Encrypted Medical Record Databases Can Leak Data

Apparently even encrypted medical record databases can leak information. “The paper, due to be presented at the ACM Conference on Computer and Communications Security next month, shows how sensitive medical information on patients could be pilfered using four different attacks. Researchers discovered the sex, race, age and admission information, among other data, using real patient records from 200 U.S. hospitals.”

Spotify Revamps Its Horrible Privacy Policy

After some controversy, Spotify is revamping its privacy policy with “plain language”. “Spotify has now made good on its promise to rewrite the controversial update to its privacy policy, which incurred a bit of backlash thanks to its vague language and requests to collect all sorts of personal data, including things like contacts, photos, and media files stored on users’ devices as well as location data and Facebook ‘likes’ and posts. “

Tech Heavies Want Royalty-Free Video Codecs

Several tech heavvies want royalty-free video codecs. “Microsoft, Google, Mozilla, Cisco, Intel, Netflix, and Amazon today launched a new consortium, the Alliance for Open Media. The group plans to develop next-generation media formats—including audio and still images, but with video as the top priority—and deliver them as royalty-free open source, suitable for both commercial and noncommercial content.”

Google Investigated in India Over Search Result Complaints

Google is being investigated in India for complaints about rigging search results. “Google is being investigated by the Competition Commission of India (CCI) after the agency received complaints that the search giant abused its dominant market position and rigged search results, reports The Economic Times. If found guilty, Google could face a fine of up to 10 percent of its income; the company posted a net income of more than $14 billion in 2014.”

Google Rebuts EU Antitrust Charges

Google has rejected EU antitrust charges. “Google on Thursday rejected claims from the European Union’s top antitrust official that the company favored some of its own search results over those of rivals, saying there was significant competition in the region’s online search market and that the company’s services increased choice for local consumers.”

Flash Ads Will Get Frozen in Chrome

No, not that Frozen. Flash ads will get a big freeze in Google Chrome. “The web giant has set September 1, 2015 as the date from which non-important Flash files will be click-to-play in the browser by default – effectively freezing out “many” Flash ads in the process. Netizens can right-click over the security-challenged plugin and select “Run this” if they want to unfreeze an ad. Otherwise, the Flash files will remain suspended in a grey box, unable to cause any harm nor any annoyance.”

Facebook To Crack Down on Video Copyright Violations

Facebook is going to be cracking down more on video copyright violations. “Facebook has been under fire lately from top Web video creators who have called out the social networking giant for failing to prevent people from posting their videos without permission. Now, Facebook is trying to make it easier for some of these creators to protect their content, particularly when videos go viral.”

Maybe You Ought Not Trust Your Fridge With Your GMail Password

I know I’m in the 21st century because I have to worry about my fridge leaking my password. “While Samsung’s shiny new refrigerators connect to the Internet, can display your Google Calendar and implement SSL, hackers during a challenge at the recent DEFCON found the refrigerators fail to validate those SSL certificates. That opens the door to all kinds of man-in-the-middle attacks, potentially allowing your neighbor to steal your Gmail login information while sitting on his couch next door….”

IE Security Hole Being Exploited in the Wild

A recently-patched IE exploit is being used in the wild. Make sure your patches are up to date! “When it released the emergency patch for the memory corruption flaw (CVE-2015-2502) on August 18, Microsoft warned that the weakness had been exploited in the wild. One day after the remote code execution vulnerability was addressed, security firms Heimdal Security and Symantec reported seeing watering hole attacks in which malicious actors leveraged the bug to deliver the PlugX remote access Trojan (RAT), also known as Korplug.”

Android Lock Patterns Suffer from Similarity Problem

We’ve been warned ten thousand times about common passwords. But what about common Android Lock Patterns (ALPs)? “The Tic-Tac-Toe-style patterns, it turns out, frequently adhere to their own sets of predictable rules and often possess only a fraction of the complexity they’re capable of. The research is in its infancy since Android lock Patterns (ALPs) are so new and the number of collected real-world-patterns is comparatively miniscule. Still, the predictability suggests the patterns could one day be subject to the same sorts of intensive attacks that regularly visit passwords.”

Microsoft Revealing Less in Non-Security Patches

First Microsoft stopped giving the heads-up on Windows patch releases. Now it’s not talking as much about what’s in the patches. “Microsoft has now released three cumulative updates for Windows 10. These updates combine security fixes with non-security bug fixes, and so far, Microsoft hasn’t done a very good job of describing the contents of these cumulative updates. While the security content is quite fully described, explanations of the non-security fixes have been lacking.”