Friday Bits & BobsSecurity

Uber and Microsoft in trouble while WhatsApp hack gets risky

13th September 2015 — by That IT Guy0

main

Friday Bits & BobsSecurity

Uber and Microsoft in trouble while WhatsApp hack gets risky

13th September 2015 — by That IT Guy0

Uber is dealt another blow (one of quite a few this year so far). Microsoft is in court again even if this time it’s not them being sued but rather battling a US warrant to hand over emails for a drug case and a WhatsApp hack puts 200 million of its users at risk (oh dear!). All this on “This week on the interwebs”.

Uber and Microsoft in trouble while WhatsApp hack gets risky

Uber gets dealt another blow

It’s definitely not the first time we see issues with Uber, it has most definitely been questioned several times what the status of its drivers is and how its business model harms the long stablished concept of taxis. You see, the main issue a lot of associations have with Uber is the fact that, normally, its drivers are not registered as proper employes but rather independent contractors (if that). This means that its hard to keep track of in terms of taxes (not taxis, heh), legal paperwork and, for example, limit of driving hours (taxi drivers can only be on the road so many hours per day for one simple reason, exhaustion, which of course can cause accidents and have the passengers life at risk (not to mention everyone else in the road).

Another important fact is that Taxis have massive insurance deals which means not only the driver and car are insure but also the passenger (and I do mean massive, if anything where to happen to you while in taxi, you’re covered extremely well). The argument of course is prices, the law of land says the cheaper service tends to be the winner and of course your could argue that if prices lowered their prices and made for a better ride (this of course depends a lot on where you are, for example, I live in Spain, Taxis here are stupidly expensive but are also very clean both on the inside and outside (by law, apparently), in New York, however, they are expensive and dirty.

Uber

So let’s analyze what we get with Uber (this is based on my research as Uber is banned in Spain so I’ve never experienced it). We do not have to wait for a Taxi (or look for one) as we can just find one on our phone wherever and whenever we need it, it’s considerably cheaper (a lot cheaper), drivers are nice (they have to be as clients rank them) and so are the cars (again, they have to be comfortable and clean as clients rate them).

So, in theory, this is great, right? right…?

Well, yes, BUT, if we have an accident and something truly bad to happens to us, we’re not covered by any insurance like we are in registered Taxis, the drivers (granted I’m sure some do the right thing) aren’t really controlled in terms of taxes (again, taxes, not taxis), so there’s a considerably chunk of illegal earnings there and as someone who has to pay their taxes, it does kind of piss me off (while I’d love to say it’s a moral issue, it’s more of a “child pointing at another child not eating their veggies as asking his mum why does he have to eat them when the other one isn’t” case.

So what happened that made me talk about this this week?

Well, apparently, a government body in the US has ruled that Uber drivers are employees, not independent contractors. This distinction is crucial due to the fact that employees are entitled to certain benefits which in this specific case helps them considerably in the case that Uber drivers need to take legal action against the company. It’s all somewhat technical and it comes from a number of legal actions that have happened over the year and if you’re interested in the details you can read more about it here. You could go as far as saying I brought this app (sorry, I meant up) simply because it’s one of those things that have 2 sides to the story and both are rather interesting and basically just wanted to talk about it. And you’d be right.

Microsoft in court, again

Microsoft is most definitely not a stranger to courts, both as the sued and the suing sides. This time however it’s somewhat different. For a few years now, specially in the big brother syndrome afflicted US, governments have been demanding information from big tech companies (specially ISPs for information on “illegal” downloads).

In this particular case, Microsoft is in court to continue fighting against the US government’s demand that it hand over selected emails that are stored in an Irish data centre that supposedly contain information that could provide the proof needed in a drug trafficking related case. Back in 2014 a court ruled in favour of the government’s claim that since it had jurisdiction over the company (as it’s based in the US), it could force it to hand over data it had, even if this data was stored elsewhere. Microsoft, however, suggest that would put it in breach of privacy laws and therefore incriminating itself by complying.

Microsoft

Instead, Microsoft argues that the US must respect the sovereignty of other countries (which makes sense, obviously, contrary to what the US government believes, it does not own the world) and has indicated that Washington should use legal assistance treaties if it wants access to such information that in this case is held in Ireland data centres (again, makes sense, that’s what those treaties are there for). Ireland has already declared that it would consider such requests in a fast manner. Due to this the stand-off is being treated as a test case that would determine the extend of the US government’s powers over companies that offer clould-based services.

It would seem that Microsoft is not alone in this as Apple, AT&T, HP, Verizon and eBay have voiced their support for the appeal.

They think they have already lost quite a lot of business in Europe over monitoring and surveillance concerns, and they are afraid it will get worse if there is a perceived carte blanche for the US authorities to access emails stored abroad”

said Carsten Casper, from tech consultancy Gartner.

Microsoft, said that it wants to make sure people can trust the technology on their desk and pockets (though to be fair that is a strong sentence considering how pretty much anything we do on the Internet now-a-days is monitored unless we actively take measures to prevent it being so).

“If the US government is permitted to serve warrants on tech companies in the United States and obtain people’s emails in any country, it will open the floodgate for other countries to serve warrants on tech companies for the private communications of American citizens that are stored in the United States in a data centre owned by a foreign company”

the company’s lawyer Brad Smith recently told the Council on Foreign Relations think tank.

That said, involved federal prosecutors said that it “typically takes months” to obtain information via treaty requests, while warrants issued directly to companies can be handled quicker. Personally that sounds to me that then perhaps they should be working on reducing the type it takes for treaty requests to be processed rather than being lazy and trying to force companies to provide data which by law the cant (or shouldn’t, anyway, god knows they do here anyway) and while I know doing so could (and most likely, would) provide the needed proof to “put away the bad guys”, at what point do we draw the line on “means that justify the cause”?

WhatsApp HACK puts 200 million users at risk

A bug in the extremely popular messaging application WhatsApp puts up to 200 million users at risk, warned security firm Check Point. The flaw allows hackers to distribute all sorts of malware, including ransomware which encrypts the users data and demands payment in order to release their files. The problem, thankfully, only affects the web-based version of the service (phew, I use the Android version on a daily basis). WhatsApp was alerted to the problem at the end of last month and immediately issued a patch. Check Point urged users to update their WhatsApp application as soon as possible to make sure they are safe.

WhatsApp hack

According to Check Point, this whatsapp hack was caused by the way the service handles contacts sent in the vCard (virtual card) format. All a hacker had to do was send a virtual business card that looked legitimate to the target’s mobile number and once opened the vCard could distribute malicious code. One expert said it was relatively easy for hackers to get hold of mobile numbers that have been disclosed via other breaches (or in the case of Spain, just ask all the mobile phone operators, they seem to have no trouble finding your number and calling you to try and sell you their services).

“Bearing in mind that WhatsApp is a cross-platform mobile messaging app, the chances of you opening a vCard sent to you is quite high,”

commented Mark James, a specialist at security firm ESET.

Check Point alerted WhatsApp about the problem on 21 August and a week later it issued a fix but we’re just now reading about this (or at least I am, hmmm… doesn’t say much about my sources!). Whatever the case, if you do use the Web-based WhatsApp application and haven’t yet done so, do update your software and do not accept any “contact info – vcard” before you do.

And that’s all for “This week on the Interwebs”, see you on monday with a new tutorial!