Etsy (!) Issues Transparency Report

What’s the latest company on the transparency report bus? Why, it’s Etsy! “You may notice our report is different than the reports that others have issued. That’s because we want any insights and context we share to reflect Etsy’s unique marketplace, community and mission. We’re not only including information about requests for member information and intellectual property takedowns — which are both generally associated with transparency reporting — but we’re also providing insight into how we strive to keep our marketplace a reliable, trustworthy place to shop and do business as well as how we offer protection to buyers and sellers.”

Windows XP Support Is Officially Done

Unless you’re the US Navy or some similarly exceptional organization, Windows XP support is officially done. “Keeping to its word, Microsoft ended security support for existing Microsoft Security Essentials customers running Windows XP, a little more than a year after support officially ended April 8, 2014. Microsoft said last year that signatures and updates for Microsoft Security Essentials would continue for a limited time, and the Microsoft Malicious Software Removal Tool would also be available for XP users for a limited time.”

Wikimedia Foundation Releases Third Transparency Report

The Wikimedia Foundation has released its third transparency report. “In August 2014, we published our first transparency report, which detailed the number of requests we received to disclose user data or alter or remove content from the Wikimedia projects between July 2012 and June 2014. We updated the report in April 2015 with new data, real-life examples of the types of requests we receive, and additional categories such as “voluntary disclosures” and “right to be forgotten” requests. We are happy to continue this tradition with our latest update, covering January to June 2015. During this time, we received 234 alteration or takedown requests and 23 user data requests, none of which we granted.”

OPM Launches Resource Site After Hacking

The US Office of Personnel Management is launching an information site after the recent hacking of over 21 million social security numbers and other data. “Today, OPM launched a new, online incident resource center at https://www.opm.gov/cybersecurity to offer information regarding the OPM incidents as well as direct individuals to materials, training, and useful information on best practices to secure data, protect against identity theft, and stay safe online. This resource site will be regularly updated with the most recent information about both the personnel records and background investigation incidents, responses to frequently asked questions, and tools that can help guard against emerging cyber threats, officials said. A call center will follow in the weeks to come, they added.”

Chrome Starts Blocking Major Torrent Sites

Chrome has started blocking major torrent sites. “Over the past few hours the browser has started to block access to several of the most popular torrent sites including KickassTorrents, Torrentz, ExtraTorrent and RARBG. Instead of a page filled with the latest torrents, visitors are presented with an ominous red warning banner.” Unfortunately the story does not, at this writing, have any comment from Google.

Yet Another Flash Zero-Day

Eeesh. There’s a new Flash zero-day out there — please make sure you’re all patched up! “Hacking Team specializes in surveillance software which it resells to various governments around the world, and in particular to some oppressive regimes, a major issue that has activists outraged. The data stolen from the firm contains several gigabytes worth of exploits, malware and other very sensitive information. Among them, a new Flash Player zero day affecting Flash Player up to version 18.0.0.194 was found and is making headlines.”

Amazon Sued Over Its Search Results

Amazon is being taken to court over its search results. “Just like how Google has faced criticisms for the way it displays its search results, it seems that this is an issue that Amazon has run into as well, so much so that they’re being taken to court over the way the company displays its search results for products. The company taking Amazon to court is MTM, a watchmaker known for their ‘Military’ watches.” I had wondered about that, like sometimes when you search for certain authors, you’ll get book results that are not that author at all, aren’t anywhere close to the author’s name, etc.

Keyword Stuffing With PDF Documents

Sneaky black hat SEO: Using PDF documents to keyword stuff. “Always refining its search algorithms, Google is constantly on the lookout for new methods that attackers and unscrupulous search engine optimization (SEO) practitioners use to manipulate its system to gain higher search rankings. The practice of ‘cloaking’ to fool Google’s page indexer has been known for a while. It’s a method of serving the Googlebot with content stuffed with keywords to mislead it into thinking a site is relevant to trending search terms.” Apparently with Google focusing so much on HTML-type pages, bad guys are now looking at exploiting PDFs.

Washington Post Starts Encrypting Part of Its Site

The Washington Post has begun encrypting part of their Web site. “The Washington Post will begin encrypting parts of its Web site Tuesday, making it more difficult for hackers, government agencies and others to track the reading habits of people who visit the site. The added security will immediately apply to The Post’s homepage as well as stories on the site’s national security page and the technology policy blog The Switch. The encryption will roll out to the rest of the site over the coming months.”

Medium Letting Users Log In Without Passwords

Blogging site Medium wants you to be able to log in without a password. “Instead, users will be able to enter in an email address, then click a link sent to them in order to sign in to the site. Previously, the company allowed its users to sign in using their Twitter or Facebook credentials, but it received feedback from many who said they wanted an option to use Medium without having to authenticate with their social networking credentials. Or, in some cases, users said they didn’t have a Facebook or Twitter account, and didn’t want to create one just to use Medium.”

NoScript Browser Extension Has Security Issue

Do you use NoScript to keep Firefox secure? If you do, you need to update it immediately – it has a serious security vulnerability. “The attack works because NoScript has a limited whitelist of trusted domains, allowing the host browser to load commonly-used tools from certain content delivery networks like googleapis.com. This feature tries to preserve websites’ functionality while simultaneously blocking any potentially malicious code.”

Supreme Court Will Not Hear Oracle v. Google

The Supreme Court has refused to hear Oracle v. Google. “The Supreme Court has declined to hear Oracle v. Google, sending the long-running case back to a lower court where Google will have to argue that it made fair use of Oracle’s copyrighted APIs. This has been a closely watched case, as the final decision could have a major impact on software development; a ruling in favor of Oracle, the Electronic Frontier Foundation says, could give certain tech firms ‘unprecedented and dangerous power’ over developers by making it substantially more difficult for upstarts to create new software. That’ll be the case unless fair use laws turn out to protect the use of APIs.

Exploit Kits for Flash Vulnerabilities Floating Around

Make sure you have your Flash patched up, there are some exploit kits floating around. “French researcher Kafeine said on Sunday that a sample he encountered was dropping two instances of Cryptowall ransomware against a Windows 7 computer running Internet Explorer 11. Cryptowall is a strain of ransomware that encrypts files on a victim’s computer and demands a ransom, generally paid in Bitcoin.”

BBC Publishes List of “Right to Be Forgotten” Removed Links

The BBC has published a list of stories removed from Google’s search results because of the “right to be forgotten”. It’ll be updated regularly. “The stories in the list stretch from news items about a woman who was found guilty of spiking drinks with rohypnol and a dispute about a lost dog, to a page where BBC readers discussed their male anatomy under their real names. [Neil] McIntosh was careful to note in his blog that the BBC does not know, or publish details about who requested the story be removed on Google.”