Social media scraping app Predictim banned by Facebook and Twitter

By Lisa Vaas

Employers get turned off by a lot of things they find out about potential hires on social media: provocative material, posts about drinking or using drugs, racist/sexist/religiously intolerant posts, badmouthing others, lying about qualifications, poor communication skills, criminal behavior, or sharing of confidential information from a previous employer, to name just a few.

We should all take for granted, then, that nowadays our social media posts are being scrutinized. That also goes for those of us whose prefrontal cortexes are currently a pile of still-forming gelatin: namely, children and teenagers.

In fact, there’s an artificial intelligence (AI) app for scraping up the goo that those kids’ emotional, impulsive, amygdala-dominant brains fling online: it’s called Predictim, and it’s funded by the University of California at Berkeley’s Skydeck accelerator. Predictim analyzes Facebook, Instagram, and Twitter accounts to assign a “risk rating” from a scale of 1 to 5, offering to predict whether babysitters or dogwalkers might be bad influences or even dangerous.

You can sympathize with its clientele: Predictim features case studies about abusive babysitters that have caused fatal or near-fatal injuries to the children in their charge. Simple background checks or word-of-mouth references won’t necessarily pick up on the risk factors that its report spotlights, the company says, which include evidence of bullying or harassment, drug abuse, disrespectful or discourteous behavior, or posting of explicit content.

Read more at https://nakedsecurity.sophos.com/2018/11/28/social-media-scraping-app-predictim-banned-by-facebook-and-twitter/

‘Grinch bots’ are ruining holiday shopping. Lawmakers hit back

By Danny Bradbury

US legislators have introduced a bill to stop bad bots from buying up all the hot holiday toys in bulk and then gouging parents by reselling them at exorbitant prices.

Bots are automated scripts and programs that can be used for good or bad: the good ones do useful things such as crawl the web, and they’re also used on social media to generate everything from poems to memes to self-care reminders to randomly generated awesomeness.

Then there are the bad bots: like, the ones that snatch up all the Super Nintendo and Barbie products before you can even log into an e-commerce site.

Fittingly enough, the Stopping Grinch Bots Act of 2018 was announced on Black Friday.

The bicameral bill comes from US Senators Tom Udall, Richard Blumenthal, and Chuck Schumer, along with US Representative Paul Tonko. Udall said in a press release that resellers are gaming the system with bots that snatch up toys and highly discounted products to sell at “outrageously inflated markups,” all “with a few keystrokes,” and often before any human has managed to even put an item into their online shopping cart.

These Grinch bots let scammers sneak down the proverbial chimneys of online retailers and scoop up the hottest products before regular Americans can even log on – and then turn around and sell them at outrageously inflated prices. That’s just not how the marketplace is supposed to work.

The bot problem is just one example of how consumers get preyed on when they venture online, Udall said. Bots enable “unscrupulous” scammers to game the system and “steal hard-earned money from Americans who have saved up just to buy gifts for their family and friends during the holiday season,” he said.

Read more at https://nakedsecurity.sophos.com/2018/11/28/grinch-bots-are-ruining-holiday-shopping-lawmakers-hit-back/

Microsoft patches Patch Tuesday’s Outlook 2010 problem patch

By Danny Bradbury

Just what is going on over in Redmond? Just weeks after issuing a Windows 10 patch of doom that started deleting users’ precious files, Microsoft ‘fixed’ Outlook 2010 with a November Patch Tuesday update that promptly borked it.

On 13 November, Microsoft released a security update, KB4461529, which fixed four security vulnerabilities. These flaws could allow remote code execution if a user opened a specially crafted Office file, it said. KB4461529 solved this problem for the .msi 64-bit version of Outlook 2010 in the worst way by simply having the program not run at all. It crashed Outlook at startup.

Microsoft advised users not to uninstall the patch. Instead, it suggested they use Outlook Web Access until the problem was resolved. In the meantime, it wrote a second patch which it sent scurrying after the first on 21 November. KB4461585 will fix the crashing problem, it said.

This wasn’t the first Outlook 2010 patch problem for Microsoft users this month. On 6 November it released updates KB2863821 and KB4461522, which fixed the program’s Japanese calendar to support new ‘eras’. These patches also caused Access to crash on startup in some cases, it warned. It removed them.

The Japanese calendar inherited the idea of eras from China in the eighth century. Eras punctuate an emperor’s reign or some other major event. You only get a new one every few years, which is how many Windows users probably wish Microsoft would schedule its software patches right about now.

Read more at https://nakedsecurity.sophos.com/2018/11/27/microsoft-patches-patch-tuesdays-outlook-2010-problem-patch/

Google Maps scammers put their own phone numbers onto bank listings

By Lisa Vaas

Google Maps lets users edit and update listings: crowd-sourcing that’s helped Google to fill in the details of its maps, such as adding new roads or parks: a helpful feature, particularly in areas where governments restrict distribution of such data or in what are often less-developed regions.

Some of the results have been giggle-worthy, even though they involve deceptive practices that we don’t endorse, such as sock puppetry that lets the pranksters create fake accounts that they then use to approve their own pranks.

For example, we’ve seen Google Maps depict the Android mascot robot peeing onto the Apple logo, and a giant cat that sprawled over Auckland’s Hobson Bay Walkway.

Besides graphic hijinks, we’ve also seen user-generated content that’s involved changing the details of an address: for example, Google Maps at one point was induced to display a snowboarding shop called Edwards Snow Den, located at 1600 Pennsylvania Avenue: an address otherwise known as the White House.

Unfortunately, the same mechanisms by which Google enables users to make useful or amusing edits to Google Maps is now being used by crooks. On Sunday, Business Insider reported that scammers are tweaking Google Maps to trick people into giving up their bank details.

Read more at https://nakedsecurity.sophos.com/2018/11/27/google-maps-scammers-put-their-own-phone-numbers-onto-bank-listings/

LinkedIn rapped for targeting ads at 18 million Facebook users

By John E Dunn

During the first half of 2018, LinkedIn US came up with the idea to buy Facebook ads targeted to the owners of 18 million email addresses.

This was done discreetly by uploading hashed versions of the email addresses, which were presumably matched to the same hashes spotted among Facebook’s user base.

We don’t know how successful the campaign was, but with the publication of a report by Ireland’s Data Protection Commissioner (DPC) last week we do know that LinkedIn has been publicly rebuked for doing it at all.

What upset the Irish: none of the 18 million email addresses were those of LinkedIn users.

How did a LinkedIn US campaign come to the attention of Ireland’s data commissioner in the first place?

Where did LinkedIn get hold of email addresses for 18 million non-LinkedIn users?

Unravelling the answers to these questions starts with a complaint the DPC says it received in 2017 from one of those 18 million people who objected to being targeted by LinkedIn, which has its EU headquarters in Ireland.

Read more at https://nakedsecurity.sophos.com/2018/11/27/linkedin-rapped-for-targeting-ads-at-18-million-facebook-users/

Parents slam “weirdo” fraudsters for using child’s Facebook pic for cash

By Lisa Vaas

Did you see that viral post showing an adorably glowering kid posing for his school portrait last week? He’s got his hands in the pockets of his pink pants in one photo, he’s sitting in front of a container full of fake grass in another, and he’s just staring balefully straight at the camera in a third.

So what’s with the sour face? Does he hate pink? Did he get teased?

No, said “El Prive,” there’s nothing wrong with his “son.” It’s just that he ate the last Pop-Tart, and the boy said he’d never smile again. And, of course, #poptartforeverfund #cashapp $bandobill.

#SimplyAdorbs! Within two days, the post was reportedly shared more than 156K times and had garnered well over 40K comments.

…And then the boy’s real parents weighed in. Last Monday, the lad’s mom put up a post saying – Hey, #ThatIsn’tYourSon and #Don’tUseOurSonForLikesOrMoney.

And thus was set off Pop-Tart-gate.

A woman named Tantarnea Arnold who goes by the name of LaShunta on Facebook posted about El Prive – who the Daily Mail identified as Bill Muhammad and whose Facebook page identifies as Bandobill™:

Read more at https://nakedsecurity.sophos.com/2018/11/27/parents-slam-weirdo-fraudsters-for-using-childs-facebook-pic-for-cash/

That Black Mirror episode with the social ratings? It’s happening IRL

By Lisa Vaas

What do you get when you cross the worst aspects of social media, people’s actual lives and giant, centralized databases?

The outcomes are already playing out. Certain cities in China have been piloting the country’s social credit score system – a system that’s due to be fully up and running by 2020, according to a plan posted on the Beijing municipal government’s website on Monday (the plan is dated 18 July).

One of the many repercussions of such a system is that people get blacklisted for not paying off their debts when a court thinks they’re capable of doing so, regardless of what the debtor says.

The ID photos, names and numbers of blacklisted people are displayed on billboards throughout the city, and they’re then barred from booking flights or high-speed trains (considered “luxury” travel) and blocked from staying in hotels. By the end of May, people with bad credit in China had been blocked from booking more than 11 million flights and 4 million high-speed train trips, according to the National Development and Reform Commission.

Read more at https://nakedsecurity.sophos.com/2018/11/26/that-black-mirror-episode-with-the-social-ratings-its-happening-irl/