DuckDuckGo says no to those Microsoft trackers after revolt • The Register

In brief DuckDuckGo has finally mostly cracked down on the third-party Microsoft tracking scripts that got the alternative search engine into hot water earlier this year.

In May, DDG admitted its supposedly pro-privacy mobile browser wasn’t blocking certain Microsoft trackers, while actively blocking other types of third-party trackers by Microsoft and other organizations, confirming findings by data-usage researcher Zach Edwards.

This special exception for the Windows giant was due to “contractual commitments with Microsoft,” DuckDuckGo CEO Gabriel Weinberg said at the time.

This caused a storm among netizens, and provoked some sharp criticism from the competition. Now, late on Friday this week, DDG said the full blocks would be added against Redmond.

“Previously, we were limited in how we could apply our 3rd-Party Tracker Loading Protection on Microsoft tracking scripts due to a policy requirement related to our use of Bing as a source for our private search results,” it quietly quacked.

“We’re glad this is no longer the case. We have not had, and do not have, any similar limitation with any other company.”

That said, Microsoft scripts from bat.bing.com, used to measure the effectiveness of web adverts, will not be blocked by DDG’s mobile browser if fetched by an advertiser’s website following a DuckDuckGo ad click. Ie, if you tap on an advert on a DDG search results page, get taken to the advertiser’s website, and the advertiser pulls a script from bat.bing.com to detect and record whether anything you subsequently ordered was a result of that advert, the browser won’t block that script.

“For anyone who wants to avoid this, it’s possible to disable ads in DuckDuckGo search settings,” the biz said, adding that it is working on removing support for bat.bing.com with alternative non-profiling ad conversion tracking.

While this may placate some users, a lot of goodwill no doubt has been lost.

Twitter confirms data stolen via privacy blunder

Back in January, Twitter fixed a privacy flaw that made it easy to unmask users. This week, the biz confirmed that the Twitter user data that went on sale earlier this year was indeed taken via that specific security hole.

Exploiting the bug was pretty easy: it was possible to send an email address or phone number to one part of Twitter’s systems, and have it tell you which Twitter account was associated with that contact information, if any, even if they had chosen not to disclose those details in their privacy settings. Thus, for instance, if you suspected someone had a pseudonymous Twitter profile, you could give their contact info to Twitter, and the site would confirm their handle. Or you could just feed the site a load of details and have it map them to accounts.

This would be useful for nation states and other organizations that are keen to know who is behind particular Twitter accounts.

“If someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” the micro-blogging biz said Friday. “This bug resulted from an update to our code in June 2021,” it added.

The flaw was addressed soon after it was disclosed via Twitter’s bug bounty program in January, we’re told. It was then reported in July that someone had seemingly exploited the privacy hole prior to its patching and was selling information obtained from Twitter’s servers.

Although Twitter has now acknowledged that this info was stolen via the bug before it was fixed, it’s understood that 5.4 million Twitter users had their details harvested and put up for sale.

A window into the world of Pegasus

An investigation into spyware used by the government of Israel has discovered that Israeli cops had their own version of NSO’s Pegasus snoopware dubbed Seifan as early as 2016. We’ve also been treated to a view of the software control panel for the espionage tool, revealing its real-time surveillance capabilities and other functions.

Deputy Israeli Attorney General Amit Merari, leader of an investigative committee looking into police use of spyware, published a report Monday detailing the committee’s findingsIsraeli news site Haaretz reported.

Seifan, according to Merari’s investigation, may have been pitched to the Israeli government as early as 2014 in a form that analysts described to Haaretz as a beta form of the now-notorious spyware. The investigation showed that the Israeli Police used the technology in a manner “beyond its legal authority,” and that the group responsible for its operation is still in possession of illegally gathered data.

Among the capabilities of the Seifan Pegasus variant are all the usual table stakes: data exfiltration, call interception, and the like. Also included in the police version of Pegasus was “volume listening” that allowed police to snoop on an infected device’s microphone in real time, and remote operation of a handset’s cameras.

Haaretz said the latter tool is likely illegal, as Israeli law “does not explicitly permit the planting of concealed cameras, and certainly does not permit the remote control of a camera by hacking a suspect’s mobile device.”

Pegasus isn’t restricted to Israel, either: NSO, the Israeli company that developed the spyware, has tried to downplay fears by saying it has sold Pegasus to fewer than 50 customers, at least five of which were EU member states, though. According to reports, Pegasus has been used to spy on political dissidents, journalists, and other government targets, including murdered Washington Post journalist Jamal Khashoggi.

The Merari investigation found that, while Israeli Police were using spyware, no eavesdropping took place outside of court-ordered situations.

“Police use of [Seifan] was solely for the purpose of preventing and solving serious crimes, and subject to court warrants, and that no intentional actions were taken in contravention of the law,” the Israeli Police said in a statement to Haaretz.

Critical flaws in Cisco email hardware: Patch now

Vulnerabilities in Cisco’s AsyncOS for physical and virtual email appliances have been patched, and anyone with an affected system is advised to update now.

Cisco notified customers of the security holes in June, and recently updated the notice to point to AsyncOS patches for the flaws, which could allow a remote attacker to bypass authentication and log into the web administration console for an affected device.

Caused by improper authentication checks when using LDAP for external authentication, the vulnerability has a CVSS score of 9.8. It affects all Cisco Email Security Appliances and Cisco Secure Email and Web Managers running vulnerable versions of AsyncOS that are configured for external authentication and use LDAP as a protocol.

Cisco noted that external authentication is disabled by default, but warns users of its email appliances to double-check the settings to ensure they’re not leaving equipment exposed.

Secure Email and Web Manager appliances running AsyncOS versions 13, 13.6, 13.8, 14, and 14.1 can find updates, and those using Email Security Appliances will find updates available for AsyncOS versions 13 and 14. Links to the updated version can be found in the Cisco security advisory linked above.

AsyncOS release 11 is out of support, Cisco said, and those using this version or older should migrate to a fixed release. Release 12 doesn’t appear to be getting updates against exploitation, either.

For those who can’t update to a newer version of AsyncOS, Cisco said a workaround is available by disabling anonymous binds on the external authentication server. Cisco said it has not discovered any malicious use of the vulnerabilities in the field.

Cybercriminals book Uber to hurry up scams

Scammers may now be offering to send Ubers to victims’ homes to ferry them to banks to withdraw large sums from their accounts.

That’s the story from Towson, Maryland, USA, where an 80-year-old woman targeted by fraudsters was offered a courtesy ride to the bank to fix an “accidental” $160,000 bank withdrawal, as reported by infosec blogger Brian Krebs.

The scammers used a familiar tactic that, in this instance, happened to work out well: they posed as Best Buy employees collecting payment for an appliance installation; the victim had coincidentally just had a dishwasher fitted for her not long before. The scammers said the victim owed $160.

After persuading her to install and run remote-control software on her computer, the scammers had her log into her bank account so they could sort out the payment, and then said they “accidentally” transferred $160,000 into her account instead of taking out $160. Next, the cybercriminals tried to get the woman to go to her bank in person to wire “back” the money.

When she said she didn’t drive, the crooks said they would send an Uber to her home. It’s unknown if the Uber came: the victim’s son told Krebs that she went to the home of a neighbor after the phone call, who figured out it was a scam.

While it’s often assumed that older people are the most common victims of online fraud, multiple studies point to a different conclusion: young people are most likely to fall for a digital scam. Reported reasons vary, but in general younger internet users are seen as overly confident in their online security skills, leading to riskier behavior without a full understanding of what can go wrong.

CISA’s top malware strains of 2021

The US Cybersecurity and Infrastructure Security Agency, along with the Australian Cyber ​​Security Centre, have released an informative, if somewhat late, report naming their top observed malware strains of 2021.

According to the agencies, remote-access trojans, banking trojans, information stealers and ransomware topped the list, with most strains included having been on the scene for more than five years.

“Updates made by malware developers, and reuse of code from these malware strains, contribute to the malware’s longevity and evolution into multiple variations,” the advisory read.

Eleven malware strains are mentioned in the report, most of which we’ve covered to some capacity:

  • Agent Tesla has been used in phishing campaigns against the US oil industry
  • AZORult is a data harvesting malware that targets Windows
  • Formbooka data stealer also known as XLoader, has been spotted on Ukrainian systems
  • Ursnif is a banking malware first spotted in 2008
  • LokiBot is a banking trojan in use for years
  • MOUSEISLAND is a Word macro downloader; given recent Microsoft updates to macro usage, it may have to adapt to a new tactic
  • NanoCore is a RAT that landed its developer in prison
  • Qbot is a data stealer that uses the Windows Follina exploit
  • Remcos is allegedly legitimate pentesting software often used by cybercriminals
  • TrickBot is a form of ransomware whose Russian creator was recently arrested in South Korea
  • Gootkit has been used to promote malicious websites in search engine results

Cybersecurity company Tenable said CISA’s list of top malware has an interesting overlap with the most exploited vulnerabilities of 2021: they rely on each other.

Citing CISA’s list of the 36 most commonly exploited vulnerabilities of 2021, Tenable said four of them are represented by malware in the list covered here, with two released after the relevant timeframe. Of the vulnerabilities Tenable singled out, several are exploitable by multiple malware families.

Tenable said it’s seen “sustained exploitation of these flaws by various threat actors,” and said it’s concerned that exploits of older vulnerabilities continue to be common.

“Continued exploitation is troubling evidence that organizations are leaving these flaws unremediated, which is particularly concerning considering how many Print Spooler flaws Microsoft has patched in the intervening year since PrintNightmare,” Tenable said. ®

Related Posts

89 thoughts on “DuckDuckGo says no to those Microsoft trackers after revolt • The Register

  1. Hello colleagues, its great piece of writing concerning educationand completely explained, keep it up all the time.

  2. Quality articles or reviews is the crucial to interest the viewers to go to see the web site, that’s what this web page is providing.

  3. A motivating discussion is worth comment. I think that you need to write more about this topic, it may not be a taboo matter but usually people do not talk about these issues. To the next! Cheers!!

  4. Thankfulness to my father who shared with me on the topic of this blog, this website is genuinely remarkable.

  5. Greetings! I know this is kinda off topic but I was wondering which blog platform are you using for this website? I’m getting fed up of WordPress because I’ve had problems with hackers and I’m looking at alternatives for another platform. I would be fantastic if you could point me in the direction of a good platform.

  6. I was recommended this website by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my trouble. You’re amazing! Thanks!

  7. Do you have a spam problem on this blog; I also am a blogger, and I was wondering your situation; many of us have created some nice procedures and we are looking to trade methods with other folks, be sure to shoot me an email if interested.

  8. Good post. I learn something new and challenging on websites I stumbleupon on a daily basis. It’s always helpful to read through articles from other authors and practice something from other websites.

  9. I have been surfing on-line more than three hours these days, yet I never discovered any fascinating article like yours. It’s pretty worth enough for me. In my view, if all site owners and bloggers made good content material as you did, the internet might be much more useful than ever before.

  10. Hi to all, the contents existing at this web site are actually remarkable for people knowledge, well, keep up the nice work fellows.

  11. I needed to thank you for this excellent read!! I definitely loved every bit of it. I have you saved as a favorite to look at new things you post…

  12. Hey there, You’ve done a fantastic job. I will definitely digg it and personally recommend to my friends. I am confident they will be benefited from this site.

  13. Hey there! I know this is kinda off topic nevertheless I’d figured I’d ask. Would you be interested in exchanging links or maybe guest writing a blog article or vice-versa? My website goes over a lot of the same subjects as yours and I feel we could greatly benefit from each other. If you’re interested feel free to shoot me an e-mail. I look forward to hearing from you! Excellent blog by the way!

  14. I know this website offers quality based articles and other information, is there any other web site which presents such stuff in quality?

  15. My partner and I absolutely love your blog and find most of your post’s to be exactly what I’m looking for. can you offer guest writers to write content available for you? I wouldn’t mind publishing a post or elaborating on a lot of the subjects you write regarding here. Again, awesome web site!

  16. Thank you a bunch for sharing this with all folks you actually know what you’re talking about! Bookmarked. Please also talk over with my website =). We could have a hyperlink change arrangement among us

  17. Hi it’s me, I am also visiting this website regularly, this website is in fact good and the people are truly sharing good thoughts.

  18. Hello! I just wanted to ask if you ever have any problems with hackers? My last blog (wordpress) was hacked and I ended up losing several weeks of hard work due to no data backup. Do you have any solutions to protect against hackers?

  19. Hello! I just wish to give you a huge thumbs up for the great information you have right here on this post. I’ll be coming back to your website for more soon.

  20. This article gives clear idea designed for the new viewers of blogging, that genuinely how to do blogging.

  21. Thanks for a marvelous posting! I certainly enjoyed reading it, you will be a great author. I will remember to bookmark your blog and will often come back later in life. I want to encourage that you continue your great posts, have a nice holiday weekend!

  22. I am actually thankful to the holder of this site who has shared this wonderful paragraph at at this time.

  23. Hi there to every one, the contents existing at this web site are genuinely amazing for people knowledge, well, keep up the good work fellows.

  24. Hey there! I know this is somewhat off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding one? Thanks a lot!

  25. What’s up everyone, it’s my first pay a quick visit at this web page, and article is in fact fruitful designed for me, keep up posting these types of content.

  26. I like the helpful information you provide in your articles. I will bookmark your weblog and check again here frequently. I am quite sure I will learn lots of new stuff right here! Good luck for the next!

  27. Hello! Do you use Twitter? I’d like to follow you if that would be okay. I’m undoubtedly enjoying your blog and look forward to new updates.

  28. What’s Happening i am new to this, I stumbled upon this I have discovered It absolutely helpful and it has aided me out loads. I’m hoping to contribute & assist other users like its helped me. Good job.

  29. This design is steller! You certainly know how to keep a reader amused. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Fantastic job. I really loved what you had to say, and more than that, how you presented it. Too cool!

  30. Hi, i think that i saw you visited my site so i came to “return the favor”.I am trying to find things to improve my site!I suppose its ok to use some of your ideas!!

  31. I have been surfing online more than three hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. Personally, if all webmasters and bloggers made good content as you did, the internet will be a lot more useful than ever before.

  32. It’s a shame you don’t have a donate button! I’d most certainly donate to this superb blog! I suppose for now i’ll settle for book-marking and adding your RSS feed to my Google account. I look forward to new updates and will talk about this blog with my Facebook group. Chat soon!

  33. I do believe all of the ideas you’ve presented for your post. They are really convincing and will definitely work. Still, the posts are too quick for starters. May just you please prolong them a bit from subsequent time? Thanks for the post.

  34. Have you ever thought about adding a little bit more than just your articles? I mean, what you say is valuable and all. However imagine if you added some great graphics or video clips to give your posts more, “pop”! Your content is excellent but with images and clips, this blog could certainly be one of the very best in its niche. Very good blog!

  35. Hi, I do believe this is a great web site. I stumbledupon it 😉 I am going to revisit yet again since I book marked it. Money and freedom is the best way to change, may you be rich and continue to guide other people.

  36. This is really interesting, You are a very skilled blogger. I have joined your feed and look forward to seeking more of your excellent post. Also, I have shared your site in my social networks!

  37. I was recommended this blog by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my difficulty. You’re incredible! Thanks!

  38. Generally I don’t read article on blogs, however I wish to say that this write-up very forced me to take a look at and do so! Your writing style has been surprised me. Thank you, quite great article.

  39. Way cool! Some very valid points! I appreciate you penning this write-up plus the rest of the website is very good.

  40. hello there and thank you for your information – I’ve certainly picked up something new from right here. I did however expertise some technical issues using this site, as I experienced to reload the web site a lot of times previous to I could get it to load correctly. I had been wondering if your web host is OK? Not that I’m complaining, but sluggish loading instances times will very frequently affect your placement in google and can damage your quality score if ads and marketing with Adwords. Well I am adding this RSS to my e-mail and can look out for much more of your respective exciting content. Ensure that you update this again soon.

  41. It’s really a great and useful piece of info. I’m satisfied that you just shared this useful info with us. Please stay us informed like this. Thank you for sharing.

  42. Howdy! I know this is kinda off topic however I’d figured I’d ask. Would you be interested in trading links or maybe guest authoring a blog post or vice-versa? My website addresses a lot of the same subjects as yours and I think we could greatly benefit from each other. If you are interested feel free to send me an e-mail. I look forward to hearing from you! Fantastic blog by the way!

  43. What’s up to every body, it’s my first go to see of this website; this website carries awesome and in fact fine stuff for readers.

  44. I was wondering if you ever thought of changing the layout of your blog? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or two images. Maybe you could space it out better?

  45. My brother recommended I might like this blog. He was totally right. This post actually made my day. You cann’t imagine just how much time I had spent for this information! Thanks!

  46. What you wrote made a lot of sense. But, what about this? what if you added a little content? I am not saying your information isn’t good, but what if you added something to possibly get people’s attention? I mean DuckDuckGo says no to those Microsoft trackers after revolt • The Register is kinda boring. You ought to glance at Yahoo’s front page and see how they create post headlines to get people to open the links. You might try adding a video or a pic or two to get readers excited about what you’ve written. Just my opinion, it could make your posts a little livelier.

  47. Exceptional post but I was wondering if you could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit more. Bless you!

  48. I am regular visitor, how are you everybody? This article posted at this website is really pleasant.

  49. I have been exploring for a bit for any high-quality articles or weblog posts in this sort of house . Exploring in Yahoo I ultimately stumbled upon this website. Reading this info So i am happy to exhibit that I’ve a very excellent uncanny feeling I discovered just what I needed. I so much no doubt will make certain to don?t forget this web site and give it a look regularly.

  50. I will right away grab your rss feed as I can not find your email subscription hyperlink or newsletter service. Do you have any? Kindly let me recognize in order that I may just subscribe. Thanks.

  51. Unquestionably believe that which you said. Your favorite reason seemed to be on the internet the simplest thing to be aware of. I say to you, I definitely get irked while people consider worries that they plainly don’t know about. You managed to hit the nail upon the top and defined out the whole thing without having side-effects , people can take a signal. Will probably be back to get more. Thanks

  52. Hi, I do think this is an excellent site. I stumbledupon it 😉 I’m going to return once again since i have bookmarked it. Money and freedom is the best way to change, may you be rich and continue to help other people.

  53. Hi there, I found your site by means of Google even as looking for a comparable matter, your website came up, it looks good. I’ve bookmarked it in my google bookmarks.
    Hello there, just was aware of your blog through Google, and located that it is truly informative. I’m going to be careful for brussels. I will appreciate if you happen to continue this in future. A lot of other people might be benefited out of your writing. Cheers!

  54. We stumbled over here different website and thought I should check things out. I like what I see so i am just following you. Look forward to going over your web page again.

  55. I don’t even know how I ended up here, but I thought this post was good. I do not know who you are but definitely you’re going to a famous blogger if you are not already 😉 Cheers!

  56. Fantastic web site. Plenty of helpful information here. I’m sending it to several buddies ans additionally sharing in delicious. And certainly, thanks for your effort!

  57. Pretty nice post. I just stumbled upon your blog and wanted to say that I have truly enjoyed surfing around your blog posts. After all I’ll be subscribing to your rss feed and I hope you write again soon!

  58. Excellent way of telling, and good article to obtain data regarding my presentation subject, which i am going to present in school.

  59. I’m impressed, I have to admit. Rarely do I encounter a blog that’s equally educative and amusing, and without a doubt, you have hit the nail on the head. The issue is something too few men and women are speaking intelligently about. I’m very happy that I stumbled across this during my search for something concerning this.

  60. You really make it appear really easy with your presentation but I in finding this topic to be really something which I think I’d by no means understand. It kind of feels too complex and very wide for me. I’m looking forward in your subsequent submit, I’ll try to get the grasp of it!

  61. My developer is trying to persuade me to move to .net from PHP. I have always disliked the idea because of the expenses. But he’s tryiong none the less. I’ve been using WordPress on a number of websites for about a year and am anxious about switching to another platform. I have heard good things about blogengine.net. Is there a way I can import all my wordpress content into it? Any help would be really appreciated!

  62. Heya i’m for the first time here. I found this board and I find It really useful & it helped me out a lot. I hope to give something back and aid others like you helped me.

  63. Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your webpage? My website is in the exact same niche as yours and my visitors would really benefit from some of the information you provide here. Please let me know if this ok with you. Many thanks!

  64. Hi there are using WordPress for your blog platform? I’m new to the blog world but I’m trying to get started and create my own. Do you require any coding expertise to make your own blog? Any help would be really appreciated!

  65. Incredible! This blog looks just like my old one! It’s on a entirely different subject but it has pretty much the same layout and design. Great choice of colors!

  66. you are actually a just right webmaster. The web site loading velocity is incredible. It kind of feels that you’re doing any unique trick. Moreover, The contents are masterpiece. you’ve done a wonderful activity in this subject!

  67. It’s remarkable in favor of me to have a website, which is good designed for my know-how. thanks admin

  68. I was wondering if you ever thought of changing the layout of your site? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or 2 images. Maybe you could space it out better?

  69. Hi to all, how is the whole thing, I think every one is getting more from this web site, and your views are nice in support of new visitors.

  70. I love your blog.. very nice colors & theme. Did you make this website yourself or did you hire someone to do it for you? Plz respond as I’m looking to construct my own blog and would like to know where u got this from. thanks a lot

  71. I like the helpful information you provide in your articles. I’ll bookmark your blog and check again here frequently. I am quite sure I’ll learn lots of new stuff right here! Best of luck for the next!

  72. It’s wonderful that you are getting thoughts from this paragraph as well as from our argument made at this place.

  73. Hiya, I am really glad I’ve found this info. Nowadays bloggers publish just about gossips and net and this is actually annoying. A good site with exciting content, this is what I need. Thank you for keeping this website, I will be visiting it. Do you do newsletters? Can not find it.

  74. Great blog here! Also your site loads up fast! What web host are you using? Can I get your affiliate link to your host? I wish my web site loaded up as fast as yours lol

  75. I absolutely love your site.. Pleasant colors & theme. Did you develop this amazing site yourself? Please reply back as I’m planning to create my own personal blog and would like to know where you got this from or what the theme is called. Thanks!

  76. Heya i am for the first time here. I found this board and I find It truly useful & it helped me out a lot. I hope to give something back and aid others like you aided me.

Leave a Reply

Your email address will not be published. Required fields are marked *