Twitter to “pre-bunk” voter misinformation
On Monday Twitter began placing messages at the top of a user’s feed to pre-emptively debunk misinformation about voting by mail. Because this won’t be a contextual notification alongside a specific tweet with misinformation, Twitter is calling this “pre-bunking.” Twitter will also add a “pre-bunking” message about the timing of election results on October 28th.
Microsoft to force load some webpages in Edge
As part of Microsoft’s planned deprecation of Internet Explorer, starting with Edge 87, a list of 1,156 sites accessed in IE will automatically open in Edge. This includes YouTube, Instagram, Twitter, ESPN, eharmony, and GoDaddy, though enterprise users will be able to set group policy to disable the forced loading. When forcing pages to epen in Edge, Microsoft will display a banner explaining that the change was for better performance and security.
Google removed three apps for violating data collection policies
Google was alerted by the nonprofit watchdog International Digital Accountability Council that the apps, targeted as younger users, may violate the policies. The apps Princess Salon, Number Coloring and Cats & Cosplay used SDKs that could potentially send users’ static Android ID and dynamically generated Android Advertising IDs to the publishers, which when combined could be used to track geolocation over time. The three apps had been downloaded more than 20 million times, and other apps from the publishers are still available on the Play Store.
Report shows the effects of stress on CISOs
Nominet’s CISO Stress report found that 88% of 400 responding CISO’s said they were under moderate to severe amounts of stress in their job. 48% actively worry about the negative impact of the job on their mental health, with 25% saying the stress has impacted relationships with partners and children. The report also found the average CISO tenure is 26 months with an organization, with 24% reporting that their boards don’t believe data breaches to be inevitable, and 20% saying they expect to be fired as the result of one, even if they were not at fault.
Thanks to our sponsor, F5
Cybercriminals blackmail psychotherapy patients
The Finland-based psychotherapy company Vastaamo said its customer register of over 40,000 patients was likely compromised between the end of November 2018 and March 2019. Attackers are now reportedly reaching out to patients in the breach with blackmail threats. The attacker has already leaked patient therapy notes from 300 patients.The company said patients who have been contacted with blackmail threats should report them to the police.
Nitro PDF suffers data breach
Nitro initially reported the breach as a “low impact security incident” to the Australia Stock Exchange on October 21st, citing no impact to customer data. However the cybersecurity firm Cyble reports that a threat actor is selling user and document databases, as well as 1TB of documents all claiming to be stolen in the breach. This includes a user credential database verified by Bleeping Computer with 70 million user records containing email addresses, full names, hashed passwords, titles, company names, and IP addresses. Cyble says accounts from Google, Apple, Microsoft, Chase, and Citibank are in the databases.
Popular Youtube downloader removed from GitHub
On October 23rd, GitHub removed Youtube-dl after receiving legal notice from the RIAA that it violated the anticircumvention provisions of the Digital Millennium Copyright Act, along with 17 other cloned repos. Since being removed, hundreds of other repositories were created with the source code for the downloader. Additionally, the source code for Youtube-dl was also added to the official GitHub repository used for hosting received DMCA takedown notices. This is due to a known bug that lets anyone attach commits to repos they don’t control. Youtube-dl was in the top 40 most starred repositories on GitHub, between Node.js and Kubernetes.
A look a voter signature verification software
Venture Beat recently looked at signature verification systems used by states to validate signatures on submitted ballots. These systems rely on datasets of images of signatures and are designed to differentiate between global features for an individual signature as a whole, from local features for individual parts of the signature. A 2015 study on these systems in EURASIP Journal on Advances in Signal Processing found that these datasets had vast ranges of accuracy, from 74.3% to 96.7%, and the ACLU says these systems are biased to reject signatures from ESL speakers, and those with mental or physical disabilities. 70 counties across 8 US states also use AI systems for signature verification, most commonly Parascript. This lets election officials set their own minimum scores for approving signatures, with a wide swath of acceptance rates depending on this decision. Only 18 states require providing notice in the case of missing or rejected signatures.