article thumbnail

Tracking World Leaders Using Strava

Schneier on Security

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains.

article thumbnail

Yet Another Strava Privacy Leak

Schneier on Security

in 2018, it was secret US military bases.) This time it’s the Swedish prime minister’s bodyguards. Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. This is ridiculous. Why do people continue to make their data public?

247
247
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

article thumbnail

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Scams 328
article thumbnail

Surveillance Used by a Drug Cartel

Schneier on Security

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report.

article thumbnail

Ubuntu Disables Spectre/Meltdown Protections

Schneier on Security

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off.

Malware 267
article thumbnail

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

Passive DNS records from DomainTools.com show that between 2016 and 2018 the domain was connected to an Internet server in Germany, and that the domain was left to expire in 2018. The Russian search giant Yandex reports this user account belongs to an “Ivan I.” ” from Moscow. ne ” instead of “ awsdns-06.net.”

DNS 363