Facebook Can Track Your Browsing Even After You’ve Logged Out, Judge Says

A U.S. judge has dismissed nationwide litigation accusing Facebook of tracking users’ internet activity even after they logged out of the social media website. From a report: The plaintiffs alleged that Facebook used the “like” buttons found on other w…

Yet more reasons to disagree with experts on nPetya

Survivorship-bias.png?resize=320%2C238&s

In WW II, they looked at planes returning from bombing missions that were shot full of holes. Their natural conclusion was to add more armor to the sections that were damaged, to protect them in the future. But wait, said the statisticians. The original damage is likely spread evenly across the plane. Damage on returning planes indicates where they could damage and still return. The undamaged areas are where they were hit and couldn’t return. Thus, it’s the undamaged areas you need to protect.

This is called survivorship bias.
Many experts are making the same mistake with regards to the nPetya ransomware. 
I hate to point this out, because they are all experts I admire and respect, especially @MalwareJake, but it’s still an error. An example is this tweet:
Errors happen. But look at the discipline put into the spreading code. That worked as intended. Only the ransomware components have bugs?

— Jake Williams (@MalwareJake) July 1, 2017

The context of this tweet is the discussion of why nPetya was well written with regards to spreading, but full of bugs with regards to collecting on the ransom. The conclusion therefore that it wasn’t intended to be ransomware, but was intended to simply be a “wiper”, to cause destruction.
But this is just survivorship bias. If nPetya had been written the other way, with excellent ransomware features and poor spreading, we would not now be talking about it. Even that initial seeding with the trojaned MeDoc update wouldn’t have spread it far enough.
In other words, all malware samples we get are good at spreading, either on their own, or because the creator did a good job seeding them. It’s because we never see the ones that didn’t spread.
With regards to nPetya, a lot of experts are making this claim. Since it spread so well, but had hopelessly crippled ransomware features, that must have been the intent all along. Yet, as we see from survivorship bias, none of us would’ve seen nPetya had it not been for the spreading feature.

 

Advertise on IT Security News.

Read the complete article: Yet more reasons to disagree with experts on nPetya

Google Photos 3.0 Released, Bringing Smarter Sharing, Suggestions and Shared Libraries

Google is rolling out Google Photos 3.0, which features an AI-powered Suggested Sharing feature along with Shared Libraries, “both of which are designed to make the Google Photos app a more social experience, rather than just a personal collection of p…

Hackers post public service message on Liverpool One’s screen

On May 29, hackers had taken control over a large digital billboard outside a Liverpool city centre leisure complex and posted a message for shoppers in the area.
The hackers opted quite an attractive way to demonstrate an unsecured network and urged to improve security.
“We suggest you improve your security. Sincerely, your friendly neighbourhood hackers,” a message on the screen read, according to a photo first uploaded to Reddit. A similar picture was posted on Twitter by a visitor to the shopping centre.
_96268508_reddit1.jpg?resize=400%2C223&s
Source: BBC

The message was tagged “#JFT96” – an abbreviation of “Justice for the 96”, which is a reference to the 96 football fans who died in the 1989 Hillsborough disaster.
Liverpool One said that it closed down the screen as soon as it was notified about the incident but before being closed down the venue’s screen rose to prominence on social media.
The photo could not be confirmed by an official.
“Our screens are operated by an external company which is currently investigating the matter,” said a spokeswoman of Liverpool One.
A reverse image search on both Google and TinEye returned no relevant results, suggesting that the photo is new. The website of Elonex, the manufacturer of the billboard, does list Liverpool One as a customer.
“We can confirm an incident occurred over the weekend on one of the 18 screens we operate at Liverpool One,” a spokesman for Elonex said.
No other screen in the shopping centre was affected.
A spokesperson for the Merseyside Police said they had not been informed of the alleged incident.

 

Advertise on IT Security News.

Read the complete article: Hackers post public service message on Liverpool One’s screen

Social media vetting for US visas go live

Selected travelers will have to provide usernames, detailed travel histories and more

Through the end of November, individuals seeking a visa to travel to the US may be asked to provide usernames for social media accounts going back five years, subject to the discretion of consular officials.…

 

Advertise on IT Security News.

Read the complete article: Social media vetting for US visas go live