How bad the problem with John Deere Tractors really is, how not being open leads to incredibly bad security

Posted on August 18, 2022 by Robin Edgar

Last Saturday, I sat in a crowded ballroom at Caesar’s Forum in Las Vegas and watched Sickcodes jailbreak a John Deere tractor’s control unit live, before an audience of cheering Defcon 30 attendees (and, possibly, a few undercover Deere execs, who often attend Sickcodes’s talks). The presentation was significant because Deere – along with Apple Read more about How bad the problem with John Deere Tractors really is, how not being open leads to incredibly bad security[…]

Samsung adds ‘repair mode’ to smartphone

Posted on August 1, 2022 by Robin Edgar

When activated, repair mode prevents a range of behaviors – from casual snooping to outright lifting of personal data – by blocking access to photos, messages, and account information. The mode provides technicians with the access they require to make a fix, including the apps a user employs. But repairers won’t see user data in Read more about Samsung adds ‘repair mode’ to smartphone[…]

how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts

Posted on July 20, 2022 by Robin Edgar

The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats, & a sunroof. One thing I particularly liked about this vehicle was the In-Vehicle Infotainment (IVI) system. As I mentioned before it Read more about how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts[…]

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

Posted on July 14, 2022 by Robin Edgar

[…] CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server’s Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren’t relying on your xorg-server running as root. Fixes for these XKB vulnerabilities have been patched in X.Org Server Git Read more about X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities[…]

Google files a lawsuit that could kick Tinder out of the Play Store because Match refuses to pay illegally forced fees

Posted on July 14, 2022 by Robin Edgar

Google has counter-sued Match seeking monetary damages and a judgement that would let it kick Tinder and the group’s other dating apps out of the Play Store, Bloomberg has reported. Earlier this year, Match sued Google alleging antitrust violations over a decision requiring all Android developers to process “digital goods and services” payments through the Read more about Google files a lawsuit that could kick Tinder out of the Play Store because Match refuses to pay illegally forced fees[…]

BMW Heated Seats Subscription Is Real And It Costs $18 Per Month. Also heated steering wheel, paid separately. In a car you own and paid for the heated seats and wheel.

Posted on July 13, 2022 by Robin Edgar

[…] On its ConnectedDrive Store in South Korea, BMW owners can pay a monthly fee to have a creature comfort such as heated seats. It costs ₩24,000 or approximately $18 at current exchange rates. Alternatively, you can get a one-year plan for $176 or a three-year subscription for $283. The BMW ConnectedDrive Store is a Read more about BMW Heated Seats Subscription Is Real And It Costs $18 Per Month. Also heated steering wheel, paid separately. In a car you own and paid for the heated seats and wheel.[…]

European Union passes landmark laws to rein in big tech, but worres about enforcement

Posted on July 6, 2022 by Robin Edgar

[…] the European Union has passed a pair of landmark bills designed to rein in Big Tech’s power. The Digital Markets Act and Digital Services Act are intended to promote fairer competition, improve privacy protection, as well as banning both the use of some of the more egregious forms of targeted advertising and misleading practices. Read more about European Union passes landmark laws to rein in big tech, but worres about enforcement[…]

FreeYourMusic Transfers Your Music Library and Playlists Among Any Streaming Services

Posted on July 2, 2022 by Robin Edgar

[…] FreeYourMusic is a paid app available for Android, iOS, Windows, Mac, and Linux that will transfer your data between Apple Music, Spotify, YouTube Music, Deezer, Pandora, Tidal, Soundcloud, and at least a dozen other streaming apps. It also lets you back up and store some of your data locally on your device. Image: FreeYourMusic Read more about FreeYourMusic Transfers Your Music Library and Playlists Among Any Streaming Services[…]

Google to pay $90m to settle Play Store lawsuit

Posted on July 1, 2022 by Robin Edgar

Google is to pay $90 million to settle a class-action lawsuit with US developers over alleged anti-competitive behavior regarding the Google Play Store. Eligible for a share in the $90 million fund are US developers who earned two million dollars or less in annual revenue through Google Play between 2016 and 2021. “A vast majority Read more about Google to pay $90m to settle Play Store lawsuit[…]

New EU rules would require chat apps to scan private messages for child abuse

Posted on May 16, 2022 by Robin Edgar

The European Commission has proposed controversial new regulation that would require chat apps like WhatsApp and Facebook Messenger to selectively scan users’ private messages for child sexual abuse material (CSAM) and “grooming” behavior. The proposal is similar to plans mooted by Apple last year but, say critics, much more invasive. After a draft of the Read more about New EU rules would require chat apps to scan private messages for child abuse[…]

Hackers are reportedly using emergency data requests to extort women and minors

Posted on April 27, 2022 by Robin Edgar

In response to fraudulent legal requests, companies like Apple, Google, Meta and Twitter have been tricked into sharing sensitive personal information about some of their customers. We knew that was happening as recently as last month when Bloomberg published a report on hackers using fake emergency data requests to carry out financial fraud. But according Read more about Hackers are reportedly using emergency data requests to extort women and minors[…]

Brave’s De-AMP feature bypasses harmful Google AMP pages

Posted on April 22, 2022 by Robin Edgar

Brave announced a new feature for its browser on Tuesday: De-AMP, which automatically jumps past any page rendered with Google’s Accelerated Mobile Pages framework and instead takes users straight to the original website. “Where possible, De-AMP will rewrite links and URLs to prevent users from visiting AMP pages altogether,” Brave said in a blog post. Read more about Brave’s De-AMP feature bypasses harmful Google AMP pages[…]

Fraudsters use ‘fake emergency data requests’ to steal info

Posted on April 3, 2022 by Robin Edgar

Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook’s parent company Meta, were victims of this fraud. Both Apple and Meta handed over users’ addresses, phone numbers, and IP addresses in mid-2021 after being duped by Read more about Fraudsters use ‘fake emergency data requests’ to steal info[…]

Browser In The Browser (BITB) Attack

Posted on March 22, 2022 by Robin Edgar

This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain. Introduction For security professionals, the URL is usually the most trusted aspect of a domain. Yes there’s attacks like IDN Homograph and DNS Hijacking that may degrade the reliability of URLs but not to an extent Read more about Browser In The Browser (BITB) Attack[…]

Yet Another Israeli Malware Manufacturer Found Selling To Human Rights Abusers, Targeting iPhones

Posted on February 11, 2022 by Robin Edgar

[…] Candiru — another Israeli firm with a long list of questionable customers, including Uzbekistan, Saudi Arabia, United Arab Emirates, and Singapore. Now there’s another name to add to the list of NSO-alikes. And (perhaps not oddly enough) this company also calls Israel home. Reuters was the first to report on this NSO’s competitor’s ability Read more about Yet Another Israeli Malware Manufacturer Found Selling To Human Rights Abusers, Targeting iPhones[…]

Automakers Can’t Give Up The Idea Of Turning Everyday Features Into Subscription Services With Fees

Posted on February 9, 2022 by Robin Edgar

At the same time car companies are fighting the right to repair movement (and the state and federal legislation popping up everywhere), they’re continuing the quest to turn everyday features — like heated seats — into something users have to pay a recurring fee for. In 2019, BMW had to abandon a plan to charge Read more about Automakers Can’t Give Up The Idea Of Turning Everyday Features Into Subscription Services With Fees[…]

The Alternative to Web Scraping. The “lazy” programmer’s guide to… | by Doug Guthrie

Posted on February 7, 2022 by Robin Edgar

One of the better sites for financial data is Yahoo Finance. This makes it a prime target for web scraping by finance enthusiasts. There are nearly daily questions on StackOverflow that reference some sort of data retrieval (oftentimes through web scraping) from Yahoo Finance. Web Scraping Problem #1 trying to test a code that scrap Read more about The Alternative to Web Scraping. The “lazy” programmer’s guide to… | by Doug Guthrie[…]

LG Announces New Ad Targeting Features for TVs – wait, wtf, I bought my TV, not a service!

Posted on January 31, 2022 by Robin Edgar

[… ] there are plenty of cases where you throw down hundreds of dollars for a piece of hardware and then you end up being the product anyway. Case in point: TVs. On Wednesday, the television giant LG announced a new offering to advertisers that promises to be able to reach the company’s millions of Read more about LG Announces New Ad Targeting Features for TVs – wait, wtf, I bought my TV, not a service![…]

Finnish diplomats were targeted by NSO Pegasus spyware

Posted on January 31, 2022 by Robin Edgar

Finland’s government says the mobile devices of its diplomats have been hacked using Pegasus spyware. The Finnish foreign ministry stated on Friday that some of its officials abroad had been targeted by the sophisticated software. “The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the Read more about Finnish diplomats were targeted by NSO Pegasus spyware[…]

How to Download Everything Amazon Knows About You (It’s a Lot)

Posted on January 25, 2022 by Robin Edgar

[…]To be clear, data collection is far from an Amazon-specific problem; it’s pretty much par for the course when it comes to tech companies. Even Apple, a company vocal about user privacy, has faced criticism in the past for recording Siri interactions and sharing them with third-party contractors. The issue with Amazon, however, is the Read more about How to Download Everything Amazon Knows About You (It’s a Lot)[…]

Security Holes Found in My2022 App for Beijing Winter Olympics

Posted on January 20, 2022 by Robin Edgar

An app that visitors to the 2022 Olympics Games in Beijing are obligated to download is also a cybersecurity nightmare that threatens to expose much of the data that it collects, according to a new report. MY2022, the mandatory app for visitors at this year’s Winter Games, offers a variety of services—including tourism recommendations, Covid-related Read more about Security Holes Found in My2022 App for Beijing Winter Olympics[…]

Russia Arrests Members of Notorious Ransomware Gang REvil

Posted on January 16, 2022 by Robin Edgar

[…] The Federal Security Service (FSB), Russia’s domestic intelligence agency, said in a press release Friday that it had recently conducted raids at 25 residences across Moscow, Leningrad, Lipetsk, and St. Petersburg, where 14 members of the cybercriminal gang were arrested. During the raids, authorities seized more than 426 million rubles, $600,000, and €500,000, along Read more about Russia Arrests Members of Notorious Ransomware Gang REvil[…]

John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly

Posted on January 16, 2022 by Robin Edgar

A class action lawsuit filed in Chicago has accused John Deere of running an illegal repair monopoly. The lawsuit alleged that John Deere has used software locks and restricted access to repair documentation and tools, making it very difficult for farmers to fix their own agricultural equipment, a problem that Motherboard has documented for years Read more about John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly[…]

White House invites tech firms to discuss open-source software security in January

Posted on January 11, 2022 by Robin Edgar

White House National Security Advisor Jake Sullivan has invited major tech firms to discuss ways that the cybersecurity of open-source software can be improved, Bloomberg reported on Thursday. According to Bloomberg, the tech firms include “major software companies and developers.” Cloud providers are also reportedly among the invited companies. Anne Neuberger, deputy national security advisor for Read more about White House invites tech firms to discuss open-source software security in January[…]

Google and Facebook Fined Big in Russia for Failing to Remove Banned Content – imprisonment threats follow forcing local data storage

Posted on January 11, 2022 by Robin Edgar

A Russian court fined Alphabet Inc.’s Google 7.2 billion rubles ($98 million) and Meta Platforms Inc. 2 billion rubles Friday for failing to remove banned content, the largest such penalties yet, as the authorities escalate a crackdown on foreign technology companies. The fines were due to the companies’ repeated failure to comply with orders to Read more about Google and Facebook Fined Big in Russia for Failing to Remove Banned Content – imprisonment threats follow forcing local data storage[…]