Apple’s iMessage had a few security holes in March and April that potentially leaked photos and contacts, respectively. Though quickly patched, they are a reminder that the company faces a never-ending arms race to shore up its security to keep malicious hackers and government agencies out. But that doesn’t mean they will always be able to keep it private. A report from The Intercept states that iMessage conversation metadata gets logged in Apple’s servers, which the company could be compelled to turn over to law enforcement by court order. While the content of those messages remains encrypted and out of the police’s hands, these records list time, date, frequency of contact and limited location information. When an iOS user types in a phone number to begin a text conversation, their device pings servers to determine whether the new contact uses iMessage. If not, texts are sent over SMS and appear in green bubbles, while Apple’s proprietary data messages appear in blue ones. Allegedly, they log all of these unseen network requests. But those also include time and date stamps along with the user’s IP address, identifying your location to some degree, according to The Intercept . Like the phone logs of yore, investigators could legally request these records and Apple would be obliged to comply. While the company insisted that iMessage was end-to-end encrypted in 2013, securing user messages even if law enforcement got access, Apple said nothing about metadata. Apple confirmed to The Intercept that it does comply with subpoenas and other legal requests for these exact logs, but maintained that message content is still kept private. Their commitment to user security isn’t really undermined by these illuminations — phone companies have been giving this information to law enforcement for decades — but it does illustrate what they can and cannot protect. While they resisted FBI requests for backdoor iPhone access earlier this year and then introduced a wholly redesigned file system with a built-in unified encryption method on every device, they can’t keep authorities from knowing when and where you text people. Source: The Intercept
Read this article:
Apple logs your iMessage contacts and could share them with police
An anonymous reader writes from a report via Softpedia: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaigns ever discovered, with signs that this might have actually been happening since 2013. Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month. The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, Ars Technica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more. Read more of this story at Slashdot. 
Khari Johnson, writing for VentureBeat:A bot made to challenge traffic tickets has been used more than 9, 000 times by New Yorkers, according to DoNotPay maker Joshua Browder. The bot was made available to New Yorkers in March. In recent years and decades, residents of The Big Apple have seen a persistent increase in traffic fines. A record $1.9 billion in traffic fines was issued by the City of New York in 2015. Since the first version of the bot was released in London last fall, 160, 000 of 250, 000 tickets have been successfully challenged with DoNotPay, Browder said. “I think the people getting parking tickets are the most vulnerable in society, ” said Browder. “These people aren’t looking to break the law. I think they’re being exploited as a revenue source by the local government.” Browder, who’s 19, hopes to extend DoNotPay to Seattle this fall. Read more of this story at Slashdot. 
“Police nationwide are secretly exploiting intrusive technologies with the feds’ complicity, ” argues a new article on Alternet — calling out Stingray, which mimics a cellphone tower to identify every cellphone nearby. “It gathers information not only about a specific suspect, but any bystanders in the area as well… Some Stingrays are capable of collecting not only cell phone ID numbers but also numbers those phones have dialed and even phone conversations.” The ACLU says requests for more information have been meeting heavy resistance from police departments since 2011, with many departments citing nondisclosure agreements with Stingray’s manufacturer and with the FBI, and “often, the police get a judge’s sign-off for surveillance without even bothering to mention that they will be using a Stingray…claiming that they simply can’t violate those FBI nondisclosure agreements. “More often than not, police use Stingrays without bothering to get a warrant, instead seeking a court order on a more permissive legal standard. This is part of the charm of a new technology for the authorities: nothing is settled on how to use it.” Stingray is more than a 1960s TV series with puppets. Several state judges estimate there have been hundreds of instances where police have used the Stingray tool without a warrant or telling a judge. Slashdot reader Presto Vivace writes: This is why it matters who wins the mayor and city council races. Localities do not have to accept this technology. Read more of this story at Slashdot.