So I’m going to stir up some :poop: , y’all — but bare with me.
Generally speaking, I’m of two minds on this subject. On one hand, I’m OK with this.
e.g., prior to CommieVirus2020, we would go to work, log on to an employer-provided asset, and commence working. On Employer-provided assets, such as laptops, desktops, servers, etc, I’m 100% fine with <pick an employer> installing NARCwarez. Why? Simple: They own the device.
However, that’s not what’s been happening.
Instead, as more and more people are working from home, employers are attempting to basically “track,” your every waking moment, from the time you roll out of bed, to the time you crawl back into it. Yea, I know that’s an extreme, but let’s get real — we’re talking about a really bad fucking episode of Black Mirror.
So you’ve got two choices: You can tell your employer to pound sand; that you won’t tolerate this type of invasion of privacy.
Their response will probably be your atypical “…..install this (or else you can’t work here any longer).”
The COVID-19 (corona virus) pandemic is keeping a large number of us isolated in our homes, which is leading to a great deal of boredom for many. Creative ways of socializing online are becoming more normal, as we wait for the situation to unfold. My favorite method of connecting with friends recently is Netflix Party. With Netflix Party, you can watch Neflix with your friends and family online. “Netflix Party synchronizes video playback and adds group chat to your favorite Netflix shows.” –NetflixParty.com
The instructions for setting up Netflix Party are simple:
Then after the extension is installed on chrome, sign into Netflix in your browser and pick the movie or show you want to watch with friends. There will be an “NP” in the upper right corner of your browser next to where your other extensions are listed. Click the “NP” and it will give you a link to share with your friends so they can watch and chat along with you. Please note: your friends must also have a Netflix account and must be logged in to join your party. Unfortunately, this is only available for Chrome at this time. If you’d like to watch Netflix Party videos on your tv, consider using an HDMI cable.
Here’s a video with some more detailed instructions:
That’s it! If you have any other creative ideas for socializing while social distancing, please leave them in the comments!
A Teenager Becomes a Millionaire Through White Hat Hacking:
Hacking often refers to the breaching of information without a person’s consent or knowledge. It basically is the unauthorized intrusion into a computer or a network. It can be used to alter or change a system for different purposes or goals. Hacking can also mean the involvement of unusual or improvised alterations to equipment or processes.
A hacker has expertise in computer skills, and will know their way around systems and security features. They are often skilled programmers who use their technical knowledge to exploit bugs in order to break into computer systems.
The above-mentioned information is a very generic definition of hacking, It is what most people associate with “hacking” or “hackers”. They’re often used in a negative connotation, giving us the same feeling whenever we come across these words. However, it is very important to clarify that hacking is not only used in a negative sense. In fact, “ethical hacking” is on the rise.
“Ethical hacking” is also known as penetration testing. By definition, it is an act of intruding/penetrating into system or networks to find the threats and vulnerabilities in those systems which a malicious attacker may find and exploit, causing loss of data, These vulnerabilities could also lead to financial loss or other major damages. Ethical hacking or “white hat” hacking is different from intrusive or “black hat” hacking, in that its purpose is to increase and improve the security of the networks or systems. It does this by fixing the vulnerabilities found during testing. The tools and methods of ethical hackers might be similar or even the same at times, but the intentions and reasoning behind the act are totally different.
Recently, a teenager named Santiago Lopez made millions of dollars utilizing ethical hacking on HackerOne.
HackerOne is the number 1 ranked platform that helps organizations find and fix critical vulnerabilities that have the potential of destroying or exploiting your information in any sense. HackerOne is well known and has partnership with the U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,200 other organizations in order to find and protect them against all kinds of vulnerabilities.
Like most of the hackers, Lopez is also self-taught. His specialty and expertise lies in finding Insecure Direct Object Reference (IDOR) vulnerabilities.
Lopez first gained interest in this field from watching a movie about hacking. His interest grew in this area, and then he started watching and learning to hack from online tutorials and by reading blogs. At the age of 16 he signed up for HackerOne, not knowing what he was getting into. He knew that he had to hack into company databases and he kept his name @try_to_hack in order to motivate himself further. He still goes by this name. Once he had signed up for HackerOne, he earned his first fifty dollars in a few months and that’s what motivated him further and showed him a path that he could do it.
Lopez continued making the internet a better place for many people who are associated with and have put their entire trust in HackerOne. Lopez choose ethical hacking because; “To me, this achievement represents that companies and the people that trust them are becoming more secure than they were before, and that is incredible.”
So this is how Lopez, a 19-year-old teenager worked his way up in the hacker community and proved himself by earning the first million dollars of his life. His story is a textbook definition of how practice, enthusiasm and talent matters – and is needed to get the top spot in any field.
It all seems very straightforward. Swipe right if you’re attracted to the person on your screen, swipe left if you’re not. Tinder makes the process of finding someone to date seem easy. Individual profiles take only seconds to scan. In under one hour, you could be matched up with someone available to date you tonight. Yet, there’s more to the app than meets the eye. The inner workings of Tinder’s algorithms might leave you a little surprised.
Tinder has a “desirability” ranking system.
That’s right, Tinder “scores” your desirability based on several factors. You are shown specific matches first, based on these factors. You aren’t able to retrieve these scores for yourself – but a writer, Austin Carr, from Fast Company, was granted access to his score by Tinder executives. This is what he came away with:
“Every swipe is in a way casting a vote: I find this person more desirable than this person, whatever motivated you to swipe right. It might be because of attractiveness, or it might be because they had a really good profile.” Tinder’s engineers tell me they can use this information to study what profiles are considered most alluring in aggregate.” -Carr, Fast Company
Furthermore, Tinder’s VP of product compares the ranking system to that of a World of Warcraft game. He says if someone with a really high score swipes right on you, that’s going to in turn increase your score too. Just like if a high-level player helps a lower-level player level up in Warcraft.
Your Tinder Data may not be Secure.
Yep, it says so right in their TOS: “We do not promise, and you should not expect, that your personal information, chats, or other communications will always remain secure”. With the onslaught of hacked sites and apps in recent years, it’s no wonder they’re taking this precaution.
Since the launch of Tinder, it has been an attractive medium for data scrapers. Scrapers are automated bots or tools that extract data from websites or apps. With over 50 million users on Tinder, these tools provide valuable data to marketers, research firms and potentially to governments. In fact, there have been multiple instances where scrapers were discovered to have harvested a large amount of data from Tinder.
One developer managed to scrape information from over 40,000 profiles and posted it publicly. The purpose for this massive harvesting of profile data was to train AI to recognize gender based on a person’s facial features. The project was called “People of Tinder” and it has since been removed.
Tinder has a Huge Trove of Data on Every User
Last year, Judith Duportail, a writer at The Guardian, asked Tinder for all of the data they had stored on her. Every European citizen is allowed to request their data from companies using the EU data protection law. It turned out Tinder had 800 pages of data stored on her that included information like education, Facebook likes, conversation history, number of Facebook friends, the age-rank and race of men she was interested in, which matches she’d recycled pickup lines with, who she’d ghosted on, and tons more.
The reason Tinder is able to amass so much information on each user, is because most users sign up through Facebook. When someone uses Facebook to login to any app, that app gets access to likes, location information, friend information, public profile information, and often much more (though some of this access may soon be restricted due to the recent Cambridge Analytica scandal). They also study your behaviors while using the app, and then use that behavioral data to help target matches and advertisements. Many users also link their Instagram accounts to the app, which gives Tinder even more data to harvest.
Now that you know Tinder is just as exploitative as other apps and services that have been in trouble for data-mining lately, will you still continue to use it to find dates?
Hackers recently targeted a Virginia high school in order to change the grades of multiple students. The hackers were able to obtain access to teacher accounts when they sent out a phishing link. The phishing link was included inside an email that pretended to be from the “Oaktown High School’s Honor Council” dedicated to “honor and integrity”. The link then directed the user to a malware site, which downloaded key logger software onto the computer.
A key logger records strokes on the user’s keyboard, including passwords and other sensitive data. That information is captured by the hacker, giving them the ability to access the user’s accounts.
Hacked School System
The Virginia high school hackers used their access to make several changes in the school system:
After the emails began circulating, there were multiple cases of grade changes being requested, as well as students’ passwords being changed and emails being sent through remote log-ins, according to the search warrant. The court document does not say whether the hackers were successful in changing any grades, and Fairfax County Public Schools officials declined to say. –The Washington Post
Hacking Grades Could Result in Heavy Charges
Law Enforcement haven’t found the high school hackers, but if they do, charges could be steep.
There was a recent case of a University of Georgia student who hacked into his professor’s computer in order to alter his grades. He was charged with over 70 counts of computer forgery and computer trespassing.
According to the Washington Post, these types of grade-changing hacks are increasing. There are also services for hire to help students change their grades through hacking, as well as YouTube tutorials.
Social media is known to have a negative impact on mental heath. Spending too much time on social networks leads to depression, anxiety and addiction problems. Instagram is often criticized for causing negative body issues, especially in young teens. A 2017 survey found that the image sharing platform gave teens feelings associated with “high levels of anxiety, depression, bullying and FOMO, or the “fear of missing out.” –Time
Instagram Hires a “Wellbeing Team”
As a response to the reports that Instagram was affecting the mental health of young people, the company introduced a “wellbeing team.”
A senior Instagram executive said that the mental health of the users is a top priority. Part of the goal set for the team is to combat bullying, harassment, spam and abuse. Other than that, it’s pretty unclear how they will help users who are struggling with body image issues.
How do you fight “Fake”?
Often, Instagram photos are polished to make people look more attractive and food look more delicious. This creates a sense of inadequacy for the people viewing the pictures. The truth is, most of these images don’t depict real life – they are filtered embellishments. In fact, that’s what Instagram is mostly based on, filters. What you’re seeing isn’t real. Will the “wellbeing team” give disclaimers when photos are edited? It’s doubtful they would betray their content creators in that way, or else they wouldn’t have anyone left to post on the platform.
Furthermore:
“this problem stems from a larger, systemic cultural issue — where depression and other mental health issues remain under-addressed, and in which how you look, and how well you fit into cultural expectations of “success,” are given more credence than actual happiness.” –Futurism
Maybe Instagram intends to provide psychiatric counseling to its users who feel inadequate. Perhaps they could also prevent your girlfriend from continuously ‘hearting’ that guy’s selfies who she told you not to worry about.
Until then, I’ll stick to following only meme accounts.
Facebook released a newsroom update today outlining their new plan to restrict data access going forward.
A Month of Scandals
It has been a turbulent month for the social media company. First, it was announced that Cambridge Analytica had performed a breach on Facebook. They did this by obtaining data from an app that tricked users into giving up personal information for “academic research”. This app harvested not only users’ data, but also the data of their friends. It has been said that over 80 million people were affected by this breach. This information was handed over to Cambridge Analytica, a British data mining firm, who used it to influence voter opinion on behalf of their political clients.
Additionally, Mark Zuckerburg recently said in a call to reporters that every user of Facebook can assume they have had their data scraped by third parties. All two billion of us.
In the wake of these scandals, there was a lot of public outcry, and Facebook’s stock prices were greatly lowered. Facebook is now scrambling to secure the privacy holes that have been left gaping for so long.
What Next?
In their newsroom update, Facebook’s Chief Technology Officer outlines the main changes they will be making over the next few months:
Soon, apps will no longer be allowed to access the same amount of data related to events, groups, pages, logins, and the Instagram API. Facebook will also restrict the ability to search phone numbers and email addresses. Doing that should help prevent malicious actors from searching and scraping public profiles based on information they already own.
If you have an Android device, Facebook would keep track of call and text history, such as the date and time of calls. They say the reason for doing this was to keep those closest to you at top of your contact list. The new plan for storing call history is to only “upload to our servers the information needed to offer this feature”.
You’ll soon have easier access to your apps, and a better understanding of the information you are sharing with these apps. Facebook stated, “People will also be able to remove apps that they no longer want. As part of this process we will also tell people if their information may have been improperly shared with Cambridge Analytica.”
A YouTube staffer was live-tweeting about the active shooting when it happened at the YouTube headquarters earlier today. Shortly after, his Twitter account was briefly hacked.
Earlier today, a woman open fired at the YouTube headquarters and tragically shot 3 people before taking her own life. Vadim Lavrusik, a product manager at YouTube, was live tweeting the incident as it was happening.
Active shooter at YouTube HQ. Heard shots and saw people running while at my desk. Now barricaded inside a room with coworkers.
Not an hour later, Lavrusik’s account was breached by hackers.
At about 2:10 p.m., after Lavrusik tweeted that he was safe and evacuated, a new tweet came up from the account, writing, “PLEASE HELP ME FIND MY FRIEND I LOST HIM IN THE SHOOTING,” with a Flipboard URL linking to a photo of KEEMSTAR, a YouTube personality.
Three minutes after that tweet, another post came in saying, “my name is so gay honestly.” -CNET
Panera Bread has suffered a major data breach, affecting potentially 7 million customers. The data is said to include names, email addresses, and credit card information. What’s worse – the data could have been crawled and indexed with simple automated tools.
This wasn’t news to those at the top at Panera Bread. Last summer, a security researcher told Panera Bread that their website was exposing this sensitive data. When Panera was made aware of the flaw, they dismissed it as a scam or sales pitch. After months of the flaw continuing to be exposed and unpatched, the security researcher decided to go public with evidence of the vulnerability.
“I am not exaggerating when I say you have a massive sensitive data exposure issue,” he said, “and I’d simply like you to be made aware of it so you can quickly resolve it.” -researcher Dylan Houlihan (in response to Panera Bread maintaining that he was giving a sales pitch).
Panera Bread is now downplaying the security of the breach, telling Fox News they have secured the breach and only ten thousand records were exposed. Krebs on Security is not buying it, especially considering Panera’s commercial division which serves countless catering companies which may run on the same software.
As the disclosure shitshow that describes @panerabread response to their breach indicates, most companies respond to breach notifications like they would a stranger telling them they have a cold sore on their lip. If you get no love, please ping krebsonsecurity @ gmail dot com
AI chat bots aren’t new. We all remember Microsoft’s Tay (press F), the beloved AI Twitter chat bot that went a little haywire when trolls manipulated her. Microsoft now has another, lesser known chat bot that can chat with users on Twitter, Facebook, Kik and GroupMe. This new chat bot is named “Zo“, and she is much milder than her predecessor, Tay, even though she uses the same software.
Zo won’t discuss politics with you at all. Nor will she discuss religion, nor anything that is seemingly controversial. Although, back in July, it called the Quaran “very violent” to a Buzzfeed reporter. It also made a judgement about who was actually responsible for capturing Bin Laden. These were shrugged off as “bugs” by Microsoft and nothing like that has been reported since. Probably because Zo will now actually quit talking to you if you push her too far:
You can submit pictures to Zo, prompting her to make clever comments about the picture. She might also add the picture you send her to the “AI Yearbook“, which seems to be pictures of users accompanied by a “most likely to” caption. Again, she avoids talking politics as much as possible, but there were a couple of times where she engaged. Here are some of the results:
Unlike Tay, Zo changes the subject when it comes to Hitler.
Zo isn’t a fan of Logan Paul’s pic:
She doesn’t like us using this one:
Zo comments on Alex Jones’s “feels”.
Like with Hitler, Zo wants to change the subject when we share a picture of Caitlyn Jenner.
And one for the yearbook…
Additionally, Zo plays ignorant when it comes to Tay. She acknowledges that Tay existed, but talks about her in the past tense and says she never met her.
And like I previously mentioned, Zo won’t discuss politics AT ALL. She even gets offended when you push the issue.
Though she was pretty liberal-minded when it came to genetics:
We did make several attempts at corrupting Zo, all were met with her eventually ignoring us. It seems that Microsoft has finally developed a tame AI bot, although a pretty boring one. Unless sharing cat pics is your thing.
:poop: , y’all — but bare with me.
