Thursday 4 April 2019

Exodus spyware exposes 'sorry' state of Android security

Android Angst; Government Gaffe


The sky is falling. At least, that’s what some conclude, after hearing about Exodus, a family of targeted malware discovered in the official Google Play app store.

By imitating legit apps, Exodus exfiltrates data from countless apps and Android services. It appears to be a lawful surveillance program that escaped from its tight, court-approved targeting of Italian suspects.

But Google says malware like this is vanishingly rare. In this week’s Security Blogwatch, we let my people go.


Read more: techbeacon.com/security/exodus-spyware-exposes-sorry-state-android-security

Wednesday 3 April 2019

Facebook Forces Users to Give Email Password (wait, what?)


Here’s Facebook’s latest unbelievable scandal: The company has been demanding that some users enter their email passwords, so they can be “verified.”

That’s right, their email password. Facebook claims it’s all above board: It’s for security, y’see—people can totally trust us. But critics say it trains users to do dangerous things.

And Facebook is said to be harvesting the users’ contacts without permission. All this just a month after the company was caught red-handed misusing other security identifiers. Yikes.

Facebook also claims that users can instead verify their email an alternate way, but the UX for that seems to be a blackest-of-Vantablack “dark pattern.” In today’s SB Blogwatch, we can’t believe our eyes.


Read more: securityboulevard.com/2019/04/facebook-forces-users-to-give-email-password-wait-what

Tuesday 2 April 2019

Office Depot and Support.com to Pay $35M for Fake Malware Scan ‘Scam’


Feds win technical victory against an alleged nine-year plan to fool customers. The Federal Trade Commission (FTC) claims Office Depot and Support.com deliberately lied to consumers, saying their PCs were infected with malware.

However, the scanning tool they used didn’t actually scan anything, according to the FTC. It merely asked a few questions, such as, “Does your PC frequently crash?” And if the customer answered “Yes” to any question, they’d be told the PC needed a $300 fix.

The companies settled out of court for $35 million, without admitting liability. In today’s SB Blogwatch, we feel fine.


Read more: securityboulevard.com/2019/04/office-depot-and-support-com-to-pay-35m-for-fake-malware-scan-scam