back to article Tracking President Trump with cellphone location data, Greta-Thunberg-themed malware, SharePoint patch, and more

Here's a catch-up of security news beyond everything else we've covered. Nearly 300 million Facebook profiles scraped, dumped online Once again a huge number of Facebook users have had their details lifted from their profiles, a fact that came to light when security researchers were scanning for open databases online. …

  1. hj

    "The case highlights the egregious way in which telcos in the US are profiting from selling off location data to almost anyone with the money. "

    Did you actually read the (very interesting) article? Cause it was talking about companies like foursquare, since the telcos are bound to rules after some fiasco..

    Quote: "The data reviewed by Times Opinion didn’t come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies "

  2. Snapper

    Mac's don't get malware?

    Don't think I've heard that one before, it's usually 'Mac's don't get viruses'.

    Still, any reason to knock Apple eh!

    1. macjules Silver badge
      Holmes

      Re: Mac's don't get malware?

      Silly. Macs don't get malware at all. OS X Catalina is the malware.

    2. Anonymous Coward
      Anonymous Coward

      Re: Mac's don't get malware?

      Why send a Mac user Malware?

      All money and economic benefit has already been drained out of them by Apple.

      1. LDS Silver badge

        Re: Mac's don't get malware?

        Why I understand the joke, they are probably targeting a demographic which is a more remunerative target, there's a good chance they are in the upper percentiles of wealth, and they still have $$$$$$ to steal/scam even after they got their expensive toys. Or you can get access to systems of people in higher positions within a company, from where more remunerative attacks can be launched, or more useful information gathered

        Targeting Linux won't give you the same chances of getting into something valuable.

        1. creader

          Re: Mac's don't get malware?

          >... they are probably targeting a demographic which is a more remunerative target, there's a good chance they are in the upper percentiles of wealth

          Or, targeting a demographic which is a more remunerative target, there's a good chance they are in the lower percentiles of savvyness

          >access to systems of people in higher positions within a company,

          There are a few people of that sort, but most who use computers use ones designed for function over form.

          And the few Apple users are more likely to be easily scammed by those focussed

          >remunerative attacks can be launched, or more useful information gathered

          >Targeting Linux won't give you the same chances of getting into something valuable.

          Because that target tends to be smarter than the average bear.

    3. Mongrel

      Re: Mac's don't get malware?

      "Don't think I've heard that one before, it's usually 'Mac's don't get viruses'.

      Really? I've seen the 'Get a Mac' advice frequently when normal users moan about all this malware they seem to be infected with, many of them don't care to learn the difference between malware & virus.

      They just want a machine they can carry on using as they are now without fear of getting infected by <whatever>

    4. Alister Silver badge

      Re: Mac's don't get malware?

      Don't think I've heard that one before, it's usually 'Mac's don't get viruses'.

      A virus is malware, you twit.

      Malware is a catch all term for any malicious or harmful software. A virus is a specific form of malware.

      1. Jedit Silver badge
        IT Angle

        "A virus is malware, you twit."

        I remember when Apple were doing their big campaign based on Macs not getting viruses. Some virus author wrote that this was because it wasn't worth writing viruses for Macs, as the market share was so small they couldn't propagate properly. If Macs do now have viruses, it appears this was true and they've been nobbled by their own success.

  3. Blockchain commentard Silver badge

    Disagree that phishing emails to .edu email addresses means they know their targets. The majority of kids are unlikely to have bank accounts and the teachers have nothing in theirs!!

    1. RichardEM

      You forget their Parents!

    2. 1752

      Advanced Persistent Threat

      Perhaps it is a foot in the door. Will we get follow up of 'school encrypted ransom demanded' ?

  4. ThatOne Silver badge
    Facepalm

    Weasel words even weasels don't dare say

    How can anybody nowadays say "We take your ... very seriously" with a straight face, when almost everyone knows it means the exact opposite?

    "Your call is very important to us. (Please wait till the heat death of the universe.)"

    "Your security/privacy are very important to us. (But we aren't sorry for selling your data or losing your credit card details, sucker.)"

    "Customer satisfaction is our highest priority. (Here is the series of hoops to jump through. Some of them on fire!)"

    and so on.

    1. b0llchit
      Boffin

      Re: Weasel words even weasels don't dare say

      At least we now have firm confirmation that natural languages are about nothing in particular and most are about the opposite of the meaning of any words anyway.

      With that knowledge, we can now redefine the natural language as giving meaning again, just assume the opposite and all is well. That is, until we start using the inverse of the inverse again after some time. Then we can assume that the inverse of the inverse is defined as undefined. And the opposite of undefined is, of course, [file not found]. Therefore, the world is still in balance because nobody gives a shit anyway what they were saying in the first place and all can hide behind the-computer-did-it for any and all mistakes.

      That is a nice thought for the weekend...

      1. ThatOne Silver badge
        Devil

        Re: Weasel words even weasels don't dare say

        > natural languages

        I'm not sure you can use "natural" in this context...

        1. b0llchit
          Pint

          Re: Weasel words even weasels don't dare say

          >> natural languages

          > I'm not sure you can use "natural" in this context...

          Surely, lying through your teeth is a natural behaviour for the corporates. And lying about lying by lying is second nature.

          1. ThatOne Silver badge
            Thumb Up

            Re: Weasel words even weasels don't dare say

            > Surely, lying through your teeth is a natural behaviour for the corporates

            You've got a point there.

    2. sanmigueelbeer Silver badge

      Re: Weasel words even weasels don't dare say

      How can anybody nowadays say "We take your ... very seriously" with a straight face

      Everyone doesn't have a choice. The malware was (only) discovered in December 2019 but it was inserted in Wawa's system back in March 2019 (that's what they said).

      NINE MONTHS before it was discovered.

      Everyone has to say "we take <BLAH> seriously" otherwise the lawyers will come knockin'.

      1. ThatOne Silver badge

        Re: Weasel words even weasels don't dare say

        > The malware was (only) discovered

        True, but I wasn't speaking about them specifically. That "We take your ... very seriously" is a standard phrase we've heard dozens of times in the last years, every time a big SNAFU was unveiled. It's a generic soothing mantra, not a statement about a given situation. It's of the same condescending and noncommittal family as the "Don't worry your little heads about this...".

        .

        > Everyone has to say "we take <BLAH> seriously"

        While I admit the necessity of making a statement, I don't agree on the wording. I would simply say something along the lines of "Sorry, we messed up (or got caught with our pants down), we will try to make sure this won't happen again". Something a normal human would say. The standardized and clearly dishonest mantra about valuing the customer is really insulting.

        I don't know, maybe there are indeed people naive enough to actually feel flattered by those cookie-cutter lies, but I'm sure the vast majority just feels made fun of, because what counts is the everyday actions, not the once-in-a-while-when-hard-pressed declarations of eternal love and commitment.

    3. (m)any

      Re: Weasel words even weasels don't dare say

      We did get advance warning of Doublespeak.

  5. CaptSmeg

    Not just the US and definitely not just the Telcos

    You should assume that any mobile app that you allow to access your location will be selling your location stream on.

    There is already an active global market for this data and several companies offering analysis as a service on top of these streams. It is mostly aimed at ad slingers to price real world advertising space based on the type of audience that walks past etc. But this stuff is cheap and they are often happy to give out large free samples to get their clients hooked.

    As pointed out in the article, these streams are trivial to de-anonymise, especially in lower density areas. I would be surprised if scumbags are not already doing this to support phishing and blackmail etc.

    Think twice before tapping on “allow access to your location”...

    1. Charles 9 Silver badge

      Re: Not just the US and definitely not just the Telcos

      And if it's something that requires location information to even work as intended: like a navigation app?

      1. Claptrap314 Silver badge

        Re: Not just the US and definitely not just the Telcos

        Ding! Ding! Ding! Ding!

        Now you begin to understand why I have never owned a "smart" phone.

        1. Charles 9 Silver badge

          Re: Not just the US and definitely not just the Telcos

          I've learned firsthand how navigation apps are becoming a necessary evil. Ending up in the middle of nowhere in unfamiliar territory, no maps available and so on. Getting a bearing, then figuring out where someplace familiar is located, that alone is what I call useful.

  6. LDS Silver badge

    "Everyone is trackable, traceable, discoverable to some degree.”

    Sure. But maybe every one and his dog shouldn't be allowed to do it easily and legally?

    Every one can also be easily killed or robbed, that's why we have laws forbidding it.

    1. find users who cut cat tail
      Black Helicopters

      Re: "Everyone is trackable, traceable, discoverable to some degree.”

      I agree with the sentiment. On the other hand, getting robbed and killed is rarely a necessary part of something people want. Whereas tracking…

      Even discounting the idiots who cannot find a store across the street without GPS, lots of services can only really work by identifying you, getting your location and cross-referencing it with some big database (i.e. sending it somewhere ‘to the cloud’). Often even not keeping history of locations would break them, to varying degree.

      I do not use any such service (in fact do not even carry any phone most of the time), but many people do and do like them. Trying to forbid the tracking part of tracking may prove rather unpopular (read: impossible). You can forbid by law the data selling part – and it should be forbidden. But will it be enough?

      1. Aodhhan

        Re: "Everyone is trackable, traceable, discoverable to some degree.”

        The biggest problem isn't when an application honestly needs tracking to work... the problem is storing the data--especially for indefinite periods of time--and then selling this data to organizations who use it for nefarious purposes. This is what needs to be controlled.

        Yes, there are other things which track your location. Security cameras, security badges, Amazon Fire devices, some laptops/tablets, e-watches, credit card use, even your car keeps a record of your movements. Again, how is this information stored and who is the information sold to?

        You may be shocked to find out the biggest sellers of information isn't the telecos, it's credit companies. You apply for a loan, use a credit/debit card... almost all of the information is put into a database. What you bought, from where, etc.

        Someone can find out your purchasing habits, approximate income, political affiliation, brand loyalty--on and on.

    2. bombastic bob Silver badge
      Thumb Up

      Re: "Everyone is trackable, traceable, discoverable to some degree.”

      "that's why we have laws forbidding it."

      YES!

      1. Charles 9 Silver badge

        Re: "Everyone is trackable, traceable, discoverable to some degree.”

        Trouble is, how can you enforce it, especially when the data mongers are masters at degrees of separation and plausible deniability?

  7. AVee
    Facepalm

    New (York) Times

    The article is well worth the read. I was left with the warm fuzzy feeling there are still journalist that care about our privacy. All may not be lost yet...

    ...and then I opened the web debugger and saw all the network requests to all sorts of different domains. Turns out they are contributing to this whole endless tracking habit as much as everyone else. We've build an entire economy around this, it's not going away unless we loose our addiction to 'free' content.

    1. Alister Silver badge

      Re: New (York) Times

      unless we loose our addiction to 'free' content.

      We would be better losing our addiction to free content, as it has already been loosed.

    2. KBeee

      Re: New (York) Times

      I thought the NYT wasn't "free content"? I get regular emails from them offering a reduced price since I stopped reading it after the paywall went up.

  8. bombastic bob Silver badge
    Trollface

    "Greta" malware

    The Emotet malware is doing the rounds again, this time by exploiting the popularity of climate activist Greta Thunberg.

    I thought GRETA *WAS* MALWARE!! Except, in HER case, the "fleshy" kind.

    Given Thunberg's DOOMberg's popularity with youngsters who will have to deal with adverse climate change

    NO, they will *NOT*. So-called man-made "Climate Change" is *NOT* a foregone conclusion! OT to discuss why, So I'll erase what I wrote.

    Seriously, though, I "feel no pain" for anyone who downloads "the Greta malware". Serves y'all right, heh heh heh.

    The best 'Greta' comic/parody/snark I've seen so far shows Mother Nature giving Greta a spanking and saying things like "It's called WEATHER" and "CO2 is good for plants". Meanwhile, while getting spanked, Greta's screaming out "HOW DARE YOU". Perfect!

    (Greta is an example of what happens when children try to take on the adults, and too many people LET THEM or even ENABLE THEM. It's the job of the ADULTS to SPANK THEM when they try!!! 'Lord of the Flies' is a good example of that taken to its extreme. Children need PARENTS who say NO. And once a "child" goes in front of the UN, Congress, and the world, and ends up on magazine covers, for DOING that kind of CRAP, the gloves come OFF)

    1. Hollerithevo Silver badge

      Re: "Greta" malware

      Rather keen to spank a teenage girl, aintcha, Bob?

      Man-made climate change is a foregone conclusion when we look at the feeble efforts of those countries who say they are going to act,and the negative actions of countries who scoff at the reality.

    2. Ken Hagan Gold badge

      Re: "Greta" malware

      Interesting icon you've got there, Bob.

    3. gnasher729 Silver badge

      Re: "Greta" malware

      Since nobody in their right mind would call Trump and Johnson “adults”, can we spank them as well?

    4. A random security guy

      Re: "Greta" malware

      Was watching The Crown where the much respected Churchill denies the impact on London's air due to the burning of huge amounts of coal. He just calls it "Weather". Finally backs down when he realized someone close to him gets killed AND he could make political capital out of the situation.

      I bet the oil companies haven't figured out how to take advantage of the climate crises; the moment they do they will be screaming 'Global Warming cause neutrons to fall apart".

  9. This post has been deleted by its author

    1. Claptrap314 Silver badge

      Re: Card-sniffing malware infection?

      Macs have 8% of the PC market, and account for 16% of the malware reports.

      Which means that a Mac is more than twice as likely as a PC to have malware.

      Which is really, REALLY scary...

      1. Loud Speaker

        Re: Card-sniffing malware infection?

        The evidence is that a lot of PC users won't report malware so long as the machine can still boot.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020