The people who read our site are a pretty savvy lot. You know not to accept checks from distant princes. You can spot a phisher from a mile away. But here’s one that might be new for you: scammers are apparently trying to exploit your “missed call” screen, now. The scam, simplified: They call you, but immediately hang up. You see a missed call. You call back. They charge you for the call, and for each minute they can keep you on the line. According to the BBB, this so-called “One Ring” scam is on the rise. Like many a ruse, this one relies on hitting many, many potential targets at once. The scammer sets up a computer to call thousands of numbers per hour – because for every 99 people who follow their gut and don’t call weird numbers, there’s 1 person who will. Maybe they’re waiting for response on a job interview, and don’t know what number it’ll come from.
Read the full story at TechCrunch.
Google has quietly patched a Glass security exploit that could have allowed hackers to take control of the wearable by showing it a QR code, the researcher who identified the flaw tells SlashGear. The exploit, discovered by Marc Rogers, Principal Security Researcher at Lookout Mobile Security, took advantage of Glass’ streamlined setup process that saw the camera automatically – and transparently to the wearer – spot QR codes in images and use them to trigger WiFi connections and other configurations. By creating malicious codes, and hiding them in images, Rogers was able to get Glass to connect to a compromised network, show details of all network traffic from the wearable, and even take full remote control. The exploit – which we referred to in our June interview with Rogers, though without specific details as Google and Lookout were still addressing the fix at the time – has been fixed as of Glass firmware XE6, released on June 4.
Read the full story at Slashgear.
If you’re using Google’s “back up my data” feature for Android, the passwords to the Wi-Fi networks you access from your smartphone or tablet are available in plaintext to anyone with access to the data. And as a bug report submitted by an employee of the Electronic Frontier Foundation (EFF) on July 12 suggests, that leaves them wide open to harvesting by agencies like the NSA or the FBI. “The ‘Back up my data’ option in Android is very convenient,” wrote Micah Lee, staff technologist at the EFF. “However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.” The Backup Manager app stores Android device settings in Google’s cloud, associated with the user account paired with the device; the Backup Manager interface is part of the core Android application API as well, so it can be used by other Android apps.
Read the full story at Ars Technica.
Google has begun experimenting with encrypting Google Drive files, a privacy-protective move that could curb attempts by the U.S. and other governments to gain access to users’ stored files. Two sources told CNET that the Mountain View, Calif.-based company is actively testing encryption to armor files on its cloud-based file storage and synchronization service. One source who is familiar with the project said a small percentage of Google Drive files is currently encrypted. The move could differentiate Google from other Silicon Valley companies that have been the subject of ongoing scrutiny after classified National Security Agency slides revealed the existence of government computer software named PRISM. The utility collates data that the companies are required to provide under the Foreign Intelligence Surveillance Act – unless, crucially, it’s encrypted and the government doesn’t possess the key.
Read the full story at CNET.
Apple’s developer website has been down for days, and the company has just confirmed in an email that “an intruder” attempted to access personal information from its registered developers. In the email sent to its developers, Apple writes that “sensitive personal information was encrypted and cannot be accessed.” But despite the claim that no sensitive information was stolen, Apple warns that some developers may have had their names, mailing addresses, and email addresses accessed in the breach. During the downtime, Apple indicated that the site was undergoing maintenance, but did not address malicious activity – leading some developers to question if the site had been hacked. As Neowin reported on Saturday, some developers indicated on Twitter that they had received password reset emails from Apple, fueling speculation that the site had been compromised.
Read the full story at The Verge.
The New York Times reported that its reporters and editors have been the target of a semi-successful, four-month-long cyber attack and the paper suspects Chinese hackers are to blame. In a report published Wednesday, the news outlet said hackers managed to steal passwords and gain access to the personal computers of 53 employees, including those belonging to its Shanghai bureau chief, before a private cyber security firm helped oust the infiltrators. The Times said the hacking campaign coincided with the paper’s investigation into the relatives of Chinese Prime Minister Wen Jiabao, who have accumulated multi-billion-dollar fortunes through business deals. However, Jill Abramson, executive editor of the Times, said that no sensitive emails or documents related to that reporting effort “were accessed, downloaded or copied.”
Read the full story at ABC News.
There’s no denying that Facebook’s voting system for privacy policies is flawed — when halting any measure requires enough votes to populate a large country, the attempt at democracy is more of a token gesture. As proposed, the company has launched an Ask Our Chief Privacy Officer page that’s a tad more engaging. Fill out a short form and CPO Erin Egan just might offer a direct answer as to why Facebook chose a given privacy path, and possibly tackle any outstanding concerns head-on. Those curious users whose questions are picked will have to wait for a monthly public response to get their answers, so don’t consider the page a personal hotline. It might, however, help make better sense of a company whose attitude towards our information is in constant flux.
Read the full story at Engadget.