Security News for the Week Ending March 22, 2024

Like Everyone Else, Reddit Plans to Sell User Content to AI Model Devs

Seeing dollar signs in their future, Reddit decided to “license” their user created content to AI developers to train their models. The FTC is investigating in light of Reddit’s planned IPO. Reddit says it isn’t breaking the law to sell their user’s private data and that may well be true. One deal, with Google, is worth $60 million a year to Reddit – a great sweetener to their IPO stock price. You should assume that any content you create and post on the web, even if you think it is private, is likely not private at all. Credit: The Record

Are Porn Age Verification Laws A Sales Tool for VPN SW?

Pornhub, one of the largest porn sites, continues to block access from states that pass age verification laws. There are now about 5 states with active age verification laws for adult content. If the political situation is any indication, a lot of people don’t trust the government. What will they do with this information? People download VPN software and access adult web sites from other states or countries. After Texas HB 1181 went into effect, VPN demand in Texas went up by 234%. When Utah enacted an age verification law VPN demand went up by almost a thousand percent. Since the states say that adults have nothing to be concerned about, the assumption is that the 990% increase in VPN use is by kids. Do these laws really reduce consumption of adult content by underage users? After you ID yourself, the website will have a log of exactly what pages you visited and must provide them to any government agency if asked. What could go wrong? Of course, all of these adult sites have perfect security so there is nothing to worry about being blackmailed. Remember the Ashley Madison hack? These laws don’t really work, unfortunately. Hackread

Researchers Say Truck Logging Devices Can be Hacked to Take Over Trucks

Researchers in Colorado at Colorado State University figured out how to take over the electronic device that commercial truckers are required to have to log what they are doing. There is, effectively, no security in many of these devices and a hacker in a car nearby or at a truck stop could reprogram the device in about 10-15 seconds. The devices are connected to the truck’s CAN bus, so potentially, anything connected to the bus (remember that 60 Minutes segment where researchers took over a Jeep’s steering and brakes remotely while the car was driving down the highway at 60 mph? Same bus, different technique). EXCEPT, big rigs would do a lot more damage if hacked. Credit: The Register

Apple’s “Elastic Shield”

The US DoJ is following in Europe’s footsteps and suing Apple over monopolistic practices. For anyone who has been following the Appleverse, those practices are well known and include prohibiting developers from telling customers that they can get their software directly from the developer for 30 percent less and prohibiting those developers from using third party credit card services to save money. Apple has made a number of changes in Europe, but curiously, only in Europe, where they face the possibility of a $9 billion fine. The lawsuit says, among many other things, that “Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple’s financial and business interests,”. In a few years it is possible that the lawsuit will level the playing field between Europe and the U.S. Credit: Tech Crunch

Hacking, Even Legal Hacking, Can Earn You $1,132,500

Pwn2Own is an annual convention where vendors offer bounties and ethical hackers show off what they have been working on – busting into software – all year. In exchange for that cool million, hackers have to give up the goods on how the got in. For these folks, it is a worthwhile trade. Among the prizes was a pool of $1.3 million and a Tesla Model 3. Hackers compromised Windows 11, Ubuntu Desktop, VMWare Workstation, Oracle VirtualBox, the aforementioned Tesla and three browsers. Credit: Bleeping Computer

by