Archive for September 7, 2018

Mac App “Adware Doctor” Steals User Browser History….. And It’s Still For Sale On The App Store….. WTF?? [UPDATE: Removed]

Posted in Commentary with tags on September 7, 2018 by itnerd

There’s an app on the Mac App Store called “Adware Doctor” which is the number one paid Utilities app has been found to be stealing a users browser history and sending it to China while supposedly keeping you save from pop-ups and adware. This first came to light via a Tweet from Privacy 1st:

Then noted security researcher Patrick Wardle looked into this and published his own findings which confirms what Privacy 1st found. And what’s scary about this is that as I type this, this app is still for sale on the App Store. But the real issue is this:

If Apple is really “review[ing] each app before it’s accepted by the store” … how were these grave (and obvious) violations of this application missed!? Who knows, and maybe this one just slipped though. Maybe we should give them the benefit of the doubt, as yes we all make mistakes!

But this bring us to the next point. Apple also claims that “if there’s ever a problem with an app, Apple can quickly remove it from the store”. Maybe the key word here is “can”.

A full month ago, we reported our findings to Apple, which they acknowledged, and promised to investigate:

…since then, crickets! Which of course is incredible frustrating.

How can Apple, who boldly state that “Privacy to us is a human right…a civil liberty” not take action?

That’s a question that Apple needs to answer as this is a clear screw up on their part that they not only need to immediately address, but they need to explain how a situation like this will never happen again.

In the meantime, if you have installed this application, delete it. Like now. No seriously. Right now.

UPDATE: This just happened:

So it seems that Adware Doctor has been removed from the Mac App Store, along with the developer’s other app “AdBlock Master.” But there’s still no explanation as to how these apps got there in the first plac.e

Bad News For Facebook. More Than 25% Of Americans Have Joined Team #DeleteFacebook

Posted in Commentary with tags on September 7, 2018 by itnerd

Since the whole Facebook/Cambridge Analytica scandal blew up, I’ve wondered how effective the #DeleteFacebook campaign actually was. We may be getting our first indication via a Pew Research study which suggests the following:

Just over half of Facebook users ages 18 and older (54%) say they have adjusted their privacy settings in the past 12 months, according to a new Pew Research Center survey. Around four-in-ten (42%) say they have taken a break from checking the platform for a period of several weeks or more, while around a quarter (26%) say they have deleted the Facebook app from their cellphone. All told, some 74% of Facebook users say they have taken at least one of these three actions in the past year.

Well, if you’re Mark Zuckerberg, you have to be freaking out right now. Because if that is even moderately true, a whole lot of people who are changing their behaviours when it comes to Facebook enough that it will eventually cost Facebook some money. Combine that with a renewed focus of social media companies by politicians in an election year and that likely spells trouble for Facebook. It will be interesting to see if or how they respond.

British Airways Pwned….. 380,000 Credit Card Payments Compromised

Posted in Commentary with tags on September 7, 2018 by itnerd

This isn’t a good day to be British Airways as earlier today the airline said credit card information of at least 380,000 customers have been “compromised” in a data breach that occurred between August 21 and September 5. The information stolen includes customer names, email addresses, home addresses and payment card information. But not travel or passport details:

In an email to affected customers, BA said: “We’re deeply sorry, but you may have been affected. We recommend that you contact your bank or credit card provider and follow their recommended advice. We take the protection of your personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused.” The breach has been “resolved” and the website is “working normally,” it said. In a statement, the airline added: “We have notified the police and relevant authorities… [and] will continue to keep our customers updated with the very latest information. We will be contacting customers and will manage any claims on an individual basis.”

Seeing as this is an European based airline, they had to notify the public quickly as they are covered by GDPR. But you have to wonder if British Airways will face any punishment for getting pwned by hackers? If not, this will simply keep happening. Nor will the airline have any incentive make sure that this doesn’t happen again, other than to close whatever holes led to this.