Misconfigured Database Exposes Information on Millions in Ecuador: Difference between revisions

Security researchers at vpnMentor find a misconfigured server with information on over 20 million people in Ecuador, Libra Association members meet with officials from 26 central banks, and the $100 million Grant for the Web seeks to build out the Web Monetization standard.

Headlines

• Database leaks data on most of Ecuador's citizens, including 6.7 million children

ZDNet reports that security researchers at vpnMentor found a misconfigured Elasticsearch server with a database with information on most Ecuadorian citizens, including names, family members, civil registration data, financial and work information, and data on car ownership. The database has 20.8 million user records and appears to combine the government's civil registry and private sources, including 6.77 million entries for children. Ecuador has a population of 16.6 million people. The database was eventually secured after vpnMentor reached out to the Ecuador Computer Emergency Response Team. vpnMentor and ZDNet independently verified the source as the analytics firm Novaestrat.

• France, Germany blast Facebook's Libra, back public cryptocurrency

Finance Ministers from France and Germany said Friday that the Libra cryptocurrency poses risks to the financial sector and monetary sovereignty. They said the Libra project blueprints fail to convince them that the risks will be properly addressed. However a spokeswoman for the European Commission told Reuters that “with the publicly available information on Libra, it is currently not possible to say which exact EU rules would apply.” The EU does not have specific regulations on cryptocurrencies. The European Central Bank announced it is working on a long term plan to launch its own public digital currency and real-time payment system known as TIPS. It would let consumers use electronic cash without needing a bank account or other financial intermediaries.

• Central banks to grill Facebook over Libra

Representatives from the Libra Association are meeting with the Bank of International Settlements’ (BIS) Committee on Payments and Market Infrastructure on September 16th. The meeting will include officials from 26 central banks and focus on the scope and design of Libra that will inform a report to G7 finance ministers. This will include officials from the U.S. Federal Reserve, the Bank of England, and the European Central Bank.

• Apple introduces a ‘grace period’ for lapsed App Store subscriptions

Apple is allowing developers of app store apps to offer a grace period of 6-16 days for lapsed subscriptions. This gives Apple more time to collected payments for auto-renewing subscriptions that may have failed because of a change of address or credit card expiration date. Developers need to opt in and build server-side support to implement the grace period in their apps. Google Play has supported grace periods since 2018.

• Discord gives up on subscription games because no one was playing them

Discord is phasing out game bundles it launched last year for its $9.99-per-month (or $99 annually) Nitro subscription service. Discord said in a statement ”While we and some of you love these games, the truth is the vast majority of Nitro subscribers didn’t play them. So, after careful consideration, we won’t be hitting continue when these contracts come up for renewal." The Nitro Games catalog will be removed on October 15th.

• Mozilla and Creative Commons want to reimagine the internet without ads, and they have $100M to do it

Mozilla, Creative Commons, and the micropayments startup Coil announced a $100 million Grant for the Web, designed to spur adoption and build out technology for the Web Monetization standard for browser-based micropayments. The Grant will give roughly $20 million per year for five years to content sites, open source infrastructure developers, and others building around Web Monetization, with 50% of funds going to organizations that use open licenses like Creative Commons. The three companies are setting up an advisory council to determine how the funds will be distributed.

• Wi-Fi 6 certification is here to make next-gen speeds a widespread reality

The Wi-Fi Alliance launched the Wi-Fi Certified 6 program, allowing manufacturers to certify devices using 802.11ax Wi-Fi radios. Certification means devices support WPA3 encryption, multi-user multiple input multiple output, 160 MHz channels, and orthogonal frequency division multiple access, which allows Wi-Fi 6 routers to serve multiple clients simultaneously from a single channel.

• Motorola launches its first-ever Android TVs in India (plus, the Moto E6S)

Motorola released its first range of smart TVs, which will ship in India and made in partnership with Flipkart. The LED TVs range from a 32-inch hd-ready unit for 13,999 rupees to a 65-inch 4k display for 64,999 rupees, all running the stock Android TV interface, running Android 9 with the Google Play store, and include built-in Chromecast support and Google Assistant voice commands. Internally the devices will use a a quad-core MediaTek chipset with 2.25GB of RAM and 16GB of internal storage, and Motorola says the sets have Dolby Vision certification for HDR 10 content. Shipping starts September 29th.

• Vivo announces Nex 3 5G with ‘waterfall’ curved screen, 64-megapixel camera, and virtual buttons

Vivo announced the Nex 3 smartphone, featuring a 6.89-inch 1080p OLED display that curve over the sides of the phone, resulting in a screen-to-body ratio of 99.6 percent. Because of this "waterfall" display, the device uses Touch Sense virtual buttons with haptic feedback. The phone will come in LTE an 5G variants, feature a Snapdragon 855 Plus SoC, a vapor chamber cooling system, in-screen fingerprint reader, 4500mAh battery and 44W fast charging. The phone has a trio of cameras on back, a 64-megapixel primary camera, a 13-megapixel ultrawide, and a 13-megapixel telephoto, along with a pop up 16MP selfie camera. Pricing and release date haven't been announced, but Vivo said it will be available in Asia Pacific, Southeast Asia and other markets in the coming months.

• LastPass bug leaks credentials from previous site

The password manager LastPass patched an exploit, initially discovered by Tavis Ormandy of Google's Project Zero, that exposed credentials entered on a previously visited site. The exploit relied on executing malicious JavaScript code with no user interaction needed, and could be exploited by directing users to a malicious website. LastPass patched the exploit in version 4.33.0 on September 12, users with automatic extension updates should be fine.

Links

• This episode on dailytechnewsshow.com
• Support DTNS on Patreon
• DTNS subreddit

Preceded by: "Week in Review for the Week of 9/9/19"

Misconfigured Database Exposes Information on Millions in Ecuador

Followed by: "NBCs Peacock Streaming Service Launches April 2020"