February 25, 2019

Facebook tricked kids into in-game purchases, say privacy advocates

By Lisa Vaas

In 2011, Glynnis Bohannon’s 12-year-old son handed her $20. In exchange, she let him use her credit card so he could spend $20 on “Facebook Credits” to use in the Ninja Saga game.

At least, that’s how much he, and she, thought they were spending. A year and nearly a $1,000 worth of credit card charges later – he didn’t know that virtual currency came with a real-world cost – Ms. Bohannon and another exasperated, cash-sapped parent filed a class action lawsuit against Facebook.

Facebook was ordered to refund parents when the suit was settled in 2016, but the repercussions are still rippling out after a court granted a request to unseal the legal documents, made by the Center for Investigative Reporting (CIR).

On Thursday, more than a dozen groups that advocate for children’s rights said they’re asking the Federal Trade Commission (FTC) to investigate whether Facebook has engaged in illegal, unfair or deceptive practices by enticing children to spend money on in-game purchases without their parents’ consent.

After looking over 135 pages of documents unsealed last month, the CIR says that internal Facebook memos, “secret strategies” and employee emails paint what it calls a “troubling picture” of how Facebook conducted business between 2010 and 2014.

Read more at https://nakedsecurity.sophos.com/2019/02/25/facebook-tricked-kids-into-in-game-purchases-say-privacy-advocates/

Adobe patches the same critical Reader flaw twice in one week

By John E Dunn

How often does a vendor find itself having to patch the same critical flaw twice within a matter of days?

It’s almost unheard of. Nevertheless, that’s exactly what Adobe has had to do: fix CVE 2019-7089, a vulnerability in Reader it thought it had addressed on 12 February as part of Patch Tuesday.

The flaw was originally made public by Cure53 researcher Alex Inführ in January, who discovered how a malicious PDF could be used to trigger an SMB call-back revealing an NTLMv2 hash.

Ironically, he was inspired to look at this PDF mechanism by the very similar ‘BadPDF’ flaw affecting NTLMv2, reported last April and eventually patched by Adobe in November as CVE-2018-4993.

However, a day after this month’s apparent Patch Tuesday fix, Inführ took to Twitter to report that he’d discovered a way that the latest patched version could be bypassed.

Read more at https://nakedsecurity.sophos.com/2019/02/25/adobe-patches-the-same-critical-reader-flaw-twice-in-one-week/

Nike’s $350 “Back to the Future” trainers crash, have feet of brick

By Paul Ducklin

We’re not fans of the phrase “First World problem”, not even now it’s in the Oxford Dictionary of English

After all, if humans indeed lived in Africa long before they decided to see what Europe was like, surely Africa ought to be the First World, and we’d count upwards from there?

But no matter – the meaning of the term is now well-established.

An FWP is when someone who already has all of life’s necessities receives the terrible news that their local supermarket will no longer be selling pre-smashed avocado.

So we didn’t know whether to laugh or cry at the recent troubles reported on Google Play by users of an app called Nike Adapt, used to control Nike’s Back To The Future-like Nike Adapt BB trainers.

(BB, by the way, refers not to the diameter of a specific sort of shotgun and airgun pellet – by convention 4.5mm or 0.177″ – but to the phrase “Built for Basketball”.)

Read more at https://nakedsecurity.sophos.com/2019/02/23/nikes-350-back-to-the-future-trainers-crash-have-feet-of-brick/

Advertisers flee YouTube after video comments get even more disgusting

By Lisa Vaas

A YouTube content creator has found what he calls a “wormhole” that, within as few as five clicks, could lead to a “soft-core pedophilia ring” where pedophiles are connecting with each other in the comments sections of innocuous videos featuring children.

That content creator is Matt Watson, also known as MattsWhatItIs, who posted a video of his finds on Sunday.

As of Thursday afternoon, the video had been viewed more than two million times.

In it is a collection of clips, many of them innocent, that show kids doing things like gymnastics, stretching, playing Twister, or simply hanging out with friends – nothing that would get the videos blocked by content filters.

Other videos show flashes of exposed genitals, or feature children – most of them girls – doing the splits or lifting up their tops to show their nipples.

According to Wired, some of the children appear to be as young as five. Many of the videos have been seen by hundreds of thousands, if not millions, of viewers, and they have hundreds of comments.

Those content streams are filled with lechery: for example, a timestamp on one comment about “she’ll make a great mother someday” jumps to a picture of a child’s bare legs.

Other remarks praise the children, jump to points in the video that picture children’s legs or buttocks, ask whether they’re wearing underwear, or simply insert strings of sexually suggestive emojis.

Read more at https://nakedsecurity.sophos.com/2019/02/22/pedos-pollute-youtube-comments-on-kids-videos-advertisers-flee/


Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation