Services

الثلاثاء، 20 ديسمبر 2016

PayAsUGym hack exposes members' card details

People running on a treadmill
itness website PayAsUGym has admitted that members' financial details were stolen when one of its servers was hacked on Thursday.
The discovery was made by security experts who found partial card numbers and home addresses on a public website.
The company acknowledged there had been "confusion" over earlier claims that it did not hold any card details.
Security expert Troy Hunt advised customers to cancel their credit card if they think details have been stolen.
PayAsUGym, which sells passes for gyms around the UK, alerted its members to the security breach in an email on Friday which said "one of the company's IT servers was accessed by an unauthorised person".
While it said email addresses and passwords were accessed, it claimed "we do not hold any financial or credit card information".
The company said 300,000 customers details had been stolen.

Partial card details

However, several customers' credit card details - including 10 digits of their card number, the expiry date and their home address - appear to have been published online.
Once alerted by BBC News, PayAsUGym chief executive Jamie Ward said "we didn't consider" that PayAsUGym holds partial credit card details.
He said customers could contact PayAsUGym directly to find out the exact information they hold.
He added: "We've been completely clear with every customer that has contacted us since our original statement on what we hold."
Security expert Mr Hunt, who tracks breached websites, said he came across several people's details online.
Mr Hunt said: "If it was me, and that information was public, I would cancel the card straight away."

Facebook accused over WhatsApp takeover

WhatsApp

Facebook has been accused by the European Commission of misleading it during its investigation of the company's 2014 takeover of WhatsApp.
The Commission says Facebook misled it when the company said it was impossible to match users' Facebook and WhatsApp accounts.
But in August, WhatsApp said it would do just that, by linking users' phone numbers with their Facebook identities.
Facebook said it had nothing to hide and had acted in good faith.
The Commission believes the ability to link the accounts of the two services' users must have existed in 2014, though this is vigorously disputed by Facebook.
If the Commission concludes that it was definitely misled, either by accident or design, it could fine Facebook up to 1% of its turnover, which would amount to hundreds of millions of euros.
"Companies are obliged to give the Commission accurate information during merger investigations," said Commissioner Margrethe Vestager, who is in charge of competition policy,
"In this specific case, the Commission's preliminary view is that Facebook gave us incorrect or misleading information during the investigation into its acquisition of WhatsApp."

'Continued cooperation'

Facebook is being asked to respond by 31 January 2017.
For its part, it says that it was only very early this year that it found a way to establish a link with the accounts of WhatsApp users, via their phone numbers.
And even so, Facebook says in fact it still cannot match accounts with the precision needed for full "cross-platform messaging", which it argues was the Commission's main concern back in 2014.
"We've consistently provided accurate information about our technical capabilities and plans, including in submissions about the WhatsApp acquisition and in voluntary briefings before WhatsApp's privacy policy update this year," said a Facebook spokesman.
"We're pleased that the Commission stands by its clearance decision, and we will continue to cooperate and share information officials need to resolve their questions," he added.
The Commission said its new probe would not undermine its previous decision to approve the $19bn (£16bn) merger of the two companies because it had not relied on the misleading information alone to approve the deal.

Regulatory quagmire

When WhatsApp announced its new policy in August, it justified it by saying this would lead to an improved service, such as providing "more relevant" friend suggestions, letting businesses send adverts directly to users, and also by dealing more effectively with spam and abuse.
But the change has come under scrutiny from regulators across Europe.
The day after the new policy was announced, the UK's Information Commissioner (ICO) launched an immediate investigation to see if the alteration broke the UK's data protection laws.
In September, the Hamburg Commissioner for Data Protection and Freedom of Information told Facebook to stop collecting and storing the data of German users of WhatsApp.
Then in November the UK's Information Commissioner followed suit and told Facebook not to use the data it had gathered from its WhatsApp users in the UK, saying the firm had not obtained valid consent for the move.
Meanwhile European data regulators in October also asked the two tech companies to stop sharing data while the new policy was scrutinised.

Security risk on in-flight entertainment systems, say researchers

Aircraft in front of moon


Air passengers could be subjected to a series of "shocking" incidents if security flaws in cabin entertainment systems were abused, say researchers.
Security experts found flaws that let them take over cabin entertainment systems.
The flaws could allow attackers to switch off lights, change altitude readings, display bogus maps and broadcast messages via the PA.
Personal information and credit card data were also accessible via the bugs.

Accidental discovery

The weaknesses were found in the Pansonic Aero in-flight systems by Ruben Santamarta, a researcher at security firm IOActive.
The Aero in-flight systems are used by many different airlines including Virgin, Emirates, AirFrance, American Airlines and KLM.
"Security is not one of the system's main strengths," Mr Santamarta told the BBC, adding that the network of seat-back screens and on-board servers would not be able to withstand "solid attacks" from skilled adversaries.
Mr Santamarta said he started researching the Panasonic systems two years ago when, during a flight to Dubai, he accidentally made the screen for his seat display debug data.
Via online searches he slowly amassed a trove of information about the Aero system that included code that runs on the seat-back units as well as the on-board computers that keep the whole thing running.
"I ended up having all the components in my computer so I could emulate the whole system," he said.
Running a copy of the Aero network let Mr Santamarta winkle out flaws and other bugs that, he said, let him "compromise the entire system".
Travelling on a flight where attackers got access to the Aero system and turned off the cabin lights, broadcast PA messages and changed maps to make it look like a plane was being diverted or was losing altitude would be "shocking", said Mr Santamarta.
The only good news is that it did not seem to be possible to cross from in-flight systems to those that control an aircraft. However, he said, he did not rule out the possibility that some airlines had inadvertently joined the two systems giving attackers a route into flight controls.
Mr Santamarta said IOActive had told Panasonic about its research and the flaws it had found. It also passed its research to the industry group that circulates information about security risks to airlines.
Panasonic has not responded to an request for comment about the IOActive findings.

Google responds on skewed Holocaust search results


Google logo reflected in a phone screen


Google has said it is "thinking deeply" about ways to improve search, after criticism over how some results - including ones discussing the Holocaust - were ranked.
Searching for "did the Holocaust happen?" returned a top result that claimed it did not, as Guardian journalist Carole Cadwalladr reported.
Now, the ranking has changed for US users.
The page - from white supremacist site Stormfront - remains top in the UK.
"This is a really challenging problem, and something we're thinking deeply about in terms of how we can do a better job," said a Google spokesman.
"Search is a reflection of the content that exists on the web.
"The fact that hate sites may appear in search results in no way means that Google endorses these views."
Danny SullivanImage copyrightDANNY SULLIVAN
Image captionDanny Sullivan has met Google engineers and executives to discuss controversy over some search rankings
Regarding the recent change in rankings on the Holocaust query, editor of news site Search Engine Land Danny Sullivan, believes this was due to external parties' attempts to influence the ordering of results.
Mr Sullivan met Google executives and engineers last week to discuss the issue of questionable result ranking, which also affects other queries about, for example, ethnic minorities.
"I'm as horrified and disappointed by the results as many people are," he told the BBC.
However, he said Google - which processes five billion searches a day - was keen to come up with a solution that was broadly applicable across all searches, rather than just those that have been noticed by users.
"It's very easy to take a search here and there and demand Google change something," explained Mr Sullivan, "and then the next day you find a different search and say, 'why didn't you fix that?' "

'Hate speech'

Ms Cadwalladr has accused Google of disseminating "hate speech".
Other result rankings that she questioned include those for "are women evil?" and "are muslims bad?".
The BBC has also found that some additional queries, including ones without negative terms, also produce controversial answers.
For example, searching for "are black people smart?" in the UK returns a "featured snippet" at the top of the results that claims "black people are significantly less intelligent than all other races".
Google search results
Image captionSome searches have questionable results at the top
Mr Sullivan added that it was far more common for users to search for simple terms, such as "Holocaust" rather than "did the Holocaust happen?" and that the phrasing of the question also affected result rankings.
He added, however, that Bing - Microsoft's search engine - seemed to be doing "a better job" with these sorts of queries, though it was "not immune" to the issue.
"It seems to be rewarding Wikipedia more than Google does," he said.

'No neutral algorithms'

Some of the concern around the impact that Google search results have on people's perceptions and beliefs stems from research that shows young people, in particular, are increasingly trusting of the site.
An Ofcom report last month found that the proportion of 12 to 15 year-olds turning to Google for "true and accurate information about things that are going on in the world" had shot up to 30% this year, compared to 17% in 2015.
More than a quarter of eight to 15 year-olds surveyed believed that if Google lists information then it can be trusted.
It was important to note that there is no such thing as an "impartial" or "neutral" algorithm, according to Prof Mark Graham at the Oxford Internet Institute.
"There is no correct answer to some issues," he said, but added that Google was still in a position of responsibility.
Google logo on a signImage copyrightAFP
Image captionGoogle has said it is "thinking deeply" about the problem
"Absolutely they should face scrutiny because they occupy this position of immense power - they mediate a vast amount of the world's digital information," he told the BBC.
"I don't think it's good enough to just point to their algorithms and say, 'Well, this is the most popular, this gets the most clicks'."
As for tackling the proliferation of hate speech, Prof Graham pointed out that many countries around the world have guidelines over what is and is not acceptable - guidelines that Google could, potentially, adopt.
"They don't have to build those ideas from scratch," he said.

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More