Friday, 26 April 2019

Alexa! Why Are You Stalking Me? (Did Amazon Lie?)

Amazon’s Alleged Artifice


Amazon whistleblowers say thousands of Alexa team members supposedly can see your precise location. But just two weeks ago, didn’t the company pinky-swear they couldn’t?

Oh, and these teams include many employees and contractors in low-wage, overseas economies. Which might raise further questions of trust and safety.

Well, duh. In today’s SB Blogwatch, we pull the plug on the Echo and its ilk.


Read more: securityboulevard.com/2019/04/alexa-why-are-you-stalking-me-did-amazon-lie/

Thursday, 25 April 2019

EU merges giant biometrics database. What could possibly go wrong?

Brexit starts to sound sane?


The 28 countries of the European Union each has its own biometrics databases of citizen IDs, residents, immigration, etc. The Common Identity Repository (CIR) project wants to centralize all that, with one enormous JOIN command.

I know what you’re thinking: “What a great idea! When CIR is up and running, law enforcement will be able to do a much better job of keeping EU citizens safe from all those bad people. I mean, I’m not a bad person, so CIR is a great thing, right?”

But what of the unintended consequences? And what about false positives? And how do we know the data won’t be misused—or hacked? In this week’s Security Blogwatch, we go off grid.


Read more: techbeacon.com/security/eu-merges-giant-biometrics-database-what-could-possibly-go-wrong

Tuesday, 23 April 2019

Popular ‘WiFi Finder’ App Leaks 2 Million+ Passwords

PSK APK FAIL


A widely used Android app for finding free Wi-Fi passwords was horribly insecure. It’s been sitting on an unsecured database, open to the internet.

And the developer is nowhere to be found. Who knew that this modern version of warchalking could be so dangerous?

It gives a whole new meaning to Pre-Shared Key. In today’s SB Blogwatch, we put a tinfoil hat on your AP.


Read more: securityboulevard.com/2019/04/popular-wifi-finder-app-leaks-2-million-passwords