Security Alerts & News
by Tymoteusz A. Góral

History
#999 Firm pays $950,000 penalty for using WiFi signals to secretly track phone users
A mobile advertising company that tracked the locations of hundreds of millions of consumers without consent has agreed to pay $950,000 (£640,000) in civil penalties and implement a privacy program to settle charges that it violated federal law.

The US Federal Trade Commission alleged in a complaint filed Wednesday that Singapore-based InMobi undermined phone users' ability to make informed decisions about the collection of their location information. While InMobi claimed that its software collected geographical whereabouts only when end users provided opt-in consent, the software in fact used nearby Wi-Fi signals to infer locations when permission wasn't given, FTC officials alleged. InMobi then archived the location information and used it to push targeted advertisements to individual phone users.

Specifically, the FTC alleged, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a "geocorder" database to infer the phone user's latitude and longitude, even when an end user hadn't provided permission for location to be tracked through the phone's dedicated location feature.
Read more
#1007 Google launches Android programming course for absolute beginners
#1006 Apple’s official statement on why the iOS 10 kernel is not encrypted
#1005 WordPress security update patches two dozen flaws
#1004 Unpatched remote code execution flaw exists in Swagger
#1003 Let’s Encrypt celebrates big HTTPS milestone
#1002 Hackers would like to join your LinkedIn network - and you'd probably accept them
#1001 McAfee Labs: Threats Report (PDF)
#1000 ‘GODLESS’ mobile malware uses multiple exploits to root devices
#999 Firm pays $950,000 penalty for using WiFi signals to secretly track phone users
#998 Advantech patches WebAccess remote code execution flaws
#997 Ransomware a two-year nightmare in the making
#996 Nuclear, Angler exploit kit activity has disappeared
#995 Patched libarchive vulnerabilities have big reach
#994 154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12