BNN Bloomberg: Google’s ‘wi-spy’ settlement draws objection from 9 states

BNN Bloomberg: Google’s ‘wi-spy’ settlement draws objection from 9 states. “Attorneys general from nine states urged a federal judge to toss out Google’s US$13 million settlement of a class-action lawsuit blaming its Street View mapping technology for a massive violation of consumer privacy.”

The Register: No big deal, Rogers, your internal source code and keys are only on the open web. Don’t hurry to take it down

The Register: No big deal, Rogers, your internal source code and keys are only on the open web. Don’t hurry to take it down. “Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian telecoms giant Rogers have been found sitting on the open internet.”

Decipher: New Tool Detects Indicators Of Compromise For Citrix Systems

Decipher: New Tool Detects Indicators Of Compromise For Citrix Systems. “The new tool scans affected systems to look for known indicators of compromise that have emerged from exploitation attempts seen in the wild. The scanner works on several versions of the Citrix ADC and Gateway, including 11.1, 12.0, 12.1, 10.5, and 13.0. Citrix is releasing permanent patches for the vulnerability over the course of this week, and already has pushed out fixes for versions 11.1 and 12.0. Patches for the other affected versions are scheduled for release on Jan. 24.”

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7. “At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674) being actively exploited, but for Windows 7 users the vulnerability was exposed right after their operating system reached the end of its life. Even for users of newer versions of Windows, and despite the severity of the security flaw, Microsoft said it would not be releasing a patch until February. Stepping in to plug the gap comes 0patch with a free micropatch for all versions of Windows affected by the vulnerability.” Third party patches make me wary (this is not because of 0patch, but just in general) but if you don’t want to wait until February…

Engadget: Microsoft accidently exposed 250 million customer service records

Engadget: Microsoft accidently exposed 250 million customer service records. “While most people were out celebrating the start of a new year, Microsoft’s security teams were working overtime to close a potentially enormous security loophole. On Thursday, the company disclosed a database error that temporarily left approximately 250 million customer service and support records accessible to anyone with a web browser.”

CNET: Google finds Apple Safari anti-tracking feature actually enabled tracking

CNET: Google finds Apple Safari anti-tracking feature actually enabled tracking. “Apple focuses on privacy protections as a major selling point for its products, but a feature designed to protect your privacy when using its Safari browser also created vulnerabilities that put your data and privacy at risk, Google researchers have found.”

The Hill: Supreme Court declines to hear Facebook facial recognition case

The Hill: Supreme Court declines to hear Facebook facial recognition case. “The Supreme Court on Tuesday declined to take up a high-profile court battle over whether users can sue Facebook for using facial recognition technology on their photos without proper consent. The high court rejected Facebook’s bid to review the case, meaning the social media giant will likely have to face the multibillion-dollar class-action lawsuit over whether it violated an Illinois privacy law.”