Microsoft may still be violating privacy rules, says Dutch regulator

By Lisa Vaas

After the privacy hell-hole that was Windows 10 circa 2017-ish, you’re doing better, the Dutch Data Protection Authority (DPA) told Microsoft on Tuesday, but you still aren’t legally kosher, privacy-wise.

A very quick recap: Users howled. Regulators scowled. Microsoft tweaked in 2017. The DPA investigated those tweaks. The upshot of its investigation: the DPA has asked the Irish privacy regulator – the Irish Data Protection Commission, DPC – to re-investigate the privacy of Windows users.

What a long, strange privacy trip it’s been

A recap with more flesh on its bones: in 2015, Microsoft released Windows 10. From the get-go, France’s privacy watchdog – the National Data Protection Commission (CNIL) – had concerns about the operating system’s processing of personal data through telemetry.

Window 10’s release had sparked a storm of controversy over privacy: Concerns rose over the Wi-Fi password sharing feature, Microsoft’s plans to keep people from running counterfeit software, the inability to opt out of security updates, weekly dossiers sent to parents on their kids’ online activity, and the fact that Windows 10 by default was sharing a lot of users’ personal information – contacts, calendar details, text and touch input, location data, and more – with Microsoft’s servers.

After conducting tests, CNIL determined that there were plenty of reasons to think that Microsoft wasn’t compliant with the French Data Protection Act. In July 2016, it gave Microsoft three months to fix Windows 10 security and privacy.

Read more at https://nakedsecurity.sophos.com/2019/08/29/microsoft-may-still-be-violating-privacy-rules-says-dutch-regulator/

Emergency iOS patch fixes jailbreaking flaw for second time

By John E Dunn

With iOS 13 nearing release, Apple users perhaps thought they were done with iOS 12 updates for good.

If so, they were wrong. On 26 August 2019, another update was released for the four-week-old iOS 12.4 in the form of iOS 12.4.1.

Apple doesn’t describe this as an ‘emergency’ patch – though as it addresses a serious vulnerability, it’s hard to interpret it as being anything else.

Why the rush? This is where it gets awkward for Apple. Version 12.4.1 closes a jailbreaking hole, which we delved into in some detail last week.

The short version

Originally patched in iOS 12.3 in May 2019 after being revealed by Google Project Zero researcher Ned Williamson as the ‘Sock Puppet’ exploit (CVE-2019-8605), the arrival of iOS 12.4 in July inadvertently undid that fix.

A researcher known as Pwn20wnd subsequently released a follow-up jailbreak exploit dubbed ‘unc0ver’ on 18 August 2019 which jailbroke some Apple iOS devices.

In other words, Apple fixed the flaw, accidentally unfixed it, and with the appearance of a jailbreak had to rush out iOS 12.4.1 to re-fix it for a second time.

Read more at https://nakedsecurity.sophos.com/2019/08/28/emergency-ios-patch-fixes-jailbreaking-flaw-for-second-time/

Video captures glitching Mississippi voting machines flipping votes

By Lisa Vaas

“It is not letting me vote for who I want to vote for,” a Mississippi voter said in a video that shows him repeatedly pushing a button on an electronic touch-screen voting machine that keeps switching his vote to another candidate.

On Tuesday morning, the date of Mississippi’s Republican primary election for governor, the video was posted to Twitter…

…and to Facebook by user Sally Kate Walker, who wrote this as a caption:

Ummmm … seems legit, Mississippi.

Walker said in a comment that the incident happened in Oxford, Miss., in Lafayette County. A local paper, the Clarion Ledger, reported that as of Tuesday night, there were at least three reports confirmed by state elections officials of voting machines in two counties changing voters’ selections in the state’s GOP governor primary runoff.

The machines were switching voters’ selections from Bill Waller Jr.- a former Supreme Court Chief justice – to Lt. Gov. Tate Reeves. Waller’s campaign told the Clarion Ledger it also received reports of misbehaving voter machines in at least seven other counties.

Read more at https://nakedsecurity.sophos.com/2019/08/29/video-captures-glitching-mississippi-voting-machines-flipping-votes/