Archive for September 2018

In the latest version of Chrome, you are automatically logged into the cloud portion of your chrome browser whenever you log into any Google website. Matthew Green has written a detailed blog post (see link above) outlining the resulting privacy concerns.

I do differ from him in one crucial bit though. In the end he states that he rejects the argument that goes along the lines of “Captain Obvious strikes again, it’s Google, something like this was bound to happen.”. He said he believes that for 10 years Google managed to provide good open source software without massively violating user privacy and there was no way to see this coming. Seriously? I mean, come on! All the location snooping with Android? Even though the settings were turned off? The preset synchronization options? Forcing G-Apps onto everyone? Google has been on a privacy violating spree for a long time already. One of the main reasons I have never used Chrome. Something like this was bound to happen! They are an ad company. They can make more money if their ads are even more personalized and can be targeted even better. In a world where shareholder value has the last say and is regarded as the ultimate decision maker, of course companies like Google will fuck with your privacy if it means more revenue. This is so blatantly obvious that “I did not see it coming.” is no valid defense.

There is a new attack out there that allows you to reboot iOS or freeze macOS simply by visiting a webpage containing HTML and CSS. It does not need Javascript to be enabled so it also works while viewing HTML E-Mail (which you should never do anyway but tell that to the hipsters).

The following excerpt is especially exciting

Haddouche has told BleepingComputer that he has created an additional attack using HTML, CSS, and JavaScript that will totally freeze macOS computers. He has not released it as it persists after reboot and macOS will relaunch Safari with the malicious page as well, making the computer freeze again.

After Apple’s botched last year in regards to miserable security and ridiculous vulnerabilities one would assume they had gotten off their asses and shifted resources to fixing their swiss cheese of an operating system. But then again, pumping out new iPhones seems to be more important. Got to please the hipsters. I actually find it very much interesting how Apple and their operating systems went from “expensive but secure” to “expensive and utter garbage with more holes than a swiss cheese” over the recent three or so years. It is a perfect example what happens if you prioritize new products (quantity) over fixing your shit and delivering a well developed product (quality).