SSI RH Apple – exposed emails of Instagram users

par

« Apple cuts ties with social media utility app that exposed emails of Instagram users shortlisted for Shot on iPhone contest

Benjamin Mayo
5-7 minutes

Yesterday, 9to5Mac was alerted to a flaw in a third-party utility app for Instagram, called Exposure. The app helps brands connect with Instagram posters, automating the collection of agreements to use imagery for commercial purposes.

It just so happens that Apple was using this tool for its Shot on iPhone campaign. 9to5Mac contacted Apple to report the security issue. Following an investigation, a few hours later, Apple cut ties with the Exposure service. (Update: Statement from the parent company of Exposure below) »

https://9to5mac.com/2019/02/14/apple-shot-on-iphone-instagram-flaw-user-emails-exposed/

SSI GOV – Russia considers ‘unplugging’ from internet

par

BBC Cybernews

https://www.bbc.com/news/technology-47198426

« Russia is considering whether to disconnect from the global internet briefly, as part of a test of its cyber-defences.

The test will mean data passing between Russian citizens and organisations stays inside the nation rather than being routed internationally.

A draft law mandating technical changes needed to operate independently was introduced to its parliament last year.

The test is expected to happen before 1 April but no exact date has been set.

Major disruption

The draft law, called the Digital Economy National Program, requires Russia’s ISPs to ensure that it can operate in the event of foreign powers acting to isolate the country online.

Nato and its allies have threatened to sanction Russia over the cyber-attacks and other online interference which it is regularly accused of instigating.

The measures outlined in the law include Russia building its own version of the net’s address system, known as DNS, so it can operate if links to these internationally-located servers are cut.

Currently, 12 organisations oversee the root servers for DNS and none of them are in Russia. However many copies of the net’s core address book do already exist inside Russia suggesting its net systems could keep working even if punitive action was taken to cut it off.

The test is also expected to involve ISPs demonstrating that they can direct data to government-controlled routing points. These will filter traffic so that data sent between Russians reaches its destination, but any destined for foreign computers is discarded. » …

« Eventually the Russian government wants all domestic traffic to pass through these routing points. This is believed to be part of an effort to set up a mass censorship system akin to that seen in China, which tries to scrub out prohibited traffic. » …

« They believe the test will cause « major disruption » to Russian internet traffic, reports tech news website ZDNet. » …

« The Russian government is providing cash for ISPs to modify their infrastructure so the redirection effort can be properly tested. »

European Commission – RGPD : Children’s smartwatch recalled over data fears

par

BBC Cybernews

« The European Commission has ordered the recall of a children’s smartwatch because it leaves them open to being contacted and located by attackers. »

« Data sent to and from the watch was unencrypted allowing data to be easily taken and changed, … »

« A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS, » wrote the Commission in its alert notice. »

http://www.bbc.co.uk/news/technology-47130269