By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

In a 747-page document provided to the US House of Representatives' Energy and Commerce Committee on Friday, Facebook admitted that it granted special access to users' data to 61 tech companies. According to the document, these 61 companies received a "one-time" extension so they could update their apps in order to comply with a Terms of Service change the company applied in May 2015. The six-month extension was applied from May 2015, onward, when Facebook restricted its API so apps could not access too much data on its users, and especially the data of users' friends. The API change came in a period when apps like the one developed by Cambridge Analytica were using the Facebook API to mass-harvest the data of Facebook users. In May 2015, Facebook realized that apps were abusing this loophole in its permission system to trick one user into granting permission to the personal data of hundreds of his friends, and restricted the Facebook API to prevent indirect data harvesting. But these 61 tech companies, because they ran popular apps, received an exemption to this API change, during which, theoretically, they could have abused the Facebook API to collect data on Facebook users and their friends. Data that could have been collected included name, gender, birthdate, location, photos, and page likes. The 61 companies are listed on OUR FORUM.

Well, that was not completely unexpected.  Despite building rumors of a 2018 release for Microsoft’s long-rumored dual-panel mobile Surface device ZDNet’s Mary Jo Foley reports that the project has been put on hold. Reportedly part of the reason is that AndromedaOS which powers the device is just not ready to ship in time for RedStone 5, due to “scheduling and quality” issues. MaryJo also said there was no guarantee it will show up in the next version of the OS either. Another reason, however, is that some in Microsoft just does not see enough demand for a pocket-sized foldable Surface device which can only run store apps.  The device may eventually make it to market as a larger PC-sized (we assume laptop-sized) device that can run regular apps. MaryJo reports the decision to withdraw Andromeda from RedStone 5 was made within the last few weeks and blames it in part on a recent April Microsoft reorg.  She suggests the steady stream of leaks in recent weeks was by internal fans of the project and intended to drum up external support for the doomed project. It is notable that every recent leak has come with a proviso that the project could still be canceled at any moment. More can be found on OUR FORUM.

Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails. The offer, first advertised via Twitter earlier this week, is available as part of the company's latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement. The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category. BSD zero-day rewards will be on par with Linux payouts. The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000. In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit. Follow this thread on OUR FORUM.
 
  

Latest Articles