Why everyone is so convinced Facebook is spying on their conversations

Bipul Lama believes Facebook is spying on him.

And he’s got proof, sort of. Lama performed a test. For two days, all he talked about was Kit-Kats.

“The next day, all I saw on my Instagram and Facebook were Kit-Kat ads,” Lama said.

After his Kit-Kat experiment, he successfully repeated it with chatter about Lysol. The 23-year-old musician is now more convinced than ever that Facebook is listening to his conversations through his phone’s microphone.

“It listens to key words. If you say a word enough times, the algorithm catches those words and it sets off targeted ads,” Lama theorized.

Lama is far from alone. The belief that Facebook is actively listening to people through their phones has become a full-on phenomenon. Facebook has, of course, denied it does this. That has done little to dampen the ongoing paranoia around the theory.

Because it is just a theory… right?

Source: Why everyone is so convinced Facebook is spying on their conversations

Apache bug leaks contents of server memory for all to see—Patch now | Ars Technica

Another vulnerability hits the news. Whilst similar to heartbleed in leaking memory contents, it does not seem to be too risky if you’re running it as a single user, and the memory leak isn’t huge quantities.

Saying that, this vulnerability also may also affect cloud systems. For example, on AWS, (which has httpd), doing a version check:

$ httpd -v
Server version: Apache/2.4.27 (Amazon)
Server built: Aug 2 2017 18:02:45

However, without knowing how Amazon have setup Apache behind the scenes, are we able to say definitely that we are/aren’t affected?

Source: Apache bug leaks contents of server memory for all to see—Patch now | Ars Technica

WCry is so mean Microsoft issues patch for 3 unsupported Windows versions | Ars Technica

Microsoft patching systems as far back as XP? WannaCry is BIG, and the problem is…. there’s going to be systems out there still not patched due to laziness or no internet connection and are vulnerable.

Seen a couple of XP boxes around — some self-service tills, ATMs, and payphones all use XP…

Decommissioned for years, Windows XP, 8, and Server 2003 get emergency update.

Source: WCry is so mean Microsoft issues patch for 3 unsupported Windows versions | Ars Technica

Do you want to play a game? Ransomware asks for high score instead of money | Ars Technica

A new randomware was doing the rounds, but rather than paying to unlock, it’s asking for a high score in a bullet-hell (think Touhou Project) game. The game is fun anyway, but would you be willing to play it to get your files? High stakes 🙂

 

Creator apologizes for a “joke” that really requires expert play to unlock files.

Source: Do you want to play a game? Ransomware asks for high score instead of money | Ars Technica

OpenSSL after Heartbleed | Linux.com | The source for Linux information

Despite being a library that most people outside of the technology industry have never heard of, the Heartbleed bug in OpenSSL caught the attention of the mainstream press when it was uncovered in April 2014 because so many websites were vulnerable to theft of sensitive server and user data. At LinuxCon Europe, Rich Salz and Tim Hudson from the OpenSSL team did a deep dive into what happened with Heartbleed and the steps the OpenSSL team are taking to improve the project.

Source: OpenSSL after Heartbleed | Linux.com | The source for Linux information

Time is running out for NTP | InfoWorld

A lot of projects are corporate, but some, like NTP are small, or even solo projects. When these small projects become really important and still not have enough resource to maintain, the security issues can’t be patches as fast as, say Oracle, Microsoft or Google.

Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or fund its various initiatives

Source: Time is running out for NTP | InfoWorld