If you’re a user of the popular deals site RedFlagDeals.com, they apparently got hacked. In 2013. That’s right. They were hacked four years ago but the data was dumped today. More details are available here. No personal information was obtained in this hack, only usernames and encrypted passwords were swiped. Users are encouraged to change their passwords as soon as possible.
One has to wonder why this wasn’t detected before now.
Consumer Reports has updated their report on the 2016 MacBook Pros, and is now recommending Apple’s latest notebooks. From Consumers Reports:
Consumer Reports has now finished retesting the battery life on Apple’s new MacBook Pro laptops, and our results show that a software update released by Apple on January 9 fixed problems we’d encountered in earlier testing.
With the updated software, the three MacBook Pros in our labs all performed well, with one model running 18.75 hours on a charge. We tested each model multiple times using the new software, following the same protocol we apply to hundreds of laptops every year.
And:
Now that we’ve factored in the new battery-life measurements, the laptops’ overall scores have risen, and all three machines now fall well within the recommended range in Consumer Reports ratings.
So the fix that Apple spoke of clearly worked. At least for Consumers Reports. But I am still hesitant to give this notebook two thumbs up considering everything else that’s wrong, misplaced and unfinished about this computer.
It’s interesting timing that just when VW seems to be making DieselGate disappear from the headlines, another car company has made it top of mind news again. This time it’s Fiat Chrysler. The US Government is accusing the automaker of cheating on emissions:
The U.S. government accused Fiat Chrysler on Thursday of failing to disclose software in some of its pickups and SUVs with diesel engines that allows them to emit more pollution than allowed under the Clean Air Act.
The Environmental Protection Agency it had issued a “notice of violation” to the company that covers about 104,000 vehicles including the 2014 through 2016 Jeep Grand Cherokee and Ram pickups, all with 3-litre diesel engines. The California Air Resources Board took similar action.
“Failing to disclose software that affects emissions in a vehicle’s engine is a serious violation of the law, which can result in harmful pollution in the air we breathe,” said Cynthia Giles, EPA assistant administrator for enforcement and compliance.
Ouch. Apparently the state of California is making similar accusations.
Now Fiat Chrysler has denied this. But I am pretty sure that they’re quite worried as the last thing that any automaker needs right now is to have their name used in the same sentence as the words VW, cheating, and diesel. Plus given how things went down with VW, I would not want to be in Fiat Chrysler’s shoes if any of this is true as it is likely that their punishment will be worse than VW’s. Assuming that this is true of course.
The news is out that the latest update out from Adobe for its Acrobat Reader for Windows does something that I find distasteful. It silently installs an extension into your Google Chrome browser. After you update Acrobat Reader, the next time you open Chrome it will note the new extension and ask if you want to enable it or remove it.
The problem is this:
The installation process is covert, but the next time users open their Chrome browser, they’ll be notified by Chrome’s security systems that a new extension has been added.
The extensions name is Adobe Acrobat and is the same extension available through the Chrome Web Store.
Let me focus on three things. First is the fact that the “installation process is covert” meaning that you are not told that this is going to happen when you update Adobe Acrobat Reader. Which in turn would give you the choice as to if you want it installed or not. But I bet that lots of users are going to say yes when the prompt to enable it pops up in Chrome and I bet that is what Adobe is counting on. The second thing that I want to focus on is the fact that the extension in question is available on the Chrome Web Store. That means that if you really wanted this, you had an avenue to get it. So one has to wonder why Adobe is now forcing it upon users? Finally, Chrome offers pretty good native PDF support. So why even bother having more software installed?
Now the cyinic in me sees this as the real reason behind this:
The Adobe Acrobat extension also comes with anonymous usage data collection turned on by default, which might scare some users.
According to Adobe, extension users “share information with Adobe about how [they] use the application.”
“The information is anonymous and will help us improve product quality and features,” Adobe also says.
Digging deeper into this data collection mechanism, we see that Adobe collects the following user information:
“Since no personally identifiable information is collected, the anonymous data will not be meaningful to anyone outside of Adobe,” the company says.
I’m sorry, but force feeding me a browser extension that phones home doesn’t exactly give me the warm fuzzies.
Now there’s one thing that popped to mind as I was typing this.Chrome has come bundled with Adobe products such as Flash. If you want to see this in action, install or update Flash. You’ll see that installing Google Chrome is an option (that to be frank I remove 100% of the time). Is there a connection?
That’s a question that I would love to have an answer to.
UPDATE: Clearly this story got Adobe’s attention. 24 Minutes after posting this, I got this Tweet:
You may visit this help page https://t.co/GLDACoOGsi and it explains the change in Reader. ^TD
— Adobe Acrobat (@Acrobat) January 12, 2017
iPhone Hacker Cellebrite Gets Pwned
Posted in Commentary with tags Cellebrite, Hacked on January 12, 2017 by itnerdIsraeli firm Cellebrite got into the public eye for two reasons. First, they were known for breaking into iPhones for law enforcement. Second, they were tied, perhaps erroneously to the San Bernardino Shooter’s iPhone. Now they’re in the eye again for being hacked. A notice on Cellebrite’s website alerting to the breach explains it took place on an external web server, and that it is investigating the full extent of the hack. According to Motherboard approximately 900 gigabytes of data was snatched including customer information, technical data about Cellebrite’s products and evidence files from seized mobile phones.
I’m sure they are not happy about that.
If you’ve done business with them, you might want to change any passwords that are associated with the company.
1 Comment »