when the new software is released and user’s applications no longer work. Unfortunately, some developers sell those phones – or at least access to them – so that they can get unlocked copies of the OS to hack and reverse engineer. This is why hacks appear so quickly after the new versions are finally released. Credit: Vice

Reports: eBay is Scanning User’s Computers for Open Ports

Bleeping Computer tested reports that users who visit eBay’s web site have their Windows computers scanned for open ports. It is possible that they are looking for computers that are compromised and used to commit fraud. However, accessing a user’s computer like this likely violates the Justice Department’s interpretation of the Computer Fraud and Abuse Act, which is a felony, specifically because they did not ask for permission. That “interpretation” is now being reviewed by the Supreme Court. Expect lawsuits. Credit: Bleeping Computer

UK Says They Will Keep Contact Tracing Info for 20 Years

No big surprise here – I expected this. This is the downside of the “centralized” model for contact tracing apps.

According to the privacy notice attached to the UK’s new contact tracing app, data collected by the app will be stored for up to 20 years.

And, you have no right to have it deleted. Credit: Computing UK

Abandoned Apps May Pose a Security Risk to Mobile Devices

If you are like most people, you have a number of apps on your phone or tablet.

Question for you – whether you use every single one of those apps frequently or not – is how many of those apps are still supported by the developer? That includes the so-called “packages” that the app developer used to write that app.

The unsupported app – with bugs that have not be discovered or patched – can provide an avenue for exploit by hackers. For as long as those apps remain on your phone.

So while you are not using that app, hackers are trying to figure out how to exploit it. The risk is higher than you might think. Credit: Dark Reading

News Bites For April 14, 2015

I wrote about an attack on hotel routers a few weeks ago (see post).  Today, I heard more details on the attack.  ANTlabs InnGate router, used by many hotel chains (see advisory), was configured incorrectly.  This configuration error allowed anyone to read or write any file in the router, thereby easily owning that router and doing whatever they want to do to its customers.

This means the attacker could push software to a user’s device, sniff traffic or insert traffic that would be thought to be from the user’s device.  Pretty ugly.

###############

According to several sources that seem to have picked up the same article, Google and eBay have begun to move data of Russian users into Russian data centers, ahead of a law that takes effect on Sep 1, 2015 requiring that.  The alternative would seem to be to close down Russian operations, which probably did not seem attractive to either organization.

How or if they will protect Russian user’s data is unclear.  With their servers within physical control of the KGB/FSB, that may be difficult.

Update:  Google is denying that they are doing that, but they are not saying anything about what they are doing, so it is unclear what they are doing.  Things should become clearer by September 1.

###############