{"id":15780,"date":"2019-07-13T10:45:05","date_gmt":"2019-07-13T18:45:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/07\/13\/news-9527\/"},"modified":"2019-07-13T10:45:05","modified_gmt":"2019-07-13T18:45:05","slug":"news-9527","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/07\/13\/news-9527\/","title":{"rendered":"Palantir Manual Shows How Law Enforcement Tracks Families"},"content":{"rendered":"

<\/p>\n

Credit to Author: Emily Dreyfuss| Date: Sat, 13 Jul 2019 13:00:00 +0000<\/strong><\/p>\n

On Zoom conference <\/span>calls across the US this week, brows furrowed as the news broke<\/a> that the video conference company had a flaw in its backend that could give hackers access to people\u2019s webcams. Worse, Zoom seemed at first unwilling to fix the problem. Thankfully, hours after the initial reports, Zoom backtracked and issued a new fix<\/a> to solve underlying vulnerability. You can go back to Zooming your brilliant brainstorms in peace, everyone.<\/p>\n

According to a new report this week<\/a>, a Magecart hacking group has been breaking into misconfigured Amazon Web Services buckets, scanning the contents of 17,000 domains, and stealing any goodies\u2014like credit card numbers used on some ecommerce sites.<\/p>\n

In other Amazon news, are you ready for Amazon Prime Day<\/a> on Monday? Phishing scammers sure are. In fact, in the last few weeks scammers have pushed a whole phishing toolkit<\/a> targeting Amazon customers. Beware.<\/p>\n

Also this week, we explained how to keep your kids\u2019 data safe online<\/a>, and took a closer look at the scourge of credential dumping<\/a>. We also reported<\/a> that the window the rein in the risks of facial recognition is closing, so something needs to be done fast. Oh, and we brought you the story of teens taking to TikTok<\/a> to make fun of the surveillance app ruining their summers.<\/p>\n

But that\u2019s not all. Every Saturday we round up the security and privacy stories we didn\u2019t break or report on in depth, which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.<\/p>\n

Few Silicon Valley companies are more secretive than surveillance software provider Palantir, co-founded by Peter Thiel. Exactly what the company does, how it makes so much much money, and what it\u2019s working on next is often shrouded in mystery. What is known is that Palantir\u2019s surveillance software has become a backbone of US law enforcement, particularly Immigration and Customs Enforcement<\/a>, which since 2014 has reportedly had contracts ranging from $41 to $51 million dollar per year with Palantir for access to the company\u2019s tracking database and management software. Now, through a Freedom of Information Act request, VICE has gotten its hands on one of Palantir\u2019s secret user manuals for law enforcement. The manual shows that with just the name of a person, law enforcement can use Palantir\u2019s software to map that target's family relationships, get their Social Security number, address, phone number, height, weight, and eye color. Add a license plate number, and Palantir\u2019s system can often allow law enforcement to track where people have been during any period of time. Though much of this kind of information is available to law enforcement via separate means, Vice reports that Palantir\u2019s system \u201caggregates and synthesizes\u201d it in such a way as to give \u201claw enforcement nearly omniscient knowledge over any suspect they decide to surveil.\u201d As ICE prepares massive raids of immigrant families this weekend, the revealed Palantir system sheds light on how the government tracks and plans finds people to arrest and deport.<\/p>\n

No one has ever actively wanted a hair straightening iron that connects to the Internet of Things, but that didn\u2019t stop UK-based company Glamoriser from making one. If you happened to buy the Blue Smart hair straightener from Glamorizer\u2014perhaps not even realizing it had Bluetooth capability, because why would it?\u2014then TechCrunch is sorry to report but hackers could totally seize your device, and well, change the temperature of the hot iron remotely, if they wanted to. Would they want to? Probably not. But then again, why would you ever want to control the temperature of the straightener from your phone, rather than the device itself? Who knows! It\u2019s a mystery!<\/p>\n

Apple announced this week that it was disabling the push-to-talk Apple Watch Walkie Talkie app, after the company learned it let people eavesdrop on other people\u2019s phones without permission. The tip came in through Apple\u2019s bug-reporting portal, and Apple says it has no evidence that anyone actually took advantage of the vulnerability. Apple apologized for the bug and promised to \u201cquickly fix the issue,\u201d according to a statement reported by TechCrunch.<\/p>\n

The Washington Post<\/em> reports that Washington, DC's local government paid $1.7 million to secure Donald Trump\u2019s 4th of July military parade and fireworks display. That amount, DC Mayor Muriel E. Bowser said, has left the district\u2019s special security fund empty. That account is intended to fund security measures for events, rallies, and to protect against terrorism. In 2017, Trump\u2019s inauguration reportedly cost the district $7.3 million in security expenses, which were also drawn from that same fund and never reimbursed. The mayor is requesting the White House refill the district\u2019s security coffers, arguing that it\u2019s unprecedented and unfair for the district to pay for federal security with local tax money meant to protect residents of the District of Columbia.<\/p>\n

Hacker and security researcher Samy Kamkar takes a look at a variety of hacking scenes from popular media and examines their authenticity.<\/p>\n

https:\/\/www.wired.com\/category\/security\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Emily Dreyfuss| Date: Sat, 13 Jul 2019 13:00:00 +0000<\/strong><\/p>\n

An Apple Watch bug, a hackable hair straightener, and more security news this week. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10607],"tags":[714,21358],"class_list":["post-15780","post","type-post","status-publish","format-standard","hentry","category-security","category-wired","tag-security","tag-security-cyberattacks-and-hacks"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15780"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15780\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15780"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}