Free for a Fee

Ars Technica

November 12, 2015

Dan Goodin

Highlighting crucial weaknesses in Apple’s and Google’s processes for admitting new titles into their competing app stores, both companies have ejected a third-party Instagram app after discovering it probably pilfered user passwords and pictures.

InstaAgent, as the app was called, marketed itself as a program that tracked people who visited a user’s Instagram account. It had between 100,000 and 500,000 downloads from Google’s Play Store and was in the top charts of the iOS App Store. But behind the scenes, an app developer said earlier this week, the app sent users’ Instagram login credentials to a server controlled by the InstaAgent developer. Google was the first to pull the app. Apple later followed.

more.

The content in this post was found at http://arstechnica.com/security/2015/11/password-pilfering-app-exposes-weakness-in-ios-and-android-vetting-process/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.

 

Dan Goodin

more.

The content in this post was found at http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.

Technology and Marketing Law Blog

October 30, 2015

This is a lawsuit against Facebook alleging that it tracked people visiting websites throughout the web even if they were not logged on to Facebook. As the court describes the allegations, Facebook uses a persistent cookie that tracks a person’s interactions with any page containing a “like” button (regardless of whether or not the person interacts with the like button). Plaintiffs allege common law claims as well as state and federal statutory claims.

more.

The content in this post was found at http://blog.ericgoldman.org/archives/2015/10/facebook-beats-privacy-lawsuit-alleging-persistent-tracking.htm and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.

Ars Technica

Dan Goodin

The attacks target the LTE specification, which is expected to have a user base of about 1.37 billion people by the end of the year. They require about $1,400 worth of hardware that run freely available open-source software. The equipment can cause all LTE-compliant phones to leak their location to within a 32- to 64-foot (about 10 to 20 meter) radius and in some cases their GPS coordinates, although such attacks may be detected by savvy phone users. A separate method that’s almost impossible to detect teases out locations to within an area of roughly one square mile in an urban setting.

more.

The content in this post was found at http://arstechnica.com/security/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.