Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

Firefox Enables Encrypted DNS by Default

Andrew Orr ·

Starting today, Firefox will begin rolling out support for encrypted DNS over HTTPS for U.S.-based users.

We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear.

You can choose between Cloudflare and NextDNS. As I mentioned in my roundup of DNS services, I’ve been using NextDNS for the past couple weeks and I love it.

Link

Netflix Top 10 Lists Appear Today to Show Popular Content

Andrew Orr ·

Starting today Netflix is rolling out a Top 10 lists feature that will update every day. It will feature the platform’s most popular content.

“Starting today you’ll notice something new when you go on Netflix: The Top 10 row,” the company said in a tweet. “The lists update daily to show what’s popular in your country and are broken into three categories: Netflix overall, shows & films.”

The most popular Netflix offerings in your country should show up in their own row once you log in to your Netflix account, the company said. “The list is rolling out globally now and should be on your homepage by the end of the day at the latest.”

Link

HackerOne Punished Researchers Who Disclosed PayPal Bugs

Andrew Orr ·

HackerOne is a bug bounty platform that connects companies with security researchers. Recently, when researchers used the platform to disclose six PayPal vulnerabilities, they were punished.

When our analysts discovered six vulnerabilities in PayPal…we were met with non-stop delays, unresponsive staff, and lack of appreciation…When we pushed the HackerOne staff for clarification on these issues, they removed points from our Reputation scores, relegating our profiles to a suspicious, spammy level.

This happened even when the issue was eventually patched, although we received no bounty, credit, or even a thanks…We’ll assume that HackerOne’s response is representative of PayPal’s response.

Stardew Valley 1.4 Update Finally Available for iOS
Cool Stuff Found

Stardew Valley 1.4 Update Finally Available for iOS

Andrew Orr ·

Long awaited by mobile gamers, the huge Stardew Valley 1.4 update is finally available for iOS and iPadOS. There are new 14 heart events for every spouse, a new late-game building upgrade in town, Fish Ponds for farming, over 60 new items, 24 hairstyles, 181 shirts, and other new clothing items, or create your own clothes with the Tailoring skill, sheds can be upgraded, 14 new music tracks, transfer save files on PC to mobile, and various Quality of Life improvements.

Link

Intuit Could Buy Credit Karma for $7 Billion

Andrew Orr ·

Financial services giant Inuit, which has products like TurboTax and Mint, is close to a deal to buy Credit Karma for US$7 billion.

There is a potentially significant business opportunity for Intuit if it completes a deal. For example, Intuit could try to match all the tax data its TurboTax customers provide with the credit-scoring data that Credit Karma holds.

That could let Intuit serve up better customer prospects to credit card issuers — and eventually let Intuit charge lenders more for access to its hoard of data.

Link

These Tiny Chips Could Help Stop Counterfeits

Andrew Orr ·

MIT researchers created tiny (0.002 square inches) chips that could help combat supply chain counterfeiting.

It’s millimeter-sized and runs on relatively low levels of power supplied by photovoltaic diodes. It also transmits data at far ranges, using a power-free “backscatter” technique that operates at a frequency hundreds of times higher than RFIDs. Algorithm optimization techniques also enable the chip to run a popular cryptography scheme that guarantees secure communications using extremely low energy.

Sounds interesting. I wonder if these could be used for more than counterfeits.

Featured Image credit: MIT News

Link

SlickWraps Was Hacked, But Hasn’t Done Anything About It

Andrew Orr ·

SlickWraps makes skins for iPhones and Androids. It was recently hacked, but fortunately by a white hat hacker without malicious intentions. The story behind it is fascinating, especially because the company has blocked him and so far has failed to do anything about it.

To say I went to great lengths to treat SlickWraps equitably would be an understatement. Candidly, after the staggering number of primitive security flaws exhibited by their administrators (e.g. the vulnerability to Dirty COW, an exploit which was patched in 2016), I question whether they deserved the leniency I am about to describe.

Update: Other people are hacking the company too. One of them sent emails to SlickWraps customers, telling them to tweet and email the company, which responded to the incident on Twitter.

Link

Google Search Reveals Private WhatsApp Groups

Andrew Orr ·

Google indexes links to WhatsApp group invites that may be private, meaning people can find and join them.

Motherboard used a number of specific Google searches to find invite links to WhatsApp groups. Some of the groups appear to not be overly sensitive or for a particular audience. Many of the links on Google lead to groups for sharing porn.

But others appear to be catered to specific groups. Motherboard entered one WhatsApp group chat that described itself as being for NGOs accredited by the United Nations. After joining, Motherboard was able to see a list of all 48 participants and their phone numbers.

Link

FCC Forced to Get Public Opinion on Net Neutrality

Andrew Orr ·

A court order is forcing the FCC to once again ask the public’s opinion on whether gutting net neutrality was a good idea. And just like last time, the agency is doing everything possible to distract, deflect, and defend.

In a reminder of just how petty federal telecoms regulation has become, the FCC can’t even take this implicit rebuke professionally. And so it attempted to hide the reality of the situation by flooding its announcements website on Wednesday with suddenly important news and describing the public comment period in the most obscure terms possible.

Link

Defense Information Systems Agency Suffers Data Breach

Andrew Orr ·

Between May and July 2019 sensitive data like Social Security Numbers were stolen from servers belonging to the Defense Information Systems Agency (DISA), a U.S. defense agency. Earlier this month it notified victims.

The Defense Information Systems Agency has begun issuing letters to people whose personally identifiable information may have been compromised in a data breach on a system hosted by the agency. While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised.

Link

AI Could Build the Next JPEG Image Codec

Andrew Orr ·

The Joint Photographic Experts Group (JPEG) is exploring methods to use machine learning to create the next JPEG image codec.

In a recent meeting held in Sydney, the group released a call for evidence to explore AI-based methods to find a new image compression codec. The program, aptly named JPEG AI, was launched last year; with a special group to study neural-network-based image codecs.

Link

Twitter Tests Fake News Warning System

Andrew Orr ·

Twitter is testing a fake news warning system on its platform. Bright labels will appear under tweets with misinformation.

Twitter confirmed that the leaked demo, which was accessible on a publicly available site, is one possible iteration of a new policy to target misinformation it plans to roll out March 5.

In this version, disinformation or misleading information posted by public figures will be corrected directly beneath the tweet by fact-checkers and journalists who are verified on the platform, and possibly other users who will participate in a new “community reports” feature, which the demo claims is “like Wikipedia.”

I could see “community reports” abused by Twitter trolls mass-reporting anything they disagree with as fake news. Hopefully Twitter builds a good system.

Link

This Startup Wants to Build a “GitHub for Data”

Andrew Orr ·

A startup called Gretel wants to build a “GitHub for data” so developers can safely access sensitive data.

Often, developers don’t need full access to a bank of user data — they just need a portion or a sample to work with. In many cases, developers could suffice with data that looks like real user data.

This so-called “synthetic data” is essentially artificial data that looks and works just like regular sensitive user data. Gretel uses machine learning to categorize the data — like names, addresses and other customer identifiers — and classify as many labels to the data as possible. Once that data is labeled, it can be applied access policies. Then, the platform applies differential privacy — a technique used to anonymize vast amounts of data — so that it’s no longer tied to customer information.

 

Link

This Company Sells Your Credit Card Data

Andrew Orr ·

Yodlee is the biggest financial data broker in the U.S., and it routinely sells your credit card data to investment and research firms.

The Yodlee document describes in detail what type of data its clients gain access to, how the company manages that data across its infrastructure, and the specific measures Yodlee takes to try and anonymize its dataset…Once logged into Yodlee’s server, clients download the data as a large text file, rather than interacting with the data in a dashboard or interface that stays solely within Yodlee’s control, according to the document.