Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Nusrat Jahan Momo

Pages: [1] 2 3 ... 5
1
Over the past year, Qualys (where I’m employed as the CISO) discovered serious weaknesses in the Schneider Electric ETG3000 FactoryCast HMI Gateway, an administrative interface used to manage industrial controls systems, and within the Linux glibc library.  In both cases, the vulnerabilities could allow a remote attacker to take control of the systems and cause significant harm.  Once such vulnerabilities are discovered, should one disclose them? If so, how does one do that?

There are two types of disclosures used by alumnus of Regis' information assurance graduate program and the security research field at large:  full disclosure and responsible disclosure.  Full disclosure is the practice of publishing the details of the vulnerability as early as possible and making the information available to everyone without restriction, which typically includes publicly releasing information through online forums or websites.  The primary argument for full disclosure is that ethically, the potential victim of attacks should be as knowledgeable as those who attack them.

Alternatively, responsible disclosure requires that the security researcher not disclose the vulnerability until a fix is available.  The argument for responsible disclosure is that blackhats – cyber criminals – can typically exploit the vulnerability when publicly disclosed much quicker than those who are attacked can fix the issue.  As such, it is important that a fix is ready and widely available once the vulnerability is made widely known. Responsible disclosure basically requires:

    That the security researcher who found the vulnerability confidentially reports it to the impacted company.
    That the security researcher and company work in good faith to establish an agreed upon period of time for the vulnerability to be patched.
    Once the agreed upon time period expires and the vulnerability is patched or the patch is available for installation by the users of the software, the security researcher can publicly disclose the vulnerability.

Several companies, such as Google, Microsoft, and Facebook, have also instituted bug bounty programs.  Bug bounty programs are similar to responsible disclosure, with the exception that the security researcher is compensated for reporting the vulnerability.

As a future security professional with your master's degree in information assurance, you may one day discover a vulnerability that could be leveraged by blackhats to wreak havoc across the Internet.  When you do, how will you disclose the vulnerability?

2
In a laboratory in Copenhagen, scientists believe they are on the verge of a breakthrough that could transform computing.

A team combining Microsoft researchers and Niels Bohr Institute academics is confident that it has found the key to creating a quantum computer.

If they are right, then Microsoft will leap to the front of a race that has a tremendous prize - the power to solve problems that are beyond conventional computers.

In the lab are a series of white cylinders, which are fridges, cooled almost to absolute zero as part of the process of creating a qubit, the building block of a quantum computer.
"This is colder than deep space, it may be the coldest place in the universe," Prof Charlie Marcus tells me.

The team he leads is working in collaboration with other labs in the Netherlands, Australia and the United States in Microsoft's quantum research programme.

Right now, they are behind in the race - the likes of Google, IBM and a Silicon Valley start-up called Rigetti have already shown they can build systems with as many as 50 qubits. Microsoft has yet to demonstrate - in public at least - that it can build one.

But these scientists are going down a different route from their rivals, trying to create qubits using a subatomic particle, whose existence was first suggested back in the 1930s by an Italian physicist Ettore Majorana.
Media captionWATCH: Quantum computing explained in 20 seconds

This week scientists from Microsoft's laboratory in Delft published a paper in the journal Nature outlining the progress they had made in isolating the Majorana particle.

Their belief is that this will lead to a much more stable qubit than the methods their rivals are using, which are highly prone to errors. That should mean scaling up to a fully operational quantum computer will be far easier.

At the Copenhagen lab they showed me through a powerful microscope the tiny wire where they have created these Majorana particles. Later over dinner, Prof Charlie Marcus tried, not altogether successfully, to demonstrate to someone whose last physics exam was more than 40 years ago what was unique about this approach with three pieces of bread and some cutlery.

"What's really astounding with this activity compared with what everybody else is doing is that we have to invent a particle that's never existed before and then use it for computing," he explains.

"It's a profoundly more exotic challenge than what's going on with other approaches to quantum computing."

Other scientists taking those other approaches are looking on with great interest and a little scepticism.

"It's one of those things that on paper look incredibly exciting but physics has a habit of throwing up spanners in the works," says University College London's Prof John Morton, whose research involves using good old fashioned silicon to build qubits.

"Until we see the demonstration we don't know how well these Majorana qubits developed by Microsoft will really behave."
Media captionCanada's Prime Minister Justin Trudeau was challenged to explain quantum computing in 2016

He says this is a big year for the field, with the strong likelihood that Google or IBM will demonstrate what is known as quantum supremacy, where a problem that is beyond a conventional supercomputer is solved using quantum methods.

But Microsoft seems confident that its years of research will soon pay off.

"We will have a commercially relevant quantum computer - one that's solving real problems - within five years," says Dr Julie Love, Microsoft's director of quantum computing business development.

She is already out selling the company's customers a vision of a near future where quantum computers will help battle climate change, create new superconducting materials and super-charge machine learning.

"What it allows us to do is solve problems that with all of our supercomputers running in parallel would take the lifetime of the universe to solve in seconds, hours or days."

So, the heat is on for the research team. Prof Charlie Marcus, who spent most of his career at Harvard before being recruited to run the Copenhagen lab, says his life has been about creating knowledge, not building products.

"My job is to find out what works and hand it off to the engineers and computer scientists who will turn it into a technology."

Heading up the whole programme is Todd Holmdahl, the Microsoft executive previously in charge of the Hololens mixed reality headset and the Xbox games console - a measure of how serious the company is about making some quantum hardware pretty soon.

I pressed Prof Marcus on whether his team was going to hit that ambitious five year target set by his employer.

"We're sure going to try," he says with a grin.
Source:bbc news

3
A Russian man accused of hacking LinkedIn, Dropbox, and Formspring in 2012 and possibly compromising personal details of over 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic.

Yevgeniy Aleksandrovich Nikulin, 30, of Moscow was arrested in Prague on October 5, 2016, by Interpol agents working in collaboration with the FBI, but he was recently extradited to the United States from the Czech Republic on Thursday for his first appearance in federal court.

Nikulin's arrest started an extradition battle between the United States and Russia, where he faces significantly lesser criminal charges of stealing $3,450 via Webmoney in 2009. But the Czech Republic ruled in favor of the United States.

In the U.S., Nikulin is facing:

    3 counts of computer intrusion
    2 counts of intentional transmission of information, code, or command causing damage to a protected computer
    2 counts of aggravated identity theft
    1 count of trafficking in unauthorized access devices
    1 count of conspiracy

According to the maximum penalties for each count, Nikulin faces a maximum of 32 years in prison and a massive fine of more than $1 Million.

The U.S. Justice Department accused Nikulin of allegedly hacking into computers belonging to three American social media firms, including LinkedIn, the online cloud storage platform Dropbox and now-defunct social-networking firm Formspring.

Nikulin reportedly gained access to LinkedIn's network between March 3 and March 4, 2012, Dropbox between May 14 and July 25, 2012, and Formspring between June 13 and June 29, 2012.

The hacker allegedly stole accounts of more than 117 Million LinkedIn users and more than 68 Million Dropbox users. Authorities also say that after stealing data from the three companies, Nikulin worked with unnamed co-conspirators to sell the stolen data.

Besides hacking into the three social media firms, the Justice Department also accused Nikulin of allegedly gaining access to credentials belonging to LinkedIn and Formspring employees, which helped him carry out the computer hacks.

Nikulin appeared in Federal District Court in San Francisco on Friday and pleaded not guilty to the charges against him, the New York times reported.

"This is deeply troubling behavior once again emanating from Russia," said Attorney General Jeff Sessions in a statement. "We will not tolerate criminal cyber-attacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate."

Judge Jacqueline Scott Corley scheduled Nikulin's next court appearance for status on April 2, 2018, and scheduled a detention hearing for April 4, 2018.

4
First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments and education.

Over time, the ransom prices set by this group have changed some, but they've remained consistent when it comes to general affordability, which is why many victims have paid. To date, the group has made nearly $850,000 USD.

[ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ]

This somewhat shocking figure is based on current value of Bitcoin (BTC), which was $8,620.22 at the time this story was written. However, because the market is constantly changing, the actual value of the ransoms paid will go up or down, as the final value is determined on the rate at cash-out.

Also, this figure is based on the previously known SamSam wallet (used during the Allscripts attack in January) and the wallet used in their most recent attack against the City of Atlanta.

Still, the fact the group behind SamSam has collected any ransom at all, let alone 98.5 BTC, tells an interesting story about the balance between security and business.

When victims of ransomware pay the ransom, most people assume it's because they didn't have proper backups, or the backups themselves were either outdated or corrupt. You'll see pundits mention this in the media or on stage at security conferences year-round.

Thing is, what most pundits aren't talking about – a dirty secret for some in the security industry – is that sometimes it's cheaper and quicker to pay during a ransomware attack.

5
ACADEMIC PROGRAMS AT DIU / Principles for C programming
« on: March 31, 2018, 01:34:20 PM »
In the words of Doug Gwyn, “Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things”. C is a very powerful tool, but it is to be used with care and discipline. Learning this discipline is well worth the effort, because C is one of the best programming languages ever made. A disciplined C programmer will…

Prefer maintainability. Do not be clever where cleverness is not required. Instead, seek out the simplest and most understandable solution that meets the requirements. Most concerns, including performance, are secondary to maintainability. You should have a performance budget for your code, and you should be comfortable spending it.

As you become more proficient with the language and learn about more features you can take advantage of, you should also be learning when not to use them. It’s more important that a novice could understand your code than it is to use some interesting way of solving the problem. Ideally, a novice will understand your code and learn something from it. Write code as if the person maintaining it was you, circa last year.

Avoid magic. Do not use macros1. Do not use a typedef to hide a pointer or avoid writing “struct”. Avoid writing complex abstractions. Keep your build system simple and transparent. Don’t use stupid hacky crap just because it’s a cool way of solving the problem. The underlying behavior of your code should be apparent even without context.

One of C’s greatest advantages is its transparency and simplicity. This should be embraced, not subverted. But in the fine C tradition of giving yourself enough rope to hang yourself with, you can use it for magical purposes. You must not do this. Be a muggle.

Recognize and avoid dangerous patterns. Do not use fixed size buffers with variable sized data - always calculate how much space you’ll need and allocate it. Read the man pages for functions you use and handle their failure modes. Immediately convert unsafe user input into sanitized C structures. If you later have to present this data to the user, keep it in C structures until the last possible moment. Learn of and use extra care around sensitive functions like strcat.

Writing C is sometimes like handling a gun. Guns are important tools, but accidents with them can be very bad. You treat guns with care: you don’t point them at anything you love, you exercise good trigger discipline, and you treat it like it’s always loaded. And like guns are useful for making holes in things, C is useful for writing kernels with.

Take care organizing the code. Never put code into a header. Never use the inline keyword. Put separate concerns in separate files. Use static functions liberally to organize your logic. Use a coding style that gives everything enough breathing room to be easy on the eyes. Use single letter variable names when their purpose is self-evident and descriptive names when it’s not, and avoid neither.

I like to organize my code into directories that implement some group of functions, and give each function its own file. This file will often contain lots of static functions, but they all serve to organize the behavior this file is responsible for implementing. Write up a header to give others access to this module. And use the Linux kernel coding style, god dammit.

Use only standard features. Do not assume the platform is Linux. Do not assume the compiler is gcc. Do not assume the libc is glibc. Do not assume the architecture is x86. Do not assume the coreutils are GNU. Do not define _GNU_SOURCE.

If you must use platform-specific features, describe an interface for it, then write platform-specific support code separately. Under no circumstances should you ever use gcc extensions or glibc extensions. GNU is a blight on this Earth, do not let it infect your code.

Use a disciplined workflow. Have a disciplined approach to version control, too. Write thoughtful commit messages - briefly explain the change in the first line, and add justification for it in the extended commit message. Work in feature branches with clearly defined goals, and do not include changes that don’t serve that goal. Do not be afraid to rebase and edit your branch’s history so that it presents your changes clearly.

When you have to return to your code later, you will be thankful for the detailed commit message you wrote. Others who interact with your code will be thankful for this as well. When you see some stupid code, it’s nice to know what the bastard was thinking at the time, especially when the bastard in question was you.

Do strict testing and reviews. Identify the different possible code paths that your changes may take. Test each of them for the correct behavior. Give it incorrect input. Give it inputs that could “never happen”. Pay special attention to error-prone patterns. Look for places to simplify the code and make the processes clearer.

Next, give your changes to another human to review. This human should apply the same process and sign off on your changes. Review with discipline as well, taking all of the same steps. Review like it’ll be your ass on the line if there’s a problem with this code.

Learn from mistakes. First, fix the bug. Then, fix the real bug: your process allowed this mistake to happen. Bring your code reviewer into the discussion - this is their fault, too. Critically examine the process of writing, reviewing, and deploying this code, and seek out the root cause.

The solution might be simple, like adding strcat to the list of functions that should trigger your “review this code carefully” reflex. It might be employing static analysis so a computer can detect this problem for you. Perhaps the code needs to be refactored so it’s simpler and easier to spot errors in. Failing to reflect on how to avoid future -ups would be the real -up here.

6
IEEE International Conference on Robotics, Electrical and Signal Processing Techniques 2018 hosted by American International University- Bangladesh

Call for Paper
Faculty of Engineering, American International University- Bangladesh (AIUB) is going to organize an International Conference on Robotics, Electrical and Signal Processing Techniques (ICREST) for the 1st time in Bangladesh. AIUB is one of the leading private universities committed to excellence in Science, Engineering, Business, Arts and Social Science education, research, community works and outreach programs. Hence ICREST 2018 is looking for innovative research and ideas on the emerging developments in Computer, Electrical and Electronics, Quantum Computing, Big Data Cloud Computing, Machine and Deep Learning, Artificial Intelligence, Internet of Things (IoT) and Robotic Technologies. Academic and industrial leaders are expected to interact with young researchers to identify the future penstock. This platform may be a unique opportunity to develop future direction for Science and Engineering professionals.

Scope
Topics included but not limited to:

Bioengineering communication
Circuit devices & systems
Computing & processing (hardware/software)
Engineering profession
Electromagnetics
Photonics & electro-optics
Power energy
Industry applications--robotics & control systems
Signal processing & analysis

Important Dates
Submission of Papers: 30th June, 2018
Acceptance of Papers: 30th August, 2018
Submission of Camera Ready: 15th September, 2018
Early Bird Registration: 15th September, 2018 – 15th October , 2018
Registration Ends: 30th November, 2018
Exhibition Submission: 15th September, 2018
Conference Date:22-24th December 2018

LInk:http://icrest.aiub.edu/

7
IEEE International Conference on Innovations in Science, Engineering and Technology 2018 hosted by International Islamic University Chittagong

Call for Paper
International Conference on Innovations in Science, Engineering and Technology 2018 (ICISET 2018) is a multidisciplinary international conference organized by the Faculty of Science and Engineering (FSE) of International Islamic University Chittagong (IIUC) in association with the Center for Research and Publication (CRP) of the university. This is the second time ICISET is going to take place where the first round of this immensely successful conference was held in 2016. The objective of ICISET 2018 is to create a unique opportunity for the scientists, engineers, professionals, researchers and students to present their latest research findings and experiences in the areas of Computer Engineering, Electrical Engineering, Electronics, Telecommunication Engineering, Pharmacy and other relevant areas of Science, Engineering and Technology.

Scope
Algorithms & Information Systems
Artificial Intelligence, Machine Learning & Expert System
Computer Vision, Robotics & Human-Computer Interaction
Computer Graphics & Multimedia Systems
Signal, Image, Audio & Video Processing
Distributed, Mobile & Cloud Computing
Database, Data Mining & Big Data
Engineering Ethics, E-Commerce and E-Governance
Internet of Things
System Security
Power Systems, Electrical Drives and Control Systems
Mobile & wireless communication
RF & Microwave Engineering
Antenna Propagation
Optical & under water communication
Concept of 5G & Advanced Communication Technology
Electronic Devices and Embedded System
VLSI Design, Fabrication & Computer Architecture
Materials Science
Renewable Engineering
Instrumentation and Sensors
Nanotechnology and NEMS
Photonic Devices
Herbal Medicine
Pharmacology
Pharmaceutical Microbiology & Immunology
Bioinformatics, Biotechnology & Molecular Biology
Pharmaceutics
Pharmaceutical Technology & Nanotechnology
Important Dates
Paper submission deadline: June 25, 2018
Notification of acceptance: August 27, 2018
Camera-ready due: September 10, 2018
Last date of registration: September 24, 2018
Conference Dates: October 26-27,2018
Venue: Faculty of Science and Engineering (FSE) of International Islamic University Chittagong
Link: http://iciset2018.iiuc.ac.bd/

All accepted and presented papers are expected to be included in IEEE Xplore and will be indexed by EI.

8
This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.

This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us—my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.

In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts."

The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.
Further Reading
Facebook’s Cambridge Analytica scandal, explained [Updated]

Facebook uses phone-contact data as part of its friend recommendation algorithm. And in recent versions of the Messenger application for Android and Facebook Lite devices, a more explicit request is made to users for access to call logs and SMS logs on Android and Facebook Lite devices. But even if users didn't give that permission to Messenger, they may have given it inadvertently for years through Facebook's mobile apps—because of the way Android has handled permissions for accessing call logs in the past.

If you granted permission to read contacts during Facebook's installation on Android a few versions ago—specifically before Android 4.1 (Jelly Bean)—that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017—the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data.

Facebook provides a way for users to purge collected contact data from their accounts, but it's not clear if this deletes just contacts or if it also purges call and SMS metadata. After purging my contact data, my contacts and calls were still in the archive I downloaded the next day—though this may be because the archive was still the same cache I had requested on Friday.

As always, if you're really concerned about privacy, you should not share address book and call-log data with any mobile application. And you may want to examine the rest of what can be found in the downloadable Facebook archive, as it includes all the advertisers that Facebook has shared your contact information with, among other things.

9
 Call for Paper
Faculty of Engineering, American International University- Bangladesh (AIUB) is going to organize an International Conference on Robotics, Electrical and Signal Processing Techniques (ICREST) for the 1st time in Bangladesh. AIUB is one of the leading private universities committed to excellence in Science, Engineering, Business, Arts and Social Science education, research, community works and outreach programs. Hence ICREST 2018 is looking for innovative research and ideas on the emerging developments in Computer, Electrical and Electronics, Quantum Computing, Big Data Cloud Computing, Machine and Deep Learning, Artificial Intelligence, Internet of Things (IoT) and Robotic Technologies. Academic and industrial leaders are expected to interact with young researchers to identify the future penstock. This platform may be a unique opportunity to develop future direction for Science and Engineering professionals.

Scope
Topics included but not limited to:

Bioengineering communication
Circuit devices & systems
Computing & processing (hardware/software)
Engineering profession
Electromagnetics
Photonics & electro-optics
Power energy
Industry applications--robotics & control systems
Signal processing & analysis

Important Dates
Submission of Papers: 30th June, 2018
Acceptance of Papers: 30th August, 2018
Submission of Camera Ready: 15th September, 2018
Early Bird Registration: 15th September, 2018 – 15th October , 2018
Registration Ends: 30th November, 2018
Exhibition Submission: 15th September, 2018
Conference Date:22-24th December 2018

LInk:http://icrest.aiub.edu/

10
ACM Journal on Emerging Technologies in Computing Systems

ACM Transactions on Autonomous and Adaptive Systems

ACM Transactions on Mathematical Software

ACM Transactions on Programming Languages and Systems

ACM Transactions on Software Engineering and Methodology

Acta Informatica

Ad Hoc Networks

Ada User Journal

Advanced Robotics

Advances in Engineering Software

Annual Reviews in Control

Applied Soft Computing Journal

Automated Software Engineering

Automatic Control and Computer Sciences

Chemometrics and Intelligent Laboratory Systems

Cluster Computing

CMES - Computer Modeling in Engineering and Sciences

Cognitive Technologies

Computer Animation and Virtual Worlds

Computer Languages, Systems and Structures

Computer Methods and Programs in Biomedicine

Computer Software

Computer Speech and Language

Computer Standards and Interfaces

Computer Vision and Image Understanding

Computing (Vienna/New York)

Computing and Informatics

Computing and Visualization in Science

Concurrency Computation Practice and Experience

Constraints

CrossTalk

Cutter IT Journal

Cybernetics and Systems

Design Automation for Embedded Systems

Distributed and Parallel Databases

11
What have we learned this week about the dangers of sharing our lives on Facebook - and can we now take back control?

    Stream or download the latest Tech Tent podcast
    Listen live every Friday at 15:00 GMT on the BBC World Service

This week's Tech Tent explores how the biggest crisis in the social media company's history has unfolded - and asks what might happen next. Will Facebook really change its ways, or will regulators have to step in and make it be more transparent about how it uses our data?

After all, according to one of our guests Emma Mulqueeny, it and other platforms "utilised the easiest business model they could and closed their eyes and crossed their fingers that it would be too annoying, too complicated or too late by the time people started wanting to take control of their own data".

Some people have now decided to take to the courts to assert their rights over their own data. Among them is a US citizen, Prof David Carroll. He is taking Cambridge Analytica to court in the UK to get access to data he says it holds on him.

The company, which acquired the Facebook profiles of 50 million people from an academic researcher, boasted in the past that it had 4,000-5,000 data points on just about every American citizen.

Prof Carroll tells Tech Tent that this boast inspired him to demand his file but what he received from the company was "alarming but not complete", a model of the political beliefs he probably held and his likelihood to vote.

Convinced that there must be far more data, he went to court to seek it - not in the United States but in the UK where the law is more friendly to this kind of case. With Europe's major new data protection law GDPR arriving in May we can expect more cases to cross the Atlantic.

Source:bbc news

12
The firm that designed the sensors on the Uber self-driving car that killed a woman this week has said its technology was not to blame.

San Jose-based Velodyne told the BBC it was "baffled" by the incident, adding its equipment was capable of seeing in the dark.

Elaine Herzberg, 49, was struck by the car late on Sunday night in Tempe, Arizona. She died in hospital.

The investigation into what caused her death is ongoing.

Video of the incident was published by investigators earlier on Wednesday. It showed Ms Herzberg walking with her bicycle, away from a pedestrian crossing. Neither the car - nor its human driver - reacted.

A spokeswoman for Uber told the BBC it would not comment on Velodyne's view while the inquiry took place.
Source:bbc news

13
Allegations that research firm Cambridge Analytica misused the data of 50 million Facebook users have reopened the debate about how information on the social network is shared and with whom.

Data is like oil to Facebook - it is what brings advertisers to the platform, who in turn make it money.

And there is no question that Facebook has the ability to build detailed and sophisticated profiles on users' likes, dislikes, lifestyles and political leanings.

The bigger question becomes - what does it share with others and what can users do to regain control of their information?
Source:bbc news

14
Facebook boss Mark Zuckerberg has been called on by a parliamentary committee to give evidence about the use of personal data by Cambridge Analytica.

The consulting firm is accused of harvesting the data of 50 million Facebook users without permission and failing to delete it when told to.

Damian Collins, the chairman of the Commons inquiry into fake news, accused Facebook of "misleading" the committee.

London-based firm Cambridge Analytica denies any wrongdoing.

Both companies are under scrutiny following claims by a whistleblower, Christopher Wylie, who worked with Cambridge Analytica and alleges it amassed large amounts of data through a personality quiz on Facebook called This is Your Digital Life.

He claims that 270,000 people took the quiz, but the data of some 50 million users, mainly in the US, was harvested without their explicit consent via their friend networks.

Mr Wylie says that data was sold to Cambridge Analytica, which then used it to psychologically profile people and deliver pro-Trump material to them, with a view to influencing the outcome of the 2016 presidential election.

    Cambridge Analytica: The story explained
    Facebook data sharing - time to act?
    US consumer watchdog 'probes Facebook'

In a letter to Mr Zuckerberg, Mr Collins accused Facebook of giving answers "misleading to the Committee" at a previous hearing which asked whether information had been taken without users' consent.

He said it was "now time to hear from a senior Facebook executive with the sufficient authority to give an accurate account of this catastrophic failure of process".

Requesting a response to the letter by 26 March, the MP added: "Given your commitment at the start of the New Year to "fixing" Facebook, I hope that this representative will be you."

His intervention comes after the UK's Information Commissioner Elizabeth Denham said she would be applying to court for a warrant to search the offices of Cambridge Analytica.

The firm insists it followed the correct procedures in obtaining and using data, but it was suspended from Facebook last week.

President Donald Trump welcomed any investigation into Cambridge Analytica as "Americans' privacy should be protected", according to a deputy press secretary at the White House.
Source:bbc news

15
Latest Technology / Snapchat redesign is a 'flop' with users
« on: January 14, 2018, 10:49:18 AM »
Snapchat's redesign, which was rolled out at the end of last year, has not gone down well with users.

The refreshed look pushed out in the UK, Australia and Canada has proved unpopular, with up to 83% of reviews on the App Store being negative.

Many have complained that feeds are no longer chronological and are confusing.

Some have contacted Snapchat support on Twitter to air frustrations and asking it to return to the previous version of the app.
Source: bbc news

Pages: [1] 2 3 ... 5