Category Archives: Security Theater

“The Decline and Fall of the Zuckerberg Empire”

http://nymag.com/intelligencer/2018/11/the-decline-and-fall-of-the-zuckerberg-empire.html

A 6,000-word report published in the New York Times last week disclosed in humiliating detailthe lengths to which Facebook has gone to protect its dominance and attack its critics. As various interlocking crises concerning hate speech, misinformation, and data privacy widened, top executives ignored, and then kept secret, evidence that the platform had become a vector for misinformation campaigns

(…)
Over the past year, I’ve spent time trying to wean myself off tech mega-platforms, generally with little success. Google’s search, for all my complaints, is still the best way for me to navigate the internet; Amazon is still so unbelievably convenient that the thought of quitting it exhausts me. But I logged out of Facebook more than a year ago and have logged back in fewer than a dozen times since. Checking Facebook had been a daily habit, but it also hadn’t improved my life or made itself necessary. Not many Roman plebes would have said that about the Pax Romana. Some empires fall because they’re invaded from the outside or rot from within. Zuckerberg’s could be the first in history to collapse simply because its citizens logged out.

Why do we get such stupid ads? Because it’s only a numbers’ game…

Newco Shift : Dear Advertising Industry: Please Do Better. You’re Killing the Open Web. … :

Let’s apply that reality to our robe example. Let’s say the robe costs $60, and yields a $20 profit for our e-commerce advertiser, not including marketing costs. That means that same advertiser is can spend upwards of $19.99 per unit on advertising (more, if a robe purchaser turns out to be a “big basket” e-commerce spender).  So what does our advertiser do? Well, they set a retargeting campaign aimed anyone who ever visited our erstwhile robe’s page.  With CPMs averaging around a buck, that robe’s going to follow nearly 20,000 folks around the internet, hoping that just one  of them converts.

Instagram stored your password in plain text…

 Nice: Looks like Instagram is trying to compete with Linkedin in terms of password in-security: Instagram accidentally exposed some user passwords through its data download tool – The Verge … :

According to Instagram, some users who used that feature had their passwords included in a URL in their web browser, and that the passwords were stored on Facebook’s servers, Instagram’s parent company. A security researcher told The Information that this would only be possible if Instagram stores its passwords in plain text, which could be a larger and concerning security issue for the company. An Instagram spokesperson disputed this, saying that the company hashes and salts its stored passwords.

This is the end… when the sun makes sea mines detonate (Vietnam stories)

A Powerful Solar Storm Likely Detonated Dozens of U.S. Sea Mines During the Vietnam War

“An analysis of recently declassified U.S. military documents confirms suspicions that, during the late stages of the Vietnam War, a powerful solar storm caused dozens of sea mines to explode. It’s a stark reminder of the Sun’s potential to disrupt our technological activities in unexpected ways. As part of Operation Pocket Money, the U.S. Navy planted a series of Destructor sea mines near strategic ports off the coast of North Vietnam. A few weeks later, on August 4, 1972, crew members aboard U.S. Task Force 77 aircraft suddenly observed a batch of explosions south of Hai Phong. In all, some 20 to 30 explosions were documented in just 30 seconds. Another 25 to 30 patches of muddy water were also observed, indicative of further explosions.”

CVE-2018-5407 “Portsmash”: New Intel CPU vulnerability helps steal data from encrypted content

… : New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data … :

“A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed, and Foreshadow.”