March 19, 2019
MySpace loses 50 million songs in server migration
By Lisa Vaas
For at least a year, MySpace users have been complaining about broken links to music.
On 1 February
2018, Redditor JodiXD got a dispiriting reply from MySpace, to the effect that
there was “an issue” with all songs/videos uploaded more than three years ago.
Hang tight, should be a fix on the way, support said, though they weren’t
exactly sure when that would be. Sorry for the inconvenience!
·
Well, 13 months later, the arrival date of the fix has been determined. It is,
as MySpace said on Monday, “never.” Here’s the statement it finally put out:
As a result of a server migration project, any photos, videos, and audio files you uploaded more than three years ago may no longer be available on or from Myspace. We apologize for the inconvenience and suggest that you retain your back up copies. If you would like more information, please contact our Data Protection Officer, Dr. Jana Jentzsch at DPO@myspace.com.
Back-up copies? That’s a great idea. Unfortunately, it’s apparently not one utilized at MySpace before it does a server migration.
Read more at https://nakedsecurity.sophos.com/2019/03/19/myspace-loses-50-million-songs-in-server-migration/
Child-friendly search engines: How safe is Kiddle?
By Maria Varmazis
Every now and then the following meme does the rounds on the family-focused corners of social media. The meme/public service message encourages parents and teachers to switch children to a kid-friendly search engine called Kiddle.
Kiddle’s tagline is that it’s a “safe visual search engine for kids.” It has been around for a few years, and is certainly not the only search engine marketed as child-friendly – similar services include Kidrex.
To be clear, neither Kiddle or Kidrex are reinventing the search engine wheel, and, despite what some news stories imply, neither are owned by Google – they just use heavily customized versions of Google’s search engine under the hood, going beyond SafeSearch with the goal of making internet sleuthing as safe as possible for little ones.
In fact, Kiddle got into a little hot water a few years ago for making its search engine too exclusive, when it erased LGBT-related terms right out of existence from its search engine results pages. Kiddle soon fixed their search engine so kid-safe LGBT terms do show up in their searches.
Read more at https://nakedsecurity.sophos.com/2019/03/19/child-friendly-search-engines-how-safe-is-kiddle/
Home DNA kit company now lets users opt out of FBI data sharing
By Lisa Vaas
Update 18 March 2019
FamilyTreeDNA emailed users last week to let them know that they can now opt out of DNA matching that will be used to help police identify the remains of deceased people or to help them track down violent criminals.
It’s now calling that type of investigative DNA research Law Enforcement Matching (LEM). The gene-matching company also set up a separate process for police to upload genetic files to the database. Police-uploaded files must now be used for the purpose of identifying a dead person or the perpetrator of a homicide or sexual assault.
Those EU residents who created accounts before 12 March 2019 have been automatically opted out of LEM. They still have the option of adjusting their Matching Profiles to opt back into LEM, however. To do so, users should visit the Privacy & Sharing section within their Account Settings.
Original article, published 5 February 2019
Home DNA kit company says it’s working with the FBI
FamilyTreeDNA – one of the larger makers of at-home genealogy test kits – has disclosed that it’s been giving the FBI access to DNA profiles to help solve violent crime.
Investigators’ use of public genealogy databases is nothing new: law enforcement agencies have been using them for years. But the power of online genealogy databases to help track down and identify people became clear in April 2018, when police arrested Joseph James DeAngelo on suspicion of being the Golden State Killer: the man allegedly responsible for more than 50 rapes, 12 murders and more than 120 burglaries across the state of California during the 70s and 80s.
Read more at https://nakedsecurity.sophos.com/2019/03/18/home-dna-kit-company-says-its-working-with-the-fbi/
DARPA is working on an open source, secure e-voting system
By Danny Bradbury
The US Government is working on an electronic voting system that it hopes will prevent people from tinkering with voting machines at the polls.
Motherboard reports that the Defense Advanced Research Projects Agency (DARPA) is working with Oregon-based verifiable systems company Galois to create a voting system based on open source hardware and software.
There will be two systems, according to the report, neither of which will be offered for sale. Instead, they will serve as reference platforms for other vendors to produce more secure electronic voting machines.
The first system, which DARPA plans to bring to DefCon Voting Village this summer, will use a touch screen for voters to choose their candidates. It will then print out a paper ballot for a voter to check before depositing it into an optical scanning machine that counts the vote. That machine prints a paper receipt with a cryptographic code unique to that voter and their choices.
After all the votes have been counted, the codes will be listed on a website so that each voter can check that their votes were logged correctly.
Independent observers will also be able to count all the votes on the website and check the election results, Motherboard said.
Read more at https://nakedsecurity.sophos.com/2019/03/18/us-government-works-to-secure-electronic-voting/
Intel releases patches for code execution vulnerabilities
By Danny Bradbury
Intel released a slew of patches last week, fixing a range of vulnerabilities that could allow attackers to execute their own code on affected devices.
The chip maker released several security advisories to address the risks. One group of patched vulnerabilities affect its Converged Security and Management Engine (CSME), Server Platform Services, Trusted Execution Engine and Active Management Technology (AMT).
These are technologies that run at a very low level in the hardware stack, often underneath anti-malware software that might otherwise pick up suspicious activity. The bugs allow users to potentially escalate privileges, disclose information or cause a denial of service, Intel said.
There are 12 vulnerabilities in this group, including five marked with high severity.
Of these, only CVE-2018-12187 can be executed remotely via a network. This is a high-severity denial of service bug relying on insufficient input validation in Intel’s Active Management Technology.
Two of the other high-severity bugs rely on local access, which is tied to read/write/execute capabilities. In practice, this means that the attacker has to be logged into the machine, or that the user must be persuaded to interact with a malicious file.
These bugs are CVE-2018-12190, which lets an attacker potentially execute arbitrary code via insufficient input validation in CSME. CVE-2018-12200 could allow privilege escalation via insufficient access control in the Intel Capability Licensing Service.
Read more at https://nakedsecurity.sophos.com/2019/03/18/intel-patches-a-gaggle-of-flaws-allowing-for-code-execution/