Weekly Axis Of Easy #45
In this issue:
- Krebs: Don’t give up historical info about yourself online
- Drupalgeddon2 critical patch update
- Largest Black Lives Matter page on Facebook is actually fake
- Google’s dossier on you is much larger than Facebook’s
- YouTube illegally collects data on children
- Wozniak deletes his Facebook page
- Apple to kill iTunes downloads
Security journalist Brian Krebs reminds his readers that all of those silly social media quizzes (“Which kind of vegetable are you? Take this quiz to find out!”) in which you furnish seemingly innocuous personal details about yourself and your personal history are at best data harvesting schemes (harvesting your data). At worst, they are security holes, in the wrong hands, those answers could be used to unlock account recovery processes on other web systems you use.
Recall a couple issues back we reported that the Drupal team had disclosed a critical vulnerability that could allow remote code execution and site takeover. There have now been Proof-of-Concept exploits released and with that, almost certainly malware exploits. There is a Drupal project (non-sanctioned by the Drupal team) that purports to detect if an unpatched site has been compromised, Drupal advises that if you still are running a vulnerable version to simply assume you’ve been compromised and go into clean-up mode.
Checkpoint researchers have released an in-depth study of “Drupalgeddon 2”.
Move over #fakenews, Facebook also has a problem with fake social justice. It was revealed last week that Facebook’s largest “Black Lives Matter” page, which has more than twice the number of followers than the real BLM page and has taken in over $100,000 in “donations” is fake and is actually run by some white Aussie bloke. The page continued to operate for weeks after being reported as fake to Facebook and was only suspended after the user account which runs the page was suspended in a separate action.
In case you feel outraged and violated by recent revelations that you’ve been harvested, data-mined, aggregated and sold (not to mention psychologically manipulated) by Facebook, don’t relax yet – as it is pointed out that Google’s data hoard on you is far larger and more pervasive. This makes sense and vividly apparent simply by logging into your Google activity page. I randomly put in a date window from a few years ago just to see what the hell I was up to back in the day, and marveled at the granularity, the specificity, the convenience of seeing this data point outline of my entire life laid out right in front of my eyes. It even shows web beacons and tracker pixels that were present on the various sites I visited. It is also very creepy.
The easiest way to build a huge dossier on us all is to start young and commence collecting data from children. To quote The Guardian article, “A coalition of 23 child advocacy, consumer and privacy groups have filed a complaint with the US Federal Trade Commission alleging that Google is violating child protection laws by collecting personal data of and advertising to those aged under 13”. The coalition alleges that Google tracks children across a multitude of sites and is willfully blind to the reality that YouTube is the most popular site for kids.
Apple co-founder Steve “iWoz” Wozniak has deleted his Facebook page saying that overall, his presence on the social network has been more negative than positive for him and observes that with Facebook and Google “you are the product”.
Speaking of Apple, Toronto musicologist Alan Cross reports on how the company plans to eliminate iTunes downloads, taking away the option to buy discrete tracks of music which are then yours. Instead the company wants to push everybody to the subscription model, where one has to stream tracks instead of downloading and owning them. This can be a problem for DJs, podcasters, not to mention anybody who actually likes to be able to own what they pay for. From my limited exposure to the industry as a failed musician I can also report that streaming produces much low