How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it’s December of 2018, To Hell with it, Just patch your stuff already!
- Taylor Swift Used Facial Recognition to Thwart Stalkers – According to Rolling Stone, a facial-recognition camera was hidden inside a kiosk playing clips of Swift from rehearsals. As fans approached the kiosk to watch, the camera would stealthily snap their photo. Those images were then compared to a database of Swift’s known stalkers.”Despite the obvious privacy concerns—for starters, who owns those pictures of concertgoers and how long can they be kept on file?—the use of facial-recognition technology is on the rise at stadiums and arenas,” the report notes. Ticketmaster, for instance, recently invested in Austin, Texas-based facial recognition startup Blink Identity, which says its technology can identify 60 people a minute walking at full speed past a sensor, meaning paper and digital tickets may soon be a thing of the past. The same tech can be used throughout a venue to allow concertgoers to purchase drinks, snacks, and merchandise.
- Unlocking Android phones with a 3D-printed head – Rather worryingly (if someone has managed to make a 3D-printed version of your head), all four Android phones were duped into thinking they were looking at the real Tom. Only the iPhone X wasn’t duped. It’s certainly impressive to see Apple’s iPhone X not be tricked by Thomas Brewster’s fake head, and it may surprise owners of Android smartphones who have had at best mixed experiences with facial recognition.
- New Australian Backdoor Law
- Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command – Oops: The issue, tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS. The vulnerability exists due to PolicyKit’s improper validation of permission requests for any low-privileged user with UID greater than INT_MAX. Where, INT_MAX is a constant in computer programming that defines what maximum value an integer variable can store, which equals to 2147483647 (in hexadecimal 0x7FFFFFFF). So it means, if you create a user account on affected Linux systems with any UID greater than INT_MAX value, the PolicyKit component will allow you to execute any systemctl command successfully.
- Humble Bundle Breach Could Be First Step In Wider Attack
- OpSec Mistake Brings Down Network Of Dark Web Money Counterfeiter – Encrypt everything: A source knowledgeable of the case’s details told ZDNet today that the suspect had failed to protect his operation’s business transactions with proper encryption. While the suspect used cryptocurrency to receive payments, he still kept a list of mailing addresses where he sent packages containing the counterfeit banknotes.
- It’s December Of 2018 And, To Hell With It, Just Patch Your Stuff – The gift that keeps giving, vulnerabilities: Microsoft, Adobe, and SAP are finishing up the year with a flurry of activity, combining to patch more than 140 CVE-listed security flaws between them.
- Ethical Hacking Growing In Popularity At Data Breaches Increase
- UK Whitehats Blacklisted By Cisco Talos
- Worst password offenders of 2018 exposed
- Education Gets an ‘F’ for Cybersecurity
- Grammarly Launches Public Bug Bounty Program
- WordPress Releases Security Update
Follow us on Twitter: https://www.twitter.com/securityweekly