So naive of me, assuming that an issue is fixed just because it should be according to the vendor's timeline. Three months in, the vendor managed to implement a one-line fix for the Chrome extension but not Firefox. The application remains vulnerable. Six days to go...
And now I can go back to more important stuff: there was a huge vulnerability in an antivirus product (not Avast for a change), to be published next Tuesday.
I got my hands on a sample of Jumpshot data. My analysis confirms what everybody already suspected: Avast failed anonymizing the data they sold, leaving plenty of personal data untouched. #Avast #Jumpshot #privacy
Then again, now that I am looking closer this server appears to recognize my default SSH key. And the issue seems to be that I used that key on GitHub until 3 years ago. So it looks like the scrapped GitHub keys are a bit dated.
There I was thinking that using different SSH keys for each server was sufficient protection. Who thought that sending all of them to any server you try to connect to was a good idea?
Oh, so actually is actually a working process to get extensions removed from Chrome Web Store, other than having a contact on the inside. The Developer Data Protection Reward Program works apparently, at least if a privacy issue can be demonstrated. https://duo.com/labs/research/crxcavator-malvertising-2020
I'm rather late to the party but the Avast story took the not quite unexpected turn. I wonder whether this investigation will really conclude that Avast's practices were all GDPR-compliant. #Avast #privacy
Unfortunately, the article's title promises more than what's really there. Lesson in crisis management? After reading the article I still don't know what the lesson is supposed to be. It's mostly speculation about Avast's stock prices, not so much management's actions.
As @MonztA@twitter.com points out, the trick of googling the article title and going to the Financial Times still works. They disable the paywall if they see Google as referrer...
Ah, there is a public blog post on the topic: https://blog.avast.com/a-message-from-ceo-ondrej-vlcek
I guess this proves that I've never really known Bash. Until today I didn't realize that [ is a program located in /usr/bin.
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
A Mastodon instance for info/cyber security-minded people.