Zuckerberg’s meeting with the EU was originally set to be closed-door, but that looks set to change.
Last week, a mobile tracking company in the US was found to have exposed data of the whereabouts of millions of residents’ mobile phones due to a glitch in a website API. LocationSmart, an aggregator of location data, allowed anyone to hypothetically track a phone number, bypassing a step requiring consent via text message.
While new technology is often lauded as the next phase in law enforcement, findings from a Big Brother Watch report say a facial-recognition tool tested by several UK police forces was found to be mostly unreliable. In 2017, London Met Police tested the system at Notting Hill Carnival and it was found to have been inaccurate 98pc of the time.
Google has been making efforts to phase out the HTTP standard for a long time now and it recently made some big changes to how websites are designated as secure or otherwise. The big push is all part of the effort to move towards HTTPS, which is a much safer protocol to use.
There’s no shortage of enterprise news this week, so catch up on all the latest here.
Mark Zuckerberg questioning to be live-streamed
The Cambridge Analytica fallout continues, as Mark Zuckerberg prepares for tough questions from EU MEPs tomorrow (22 May). The meeting was originally set to be private, but criticism of that move means it will now be available to stream live from 6.15pm Brussels time, according to Politico.
The hearing is expected to focus on the recent Facebook scandal, which saw close to 3m Europeans have their data potentially misused by a third-party app. Considering GDPR is due to come into force this week, it will be tough going for the CEO.
New Mexico man jailed for 15 years after revenge DDoS attacks
New Mexico resident John Kelsey Gammell has been handed a 15-year prison sentence after launching DDoS attacks against business competitors and former workplaces, as well as public services.
Gammell is said to have launched DDoS attacks from his own computer and via DDoS-as-service sites on approximately three dozen websites. He also used cryptocurrency to pay for services as well as creating fake email accounts and using tools to mask his IP address.
Experts warn of a new Mirai mutation
According to researchers at Fortinet, they have found a new Mirai variant which uses three exploits to target unpatched IoT endpoints, as opposed to the traditional Mirai brute force attack. Coined ‘Wicked’, it relies on known exploits which are deployed based on the port the bot is connected to.
For example, if connected to Port 8080, the malware will use a remote code execution exploited which works on some router brands – the same used by the Reaper botnet. The two other exploits are a command injection vulnerability and a malicious web shell attack.
App to monitor teen safety left thousands of user passwords exposed
At least one server used by the mobile app TeenSafe has leaked tens of thousands of accounts of both parents and teenagers. According to ZDNet, the app left its servers hosted on AWS unprotected and accessible to anyone, without the need for a password. UK researcher Robert Wiggins found the leaky servers.
A spokesperson for TeenSafe said the company had closed one of its servers to the public and has begun alerting users. Plaintext passwords for teenagers’ Apple IDs were exposed, among other data types. While many people would view apps such as this as invasive of privacy, parents using TeenSafe do not need to obtain consent from their child to use the service.