Links for 2017-04-24

  • Unroll.me sold your data to Uber

    ‘Uber devoted teams to so-called competitive intelligence, purchasing data from Slice Intelligence, which collected customers’ emailed Lyft receipts via Unroll.me and sold the data to Uber’. Also: ‘Unroll.me allegedly “kept a copy of every single email that you sent or received” in “poorly secured S3 buckets”‘: https://news.ycombinator.com/item?id=14180463 Unroll.me CEO: ‘felt bad “to see that some of our users were upset to learn about how we monetise our free service”.’ https://www.theguardian.com/technology/2017/apr/24/unrollme-mail-unsubscription-service-heartbroken-sells-user-inbox-data-slice

    (tags: uber unroll.me gmail google privacy data-protection lyft scumbags slice-intelligence)

  • Capturing all the flags in BSidesSF CTF by pwning Kubernetes/Google Cloud

    good exploration of the issues with running a CTF challenge (or any other secure infrastructure!) atop Kubernetes and a cloud platform like GCE

    (tags: gce google-cloud kubernetes security docker containers gke ctf hacking exploits)

  • How To Add A Security Key To Your Gmail (Tech Solidarity)

    Excellent how-to guide for Yubikey usage on gmail

    (tags: gmail yubikey security authentication google)

  • Ethics – Lyrebird

    ‘Lyrebird is the first company to offer a technology to reproduce the voice of someone as accurately and with as little recorded audio. [..] Voice recordings are currently considered as strong pieces of evidence in our societies and in particular in jurisdictions of many countries. Our technology questions the validity of such evidence as it allows to easily manipulate audio recordings. This could potentially have dangerous consequences such as misleading diplomats, fraud and more generally any other problem caused by stealing the identity of someone else. By releasing our technology publicly and making it available to anyone, we want to ensure that there will be no such risks. We hope that everyone will soon be aware that such technology exists and that copying the voice of someone else is possible. More generally, we want to raise attention about the lack of evidence that audio recordings may represent in the near future.’

    (tags: lyrebird audio technology scary ethics)

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.

2 Comments

  1. Posted April 25, 2017 at 12:25 | Permalink

    Thanks for updating. :)

  2. Nix
    Posted April 25, 2017 at 14:15 | Permalink

    I tried to use Google’s YubiKey support. It’s next to useless, because it defaults to requiring you to authenticate only about once a year, and the checkbox which tells it “don’t make me reauthenticate” is always on by default, so you always have to remember to uncheck it every time if you actually want to, y’know, use your YubiKey to authenticate now and then.

    Plus, if you have, say, one of Google’s own tablets, turning this on more or less locks you out of your own account, because astonishingly Google Authenticator is only useful if the authentication code is on some other machine you can take photos of, not if it’s on the tablet’s own screen, and of course you can’t use a U2F-only Yubikey with a USB-slot-less tablet (and if you have a Neo, the NFC support only transmits OTP passwords, and can’t do U2F negotiation, so that’s useless too.)

    I turned it off again.