Featured: Privacy News Online – Week of November 20th, 2020
Proposed FTC settlement is a disservice to Zoom customers, says Commissioner
The FTC has released its proposed settlement with Zoom over the video conferencing company’s false claims of offering end-to-end encrypted services. The settlement doesn’t require Zoom to pay any recompense to customers, and has been blasted as being nothing more than a slap on the wrist and a disservice to Zoom customers by two of the FTC’s five commissioners – Commissioner Rohit Chopra and Commissioner Kelly Slaughter.
How privacy activists are fighting on multiple fronts to strengthen EU privacy laws that will have a global impact
The same way that the US seems to be leading the world in privacy invading technologies, the EU seems to be leading the world in reining in technology use via privacy laws. The battle is ongoing and being lead by figureheads such as Max Schrems and Johnny Ryans and battling such privacy violating tech as real time bidding (RTB). Their respective cases are slowly but surely moving forward and if RTB can be struck down, we’ll have privacy activists to thank for it.
More Privacy News This Week:
Microsoft urges users to stop using phone-based multi-factor authentication
In a new blogpost on Microsoft’s blog, Alex Weinert – Director of Identity Security – has urged users to stop using SMS and call based multi-factor authentication. These types of multi-factor authentication can be overcome by a dedicated attacker who could use methods like porting your phone to take over the number. Instead, Microsoft urges the use of multi-factor authentication apps.
Mysterious Bugs Were Used to Hack iPhones and Android Phones and No One Will Talk About It
Google’s team of elite hackers have revealed that several different zero day vulnerabilities have actively been used in the wild to hack Chrome, Android, Windows, and iOS devices. In the past, this level of zero day use has usually been attributed to government hackers, though Google is remaining tight lipped this time around. The exploits used escalating vulnerabilities to eventually take control of the user’s device. Patches have been released – even on older devices – which suggests the exploits were indeed serious.
DNS cache poisoning, the Internet attack from 2008, is back from the dead
A new side channel attack has been found on the Domain Name System (DNS) which revives an older attack called DNS cache poisoning original detailed by Dan Kaminsky in 2008. The attack involves getting DNS resolvers to send users to spoofed IP addresses – basically sending them to a fake website instead of the one they typed into their browser. Fixes have been released by DNS providers as well as Linux.
Brought to you by Private Internet Access
Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.
Special thanks to Intego
Thank you to Josh Long, our cybersecurity correspondent from Intego, makers of award-winning security software.
The post Privacy News Online | Weekly Review: November 20, 2020 appeared first on Privacy News Online by Private Internet Access VPN.