Vulnerability In Fully Patched Android Phones Under Active Attack By Bank Thieves
An anonymous reader quotes a report from Ars Technica:
A vulnerability in millions of fully patched Android phones is being actively exploited by malware that's designed to drain the bank accounts of infected users, researchers said on Monday. The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon reported in a post. Running under the guise of trusted apps already installed, the malicious apps can then request permissions to carry out sensitive tasks, such as recording audio or video, taking photos, reading text messages or phishing login credentials. Targets who click yes to the request are then compromised.
Researchers with Lookout, a mobile security provider and a Promon partner, reported last week that they found 36 apps exploiting the spoofing vulnerability. The malicious apps included variants of the BankBot banking trojan. BankBot has been active since 2017, and apps from the malware family have been caught repeatedly infiltrating the Google Play Market. The vulnerability is most serious in versions 6 through 10, which account for about 80% of Android phones worldwide. Attacks against those versions allow malicious apps to ask for permissions while posing as legitimate apps. There's no limit to the permissions these malicious apps can seek. Access to text messages, photos, the microphone, camera, and GPS are some of the permissions that are possible. A user's only defense is to click "no" to the requests. "The vulnerability is found in a function known as
TaskAffinity, a multitasking feature that allows apps to assume the identity of other apps or tasks running in the multitasking environment," reports Ars Technica. While Google has removed the [unnamed] malicious apps from its Play Store, according to Promon, the vulnerability is still unfixed in all versions of Android.
"Promon is calling the vulnerability 'StrandHogg,' an old Norse term for the Viking tactic of raiding coastal areas to plunder and hold people for ransom," the report adds. "Promon researchers said they identified StrandHogg after learning from an unnamed Eastern European security company for financial institutions that several banks in the Czech Republic reported money disappearing from customer accounts."
Coal Power Becoming 'Uninsurable' As Firms Refuse Cover
AmiMoJo quotes a report from The Guardian:
The number of insurers withdrawing cover for coal projects more than doubled this year and for the first time U.S. companies have taken action, leaving Lloyd's of London and Asian insurers as the "last resort" for fossil fuels, according to a new report. The report, which rates the world's 35 biggest insurers on their actions on fossil fuels, declares that coal -- the biggest single contributor to climate change -- "is on the way to becoming uninsurable" as most coal projects cannot be financed, built or operated without insurance.
Ten firms moved to restrict the insurance cover they offer to companies that build or operate coal power plants in 2019, taking the global total to 17, said the Unfriend Coal campaign, which includes 13 environmental groups such as Greenpeace, Client Earth and Urgewald, a German NGO. The report will be launched at an insurance and climate risk conference in London on Monday, as the UN climate summit gets underway in Madrid. The first insurers to exit coal policies were all European, but since March, two U.S. insurers -- Chubb and Axis Capital -- and the Australian firms QBE and Suncorp have pledged to stop or restrict insurance for coal projects. At least 35 insurers with combined assets of $8.9 trillion, equivalent to 37% of the insurance industry's global assets, have begun pulling out of coal investments. A year ago, 19 insurers holding more than $6 trillion in assets were divesting from fossil fuels.
Putin Signs Law Making Russian Apps Mandatory On Smartphones, Computers
Russian President Vladimir Putin on Monday signed legislation
requiring all smartphones, computers and smart TV sets sold in the country to come pre-installed with Russian software. Reuters reports:
The law, which will come into force on July 1 next year, has been met with resistance by some electronics retailers, who say the legislation was adopted without consulting them. The law has been presented as a way to help Russian IT firms compete with foreign companies and spare consumers from having to download software upon purchasing a new device. The country's mobile phone market is dominated by foreign companies including Apple, Samsung and Huawei. The legislation signed by Putin said the government would come up with a list of Russian applications that would need to be installed on the different devices.
Google, Facebook In EU Probe Over User Data
European officials have
launched a "preliminary" investigation into Facebook and Google in order to determine how people's information is used for ad purposes. The Mercury News reports:
The European Commission, which oversees antitrust issues for the European Unions, said it has opened a preliminary investigation into Facebook and Google in order to determine if the two companies are adhering to new regulations meant to give individuals more power over how their personal information is used by social networks and other tech companies. That law, called General Data Protection Law (GDPR), went into effect across the European Union in 2018. "The Commission has sent out questionnaires as part of our preliminary investigations into Google's and Facebook's data practices," said an EC spokesperson in a statement given to this news organization. "These investigations concern the way data is gathered processed used and monetized, including for advertising purposes. The preliminary investigations are ongoing." A Google spokesperson said in a statement, "We use data to make our services more useful and to show relevant advertising, and we give people the controls to manage, delete or transfer their data. We will continue to engage with the Commission and others on this important discussion for our industry."
Facebook didn't comment on the matter.
Prominent Tech Execs Sign Renewed Commitment To Paris Agreement
An anonymous reader quotes a report from TechCrunch:
The U.S. government may be in the process of formally withdrawing from the term of the Paris Agreement, an international accord on targets to fight climate change, but major U.S. employers say they'll stay the course in a new statement jointly signed by a group of around 80 chief executives and U.S. labor organization leaders. The statement, posted at UnitedForTheParisAgreement.com, represents a group that either directly employs more than 2 million people in the U.S., or represents a larger group of 12.5 million through labor organizations.
The group collectively says they are "still in" on the Agreement, which many of the undersigned also supported vocally back in 2017 when the Trump administration announced its intent to formally remove itself. They also "urge the United States" to reconsider its current course and also agree to remain committed to the agreement. The Agreement will not only help to potentially counter the ongoing impacts of global climate change, the group says in the letter, but also prepare the way for a "just transition" of the U.S. workforce to "new decent, family supporting jobs and economic opportunity," implying that bowing out of the Agreement will actually impede the U.S. workforce's ability to compete on a global scale. Some of the prominent tech executives that have signed the statement include Microsoft's Satya Nadella, Tesla's Elon Musk, Google's Sundar Pichai and Adobe's Shantanu Narayen. "Chief executives from other powerful U.S. companies across industries are also represented, including Coca-Cola's James Quincey, Patagonia's Rose Marcario, Unilever's Alan Jope and Walt Disney's Robert Iger," reports TechCrunch.
AWS Brings Quantum Computing To the Cloud
Amazon Web Services (AWS)
is helping to bring quantum computing to the cloud, with the company lifting the lid off three initiatives at AWS re:Invent in Las Vegas. ZDNet reports:
The first is Amazon Braket. Amazon Braket is a new, fully managed AWS service that the company has touted as enabling scientists, researchers, and developers to begin experimenting with computers from quantum hardware providers, such as D-Wave, IonQ, and Rigetti. AWS said the service lets customers explore, evaluate, and experiment with quantum computing hardware to gain in-house experience as they plan for the future. It's a single development environment to build quantum algorithms, test them on simulated quantum computers, and try them on a range of different quantum hardware architectures.
Furthering its quantum mission, the company's new AWS Center for Quantum Computing aims to bring together quantum computing experts from Amazon, the California Institute of Technology (Caltech), and other academic research institutions to work together on the research and development of new quantum computing technologies. The cloud giant hopes the R&D will result in the solving of real-world problems through quantum technologies. The centre, hosted at Caltech, is aiming to provide the opportunity for customers to develop the necessary skills, and identify when quantum is an appropriate solution, as well as learn how they can design algorithms and discover new applications.
Meanwhile the new Amazon Quantum Solutions Lab is a program that connects customers with quantum computing experts from Amazon and its technology and consulting partners. It is expected the lab will help all involved identify practical uses of quantum computing, and accelerating the development of quantum applications. Lab programs will combine hands-on educational workshops with brainstorming sessions to help customers "work backwards" from business challenges, and then go step-by-step through the process of using quantum computers, AWS said.
Doctors Are Turning To YouTube To Learn How To Do Surgical Procedures
Some doctors say that medical students and residents
are turning to YouTube to fill in gaps in their training. The video-sharing platform hosts tens of thousands of surgery-related videos, and the number keeps climbing every year. CNBC reports:
CNBC found tens of thousands of videos showing a wide variety of medical procedures on the Google-owned video platform, some of them hovering around a million views. People have livestreamed giving birth and broadcast their face-lifts. One video, which shows the removal of a dense, white cataract, has gone somewhat viral and now has more than 1.7 million views. Others seem to have found crossover appeal with nonmedical viewers, such as a video from the U.K.-based group Audiology Associates showing a weirdly satisfying removal of a giant glob of earwax. Doctors are uploading these videos to market themselves or to help others in the field, and the amount is growing by leaps and bounds. Researchers in January found more than 20,000 videos related to prostate surgery alone, compared with just 500 videos in 2009.
The videos are a particular boon for doctors in training. When the University of Iowa surveyed its surgeons, including its fourth-year medical students and residents, it found that YouTube was the most-used video source for surgical preparation by far. But residents and medical students are not the only ones tuning in. Experienced doctors, like Stanford Hospital's vascular surgeon Dr. Oliver Aalami said he turned to YouTube recently ahead of a particularly difficult exposure. There's one problem with this practice that will be familiar to anybody who's searched YouTube for tips on more mundane tasks like household repairs. How can doctors tell which videos are valid and which contain bogus information? "[O]ne
recent study found more than 68,000 videos associated with a common procedure known as a distal radius fracture immobilization," the report adds. "The researchers evaluated the content for their technical skill demonstrated and educational skill, and created a score. Only 16 of the videos even met basic criteria, including whether they were performed by a health-care professional or institution. Among those, the scores were mixed. In several cases, the credentials of the person performing the procedure could not be identified at all."
Other studies are finding that YouTube's algorithm is highly ranking videos where the technique isn't optimal.
All New Cellphone Users In China Must Now Have Their Face Scanned
An anonymous reader quotes a report from MIT Technology Review:
Customers in China who buy SIM cards or register new mobile-phone services must have their faces scanned under a new law that came into effect yesterday. China's government says the new rule, which was passed into law back in September, will "protect the legitimate rights and interest of citizens in cyberspace." It can be seen as part of an ongoing push by China's government to make sure that people use services on the internet under their real names, thus helping to reduce fraud and boost cybersecurity. On the other hand, it also looks like part of a drive to make sure every member of the population can be surveilled. The Financial Times
reported yesterday that tech companies in China are helping to create influential United Nations standards for the facial recognition technology, which will help shape rules on how facial recognition is used around the world.
Cord-Cutting Pushed To 'Tipping Point' as Video Streaming Grows
The media ecosystem is undergoing a massive change as streaming video looks to extend its recent dominance over traditional distribution, according to research firm MoffettNathanson, which wrote that
a large minority of cable consumers could cut their subscriptions in coming years. From a report:
"The video market is in full disruption and this year could be the cord cutting tipping point," analyst Michael Nathanson wrote to clients. "Media companies will need to master a whole new suite of skill sets to win going forward," with content creation, user interfaces and "churn mitigation strategies" among the factors that could determine the next generation of winners in the market. Consumers have been abandoning traditional media bundles for years, instead looking to services like Netflix or Walt Disney's recently launched Disney+ service, which has signed up more than 10 million subscribers since launching in November. Streaming services have made in-roads into a number of major categories of video entertainment, including TV shows and movies. In a measure of how big streaming has become, Wells Fargo Securities wrote that between November 17-23, "The Mandalorian," a series from Disney+ set in the "Star Wars" universe, was the "most in-demand show in OTT and overall on a linear+OTT basis." OTT stands for "over the top" content, which bypasses cable boxes. Linear TV airs at set times, as opposed to being on-demand, as with streaming.
Reptiles Known as 'Living Rocks' Show Surprising Cognitive Powers
Giant tortoises can learn and remember tasks, and
master lessons much faster when trained in groups. From a report:
Tamar Gutnick and Michael Kuba at the Hebrew University in Jerusalem, Israel, and Anton Weissenbacher at Schonbrunn Zoo in Vienna trained Galapagos tortoises (Chelonoides nigra) and Aldabra tortoises (Aldabrachelys gigantea) to bite a ball of a particular colour -- blue, green or yellow. When tested three months later, the tortoises recalled the task. The authors tested three of the tortoises again after nine years and found that all three responded to toys of the correct colour. The researchers also found that both species of tortoise could be conditioned with fewer training sessions if they were taught in groups than if learning occurred in isolation, hinting that tortoises learn from watching their peers.
'Grinch Bots' Are Here To Ruin Your Holiday Shopping
Consumers may think they're avoiding the crush this holiday season by shopping online, unaware that as they're trying to get through the digital doors, so too are hordes of bots. And they're throwing elbows. From a report:
Up to 97 percent of all online traffic to retailer login pages this holiday shopping week comes from bots, largely operated by organized gangs of cybercriminals, according to estimates by cybersecurity firm Radware. The bots fill out online forms and navigate retail sites faster than a real person can, and try to swiftly purchase limited supply gifts before you've even filled up your cart. The items are then sold for a higher price on third-party sites. The cyber thieves also crack into accounts, drain accounts of rewards and other digital currency, conduct credit card fraud, and more, said Ron Winward, a Radware spokesman. "Website operators are seeing uptick in bot activity leading up to Cyber Monday from people trying out their bots," said Winward. "People are really competing with automated infrastructure and bots to get hot holiday items."
Portland Plans To Propose the Strictest Facial Recognition Ban in the Country
As the federal government plods along on developing privacy laws, some cities are taking matters into their own hands -- with facial recognition technology at the top of the list. Now, Portland, Oregon, has plans to ban the use of facial recognition for both the government and private businesses in the city, a move that could make Portland's ban the most restrictive in the United States. The proposed ban comes after cities including San Francisco, Oakland, and Berkeley in California, and Somerville in Massachusetts, have already banned the use of facial recognition by their city government agencies, including police departments. But Portland's ban goes a step further by expanding to private businesses -- if it makes it into law and takes effect in spring 2020, as planned. It could be a preview of what to expect across the country. "I think we're going to start to see more and more [private sector bans]," says ACLU of Northern California attorney Matt Cagle, who helped draft the San Francisco legislation that later served as the model for Oakland and Berkeley. "People are really concerned about facial recognition use and the tracking of their innate features by governments and private corporations."
Archivists Are Trying To Make Sure a 'Pirate Bay of Science' Never Goes Down
A new project aims to make LibGen, which hosts 33 terabytes of scientific papers and books, much more stable. From a report:
It's hard to find free and open access to scientific material online. The latest studies and current research huddle behind paywalls unread by those who could benefit. But over the last few years, two sites -- Library Genesis and Sci-Hub -- have become high-profile, widely used resources for pirating scientific papers. The problem is that these sites have had a lot of difficulty actually staying online. They have faced both legal challenges and logistical hosting problems that has knocked them offline for long periods of time. But a new project by data hoarders and freedom of information activists hopes to bring some stability to one of the two "Pirate Bays of Science." Library Genesis (LibGen) contains 33 terabytes of books, scientific papers, comics, and more in its scientific library. That's a lot of data to host when countries and science publishers are constantly trying to get you shut down.
Last week, redditors launched a project to better seed, or host, LibGen's files. "It's the largest free library in the world, servicing tens of thousands of scientists and medical professionals around the world who live in developing countries that can't afford to buy books and scientific journals. There's almost nothing else like this on Earth. They're using torrents to fulfill World Health Organization and U.N. charters. And it's not just one site index -- it's a network of mirrored sites, where a new one pops up every time another gets taken down," user shrine said on Reddit. Shrine is helping to start the project. Two seedbox companies (services that provide high-bandwidth remote servers for uploading and downloading data), Seedbox dot io and UltraSeedbox, stepped in to support the project. A week later, LibGen is seeding 10 terabytes and 900,000 scientific books thanks to help from Seedbox.io and UltraSeedbox.
T-Mobile Shows Why It's Still Too Early To Buy a 5G Phone
T-Mobile's nationwide 5G network launches on Friday, the company announced Monday morning. But don't fall for the marketing hype. From a report:
It's still too early to buy a 5G phone, even though T-Mobile is now taking orders for two new ones, including the Samsung Galaxy Note 10+ and OnePlus 7T Pro McLaren. It's still a big step, though. T-Mobile will turn on its 600 Mhz 5G network, which will cover most of the country. That's impressive, since most of the 5G networks you've heard about so far are only available in limited areas in a small number of cities. The trade-off though, is T-Mobile's network is using low-band 5G, which means it's good at providing slightly boosted speeds inside buildings and is available in far more places than what competitors offer. Some of the 5G Ultra Wideband networks you've heard about from AT&T and Verizon provide the opposite. They have super fast speeds, but only work in really small pockets when you're standing near a tower outside.
iOS Apps Could Really Benefit From the Newly Proposed Security.plist Standard
Security researcher Ivan Rodriguez has proposed a new security standard for iOS apps, which he named Security.plist. From a report:
The idea is simple. App makers would create a property list file (plist) named security.plist that they would embed inside the root of their iOS apps. The file would contain all the basic contact details for reporting a security flaw to the app's creator. Security researchers analyzing an app would have an easy way to get in contact with the app's creators. Rodriguez said the idea for Security.plist came from Security.txt, a similar standard for websites, that was proposed in late 2017. Security.txt is currently going through an official standardization process at the Internet Engineering Task Force (IETF), but it has been widely adopted already, and companies like Google, GitHub, LinkedIn, and Facebook, all have a security.txt file hosted on their sites, so bug hunters can get in touch with their respective security teams. Rodriguez, who is an amateur bug hunter in iOS apps, said he decided to propose a similar thing for iOS apps because getting in touch with an app's dev or security team has been a problem in the past. "I spend most of my free time poking mobile applications which has lead me to find many vulnerabilities and I have yet to find one that has an easy way to find the correct channel to responsibly disclose these issues,"Rodriguez told ZDNet.
Amazon Lets Doctors Record Your Conversations and Put Them in Your Medical Files
Amazon's next big step in health care is with voice transcription technology that's designed to allow doctors to spend more time with patients and less time at the computer. At Amazon Web Services' re:Invent conference on Tuesday, the company is launching a service called Amazon Transcribe Medical, which
transcribes doctor-patient interactions and plugs the text straight into the medical record. From a report:
"Our overarching goal is to free up the doctor, so they have more attention going to where it should be directed," said Matt Wood, vice president of artificial intelligence at AWS. "And that's to the patient." At last year's re:Invent, AWS introduced a related service called Amazon Comprehend Medical, which "allows developers to process unstructured medical text and identify information such as patient diagnosis, treatments, dosages, symptoms and signs, and more," according to a blog post. Wood said the two services are linked and can be used together. Voice-to-text transcription is one of the many areas where Amazon is battling with cloud rivals Microsoft and Google. All three companies operate speech assistants that can in real time translate spoken words and sentences and offer text translation. Businesses can use the technology in a variety of ways to weave into their applications.
[...] A big challenge for Amazon, a huge consumer company with tons of customer data, is ensuring that its health-care tools are compliant with privacy rules and regulations under the Health Insurance Portability and Accountability Act and when it comes to transcription, maintaining an extremely high level of accuracy to avoid problematic outcomes or potential liability. Imagine, for instance, if the machine learning system inputs the term "hyper" instead of "hypo," or if doctors noticed so many inaccuracies that they ended up doing the work manually anyway. Wood said the service is HIPAA compliant. He said it took a lot of work for the technology to correctly annotate the "domain specific language and abbreviations" that are common in the medical field, and added that the accuracy is very high. Amazon hasn't published research showing how its accuracy compares with other offerings, but Wood said the company hasn't ruled it out.
Would You Pay Someone $40 To Keep You Focused on Work?
An anonymous reader shares a report:
Lacking any of the necessary willpower to go back to my work, I spiraled further into a procrastination hole and clicked on the link. "Working on something hard? Distracted? Overwhelmed? Imagine a place where you know you'll get your work done," the landing page read. I didn't believe such a place really existed, outside of maybe a plane at 35,000 feet before the advent of inflight Wi-Fi. But I was feeling preoccupied and stressed, and I wanted this mythical destination to be real, so I signed up for one of the company's sessions last month. That's how I found myself inside a drab office building in downtown San Francisco, feeling more like I was on my way to a dentist appointment than to experience the latest productivity solution to come out of Silicon Valley. Focused has a deceptively simple premise: What if you could pay someone to help you accomplish undistracted work for a couple of hours?
For $40 a pop, cofounders Nodira Khoussainova, 32, and Lee Granas, 40, put on a study hall of sorts, perfect for a certain breed of multitasking, multi-side-hustle, 21st-century adult. (They do also offer financial aid.) The company has two newly opened offices, one in San Francisco and one in nearby Oakland, where clients show up with laptops and one or more daunting tasks they hope to cross off their to-do lists. The startup feels, in some ways, like a natural outgrowth of a culture that's obsessed with optimization and an economy in which more people work remotely than ever. It caters to the same type of person that productivity apps, books, and gurus do, but it also provides access to what's essentially a coworking space. Yet unlike other products and services that promise to help you get more things done, Focused doesn't treat procrastination like a personal moral failing. Its founders believe that people probably can't do everything they want to alone -- they need a real, live human supporting them, even if it's someone they pay.
Physicists Have Identified a Metal That Conducts Electricity But Not Heat
Researchers have identified a metal that conducts electricity without conducting heat - an incredibly useful property that
defies our current understanding of how conductors work. From a report:
The metal, found in 2017, contradicts something called the Wiedemann-Franz Law, which basically states that good conductors of electricity will also be proportionally good conductors of heat, which is why things like motors and appliances get so hot when you use them regularly. But a team in the US showed this isn't the case for metallic vanadium dioxide (VO2) - a material that's already well known for its strange ability to switch from a see-through insulator to a conductive metal at the temperature of 67 degrees Celsius (152 degrees Fahrenheit). "This was a totally unexpected finding," said lead researcher Junqiao Wu from Berkeley Lab's Materials Sciences Division back in January 2017. "It shows a drastic breakdown of a textbook law that has been known to be robust for conventional conductors. This discovery is of fundamental importance for understanding the basic electronic behaviour of novel conductors." Not only does this unexpected property change what we know about conductors, it could also be incredibly useful - the metal could one day be used to convert wasted heat from engines and appliances back into electricity, or even create better window coverings that keep buildings cool.
'Laziness Has Won': Apostrophe Society Admits Its Defeat
A society dedicated to preserving the "much-abused" apostrophe is to be shut down as its chairman said
"ignorance and laziness" had won. From a report:
John Richards, who worked in journalism for much of his career, started the Apostrophe Protection Society in 2001 after he retired. Now 96, Richards is calling time on the society, which lists the three simple rules for correct use of the punctuation mark. Writing on the society's website, he said: "Fewer organisations and individuals are now caring about the correct use of the apostrophe in the English language. We, and our many supporters worldwide, have done our best but the ignorance and laziness present in modern times have won!" Richards started the society after seeing the "same mistakes over and over again" and hoped he would find half a dozen people who felt the same way.
Now Even the FBI is Warning About Your Smart TV's Security
If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday tomorrow,
the FBI wants you to know a few things. From a report:
Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected televisions as a cord-cutter's dream. But like anything that connects to the internet, it opens up smart TVs to security vulnerabilities and hackers. Not only that, many smart TVs come with a camera and a microphone. But as is the case with most other internet-connected devices, manufacturers often don't put security as a priority. That's the key takeaway from the FBI's Portland field office, which just ahead of some of the biggest shopping days of the year posted a warning on its website about the risks that smart TVs pose. "Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router," wrote the FBI. The FBI warned that hackers can take control of your unsecured smart TV and in worst cases, take control of the camera and microphone to watch and listen in.
Huawei Is Now Making Smartphones Without American Chips
"American tech companies are getting the go-ahead to resume business with Chinese smartphone giant Huawei Technologies Co., but it may be too late," reports the Wall Street Journal.
Huawei is just building its smartphones without U.S. chips.
Huawei's latest phone, which it unveiled in September -- the Mate 30 with a curved display, telephone and wide-angle cameras that competes with Apple Inc.'s iPhone 11 -- contained no U.S. parts, according to an analysis by UBS and Fomalhaut Techno Solutions, a Japanese technology lab that took the device apart to inspect its insides...
While Huawei hasn't stopped using American chips entirely, it has reduced its reliance on U.S. suppliers or eliminated U.S. chips in phones launched since May, including the company's Y9 Prime and Mate smartphones, according to Fomalhaut's teardown analysis. Similar inspections by iFixit and Tech Insights Inc., two other firms that take apart phones to inspect components, have come to similar conclusions.
Millions of SMS Text Messages Exposed In Unencrypted Database
"A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online," reports TechCrunch. The database belongs to a company that works with
over 990 cell phone operators and reaches more than 5 billion subscribers around the world, according to the researchers.
The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. The Austin, Texas-based company says one of the advantages to its service is that recipients can also text back, allowing them to have two-way conversations with brands or businesses.
The database stored years of sent and received text messages from its customers and processed by TrueDialog. But because the database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside. Security researchers Noam Rotem and Ran Locar found the exposed database earlier this month as part of their internet scanning efforts... Many of the messages we reviewed contained codes to access online medical services to obtain, and password reset and login codes for sites including Facebook and Google accounts...
One table alone had tens of millions of messages, many of which were message recipients trying to opt-out of receiving text messages.
Indexing delays can cause Google to take a lot more time in discovering newly added pages on your news website... If it takes ages for Google to index your JS-dependent product description, your competitors will be taking the top positions for prominent queries....