Well, it finally happened: Defcon is canceled. Except, for real this time. The popular hacking conference and its sister event, Black Hat, have both been called off over Covid-19 concerns, meaning a longstanding meme has become reality. Don’t worry; organizers have promised online sessions to make sure those bugs and vulnerabilities still see the light of day.
In other Covid-19 news, India’s mandatory contact tracing app turns out to have serious privacy concerns. Because it uses GPS data by design, it’s possible to use a so-called triangulation attack to identify specific people who have reported as positive for the disease. A more privacy-friendly alternative is the Bluetooth-based solution that leaves location out of it altogether. The two companies shared mock-ups of potential interfaces for apps that take advantage of that framework; the apps themselves will have to be developed by public health officials.
Elsewhere we took a look at a data leak at adult cam site CAM4, which exposed 10.88 billion records to the open internet, including names, sexual orientations, payment logs, and email and chat transcripts. The good news is that a relatively very small number of people could actually have been identified by data, and CAM4 says no malicious hackers found it. The bad news is, well, pretty self-evident.
Other bad news: A Facebook bug caused popular iOS apps like Spotify and TikTok to crash repeatedly for a couple of hours this week. That’s not the end of the world, but it’s a reminder of just how far Facebook’s reach extends, and how much data it pulls from apps you use even if you don’t have a F