loophole
Latest
G20 leaders will discuss raising taxes for big tech firms next week
For years, European countries have been grappling with how to get big tech firms to pay more taxes. They've proposed interim taxes on revenues, suggested global minimum taxes and slapped companies with hefty fines. We may be getting closer to a solution. Next week, G20 finance ministers are expected to discuss a proposed tax overhaul that would target big multinational firms, including Google, Amazon, Apple and Facebook.
Senators question whether Facebook is doing enough to protect kids’ privacy
Senators are questioning Facebook again. This time their concerns are related to a technical error that let thousands of kids join group chats with unauthorized users, The Verge reports. Senators Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) wrote a letter to Mark Zuckerberg today, asking whether Facebook has done enough to protect children's online safety.
Apple's new USB security feature has a major loophole
Apple's new USB Restricted Mode, which dropped with the iOS 11.4.1 release yesterday, may not be as secure as previously thought. The feature is designed to protect iPhones against USB devices used by law enforcement to crack your passcode, and works by disabling USB access after the phone has been locked for an hour. Computer security company ElcomSoft, however, has found a loophole.
Google won't have to pay $1.3 billion in back taxes to France
Back in February, France took Google to court demanding back taxes of $1.7 billion. But it wasn't clear whether the search titan, whose European headquarters is based in Ireland, would be subject to continental taxes. A French court just decided in Google's favor, sparing it from the $1.3 billion award for tax years 2005 to 2010 that France was seeking.
Apple clamps down on its App Store refund loophole in Europe
Apple probably thought it was doing everyone a favour when it introduced a two-week refund policy for iTunes and App Store purchases in Europe. But of course, as is always the way with technology, if there's an unintended flaw hidden away you can guarantee someone will find it. On this occasion it was 9to5Mac, who discovered that anyone can keep a recently purchased app on their device, even after Apple has processed the refund for it. The apps aren't removed and the user isn't locked out, so there was nothing to stop savvy iPhone and iPad owners from abusing the system. Well, it appears Apple has already taken note. If you refund too many items, you'll now be greeted with a warning message that effectively locks you out of the refund policy. It won't stop determined users from claiming a few free apps, but it should mean Apple can keep a lid on a potentially dubious practice.
LotRO cracks down on superman exploit
An exploit that is allowing Lord of the Rings Online players to super-charge their toons is on the end of a stern warning by Turbine today. The studio says that it has already banned and will continue to ban accounts seen using this deliberate loophole. "It has come to our attention that some players have been utilizing an exploit to change how powerful their characters are in the game world," the studio posted today. "Upon receiving reports of the issue we began an investigation. Due to the way our log system works we can definitively detect every account that is taking advantage of this exploit." Turbine is currently working on a fix for the problem. [Thanks to Superswim for the tip!]
Audible flaw lets you download free audiobooks using fake accounts (updated)
You expect subscription services to verify your details before granting you access to their content -- that's how they make their money, after all. However, it appears that Audible isn't quite so rigorous. Alan Joseph has revealed a flaw in Amazon's service (verified by Business Insider) that lets you download as many audiobooks as you like using both a fake email address and an equally bogus credit card. Audible only checks your payment details after you grab a book, and you just have to renew your ill-gotten membership to get more credits.
Apple closes the loophole that allowed users to update refunded apps
No good loophole lasts for long. Apple has made a subtle update to the App Store which most users will never notice, but if you've ever received a refund for an app, you will. For years, users who got a refund for a paid app through the App Store were able to continue getting updates after they'd gotten their money back. Now that loophole has been closed. The change was noticed by Twitter users Michael Simmons on May 24. The App Store no longer allows people who received a refund to reinstall or update the app with a clear message: pic.twitter.com/zR5drjVCke - Michael Simmons (@macguitar) May 24, 2014 The refund update loophole has also been closed in the Mac App store. While some users will be understandably annoyed, this is ultimately a good thing. If users want the freedom to get refunds from digital products which remain on their phone, that's fine, but along with that freedom should come protection for developers. If you don't like their app enough to support it, you shouldn't be able to get the newest version of it for free once your money has been returned.
Android and iOS expose your photos to third party apps, promise fixes
2012 is still young, yet it's already shaping up to be a bad year for privacy and security on the mobile front. Apple found itself embroiled in a bit of a brouhaha over the iPhone address book and an app called Path. And, of course, Google was put under the microscope when mobile Safari was found to have a security flaw that its mobile ads were exploiting. Then, earlier this week, it was discovered that granting iOS apps access to your location could also expose your photos. Now it's been discovered that Android also exposes your images, though, it's doing so without asking for any permissions at all. While Apple was masking photo access with other permissions, Google is simply leaving your pics vulnerable as a part of a design quirk that came from the OS's reliance on microSD cards. Both companies have acknowledged the flaws and have said they're currently working on fixes. We're just hoping things start to quiet down soon, though -- our mobile operating systems are running out of personal data to expose. Check out the source links for more details.
The Daily Grind: When does a clever loophole become a bannable exploit?
Trouble has been brewing this week over a Star Wars: The Old Republic "exploit" in which people use seemingly legitimate (but perhaps unintended) game mechanics to tip the balance of the game in their favor. Of course, this is nothing new to veteran MMO players, who have seen hundreds, even thousands, of such loopholes and bugs spackled and patched since first MMO came online. Entire World of Warcraft guilds have been banned, however temporarily, for "exploiting" poorly coded raid AI, for example. I've always felt that it's the game company's responsibility to counter loopholes before anyone takes advantage of them; the onus should be on the developer, not the player, to set the rules of the game using hardcoded mechanics. The players can't be expected to suss out the game-designers' intent, after all. Other gamers believe that "exploiters" really ought to know better and deserve whatever punishments the game's GMs mete out. What do you think? When does a clever loophole become a bannable exploit? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
Zediva ordered to permanently shut down operations, pay $1.8 million to MPAA
The last time we checked in with Zediva, the DVD streaming service was reeling from a court-ordered preliminary injunction that effectively brought its operations to a halt. At the time, the California-based company was still pinning its hopes on the promise of a forthcoming appeal, but those hopes were summarily quashed on Friday, when US District Judge John Walter rendered the injunction permanent. Zediva had previously exposed an apparent loophole in US copyright law, by allowing users to stream movies from physical DVDs located in Silicon Valley. This strategy allowed the firm to offer newly released movies well before other on-demand services, but according to Judge Walter, it was also illegal. Zediva will now have to cease all operations and pay $1.8 million in damages to the MPAA. The defendant has yet to comment on the decision, but MPAA Associate General Counsel Dan Robbins seemed understandably delighted: "This result sends a strong message to those who would exploit the studios' works in violation of copyright law, on the Internet or elsewhere, and it is an important victory for the more than 2 million American men and women whose livelihoods depend on a thriving film and television industry."
US Uncut group to target Apple with protests on June 4
If you see a group of people dancing in front of your local Apple store next weekend, don't be alarmed. Steve Jobs didn't make a surprise visit to the store and, no, Apple isn't launching another product. They are just protesters from the US Uncut group. The grassroots movement is upset with corporate tax loopholes and has deciced to target the Cupertino company on June 4. They accuse Apple and other corporations like Pfizer of hiding US income as foreign income to avoid paying taxes. The group is calling on its members to protest with a flash mob-style dance-in outside Apple retail stores around the US. Read on for a video to find out why this group is so upset with Steve Jobs and company.
Toshiba reneges on promise of free laptops and TVs if Spain win World Cup
Buy a Core i5 laptop or a Toshiba TV, and if your country wins the World Cup Final, we'll refund your money. Simple and to the point, don't you think? Toshiba ran this advertising campaign in Germany, England, Portugal, Italy and Spain in the run-up to the global football tournament, but now that one of those nations has actually gone and scooped the silverware, refunds seem remarkably hard to come by. As it turns out, the small print on that ad included instructions to see Toshiba's site for further details, which elucidated a requirement that all claimants must register their product by the 17th of June. Naturally, that's now led to a whole heap of peeved Spaniards feeling cheated, and big time consumer association Facua arguing that such a major condition to recovering your cash shouldn't have been hidden away online. In the absence of it being clearly marked on the promotional materials, it argues, Toshiba should honor everyone's receipts irrespective of registration. We're inclined to agree -- maybe the Japanese company can recover any losses from the wages of its cheeky advertising staff.
More e-passports hacked within minutes, security questions abound
It's downright frightening that we've become numb to this news, but here again we're faced with another report of e-passports being hacked within minutes. The University of Amsterdam's Jeroen van Beek was reportedly able to clone and manipulate a pair of British passports in about the time it takes you to sip down your first cup of joe in the morning, and worse still, they were accepted as genuine by the software "recommended for use at international airports." The tests point out a number of vulnerabilities, including the fact that the microchips could be susceptible to having falsified biometrics inserted for use. As expected, talking heads at the Home Office still insist that any chip manipulation would be immediately recognized by the electronic readers, so we'll leave it up to you to decide who's telling the truth here.
Apple issues fix for recently discovered QuickTime flaw
Just over a week after a dubious duo found a way to commandeer a Mac thanks to an elusive flaw in QuickTime (of all things), Apple's security police have purportedly fixed the flaw and issued an update. Apparently, the hole could be "exploited through a rigged website and let an attacker control computers running both Mac OS X and Windows," and the firm elaborated by stating that a "maliciously crafted Java applet could lead to arbitrary code execution" if users didn't apply the patch. The newest version of QuickTime now sits at 7.1.6, and reportedly "repairs the problem by performing additional checking," and interestingly enough, Apple seemingly tipped its hat to Dino Dai Zovi and the TippingPoint Zero Day Initiative for reporting the issue. So make sure you fire up that Software Update today if you haven't already -- a presumably small bundle of downloadable joy should be waiting.
DirecTV now friendly with Viiv boxes, other PCs to come?
After DirecTV's long-awaited HR20 HD DVR finally got its rightful announcements and actually hit users' hands, it wasn't too long before folks were plugging and praying in hopes of getting their new toy to play nice with that HTPC beside it. While we knew the two firms had gone hand-in-hand awhile back, we finally got the thumbs-up that a new, Viiv-alicious DirecTV Plus HD DVR would be unveiled soon to interact out-of-the-box with Viiv-enabled systems, but more importantly, that a software update was coming to the plain ole HR20s to accomplish the same thing. The time has come, and users are reporting over at DBSTalk that the "0x108 software" has opened up the Ethernet port for use, and allows browsing / connections via a Viiv-certified machine, but definitely made things difficult for those not exactly keen on shelling out for a few new components. Nevertheless, there's already been somewhat of a workaround worked out, which allows PCs with just Windows MCE installed to "see" the HR20, but not "serve up files in a way that HR20 can work with," which we're all but certain will change as the wheels spin in owners' heads. Reportedly, DirecTV is establishing a dedicated website to getting folks up and running with the new connectivity options, and be sure to keep an eye on the linked thread for any "future developments" regarding non-Viiv-savvy PCs.[Via PVRWire]
