LocationSmart demo let anyone track the whereabouts of anyone else

Source url

  • LocationSmart is a location-as-a-service company that allows you to track people’s mobile phones (with their consent).
  • However, the online demo at the LocationSmart site could be hacked to show the location of anyone, no consent needed.
  • LocationSmart took down the demo, but the damage is done. How is this not regulated?

LocationSmart is a private service that enables people to track the locations of smartphones connected to the four biggest wireless carriers in the United States: Verizon, AT&T, T-Mobile, and Sprint. The company only provides this service when people consent to its use.

However, a reporter, via ARSTechnica, recently unearthed the fact that, using the online demo software at locationsmart.com, pretty much anyone could track someone in the United States using that person’s mobile phone number – no consent required.

After the reporter published the information, LocationSmart removed the demo from its site. There are still links and buttons that say “Free Demo” littered around the pages, but the buttons simply refresh the page.

LocationSmart is what’s called a “location-as-a-service” company. An example of its use would be to give management members of a company the ability to track the whereabouts of employees using the employee’s phone as a geotracker. The employees would consent to this practice as part of the job.

But the demo didn’t require any consent. You could use it to track almost everyone in America.

The demo formerly hosted at the LocationSmart site allowed you to test the service on yourself. You would enter in your information – including your phone number – and then receive a text from the LocationSmart system. You would confirm your consent through the text, and then instantly in the demo you would see your current location, within the range of 100 yards.

However, reporter Brian Krebs got creative with the system and figured out a way to determine the general whereabouts of anyone with a phone connected to one of the Big Four carriers. He did this by querying LocationSmart’s service to ping the cell tower closest to a given mobile phone number. That in itself will provide you with a reasonable approximation of a person’s location, but it could be in a range of miles or more.

But Krebs simply performed the test numerous times, over and over, which created a list of general locations of the cell number in question. He plugged those coordinates into Google Maps and was able to track the movement of the mobile device with relative accuracy.

He tried this out on a friend whom he knew was walking through town to see if it would work. It did.

locationsmart LocationSmart

Krebs then asked five different associates for their consent to track them, without knowing their actual locations. Within seconds, he was able to determine the near-exact location of one of the volunteers, and the relative location of the other four.

Krebs reached out to the Big Four carriers to ask them about their association with LocationSmart. All four declined to confirm or deny association with the company, despite the fact that the company logos are all over LocationSmart’s site.

This is scary stuff, and goes to show how little regulation there is when it comes to commercial location tracking of the public.

NEXT: Google makes privacy policy easier to understand, adds new data controls

Power your life with River Bank

Today’s pick is something a bit different. A power bank so powerful it can jump-start your car.

Some people’s only battery concern is whether their smartphone has enough juice to make it through a music festival. However, if you love the great outdoors or you’re a digital nomad, the River Bank Smart Power System might make your life a whole lot easier.

The River Bank is the world’s largest capacity portable power station that you can take on a plane. There are several modules which make up the River Bank system, and you can stack them in whatever way best suits your needs.

This is serious piece of kit. We’re not talking about a couple of extra charges for one device here, we’re talking about powering your devices for days or even weeks. Check out the life-affirming promo video above to get some sense of what it can do.

River Bank quick glance:

  • Recharge using solar, car, or wall socket.
  • Mega-Capacity 51,200mAh Battery – charge your phone up to 30 times.
  • Wireless, USB, USB-C, and AC charging for up to six devices at once.
  • Stack modules to combine capacity.
  • Car Jump Starter.
  • Transfer files using the USB hub.

The Main module and the AC module appear to be where the bulk of the versatility lie. Both have their own large charging capacity, plus this is where the Qi wireless charger and most of the ports are housed. Combined, they make up the AC Pack, with which you can charge laptops 3-4 times, phones 18-30 times, tablets 6 times, and GoPros 40+ times.

You also have the solar charger and the car module. The former could keep you recharging in the wild indefinitely, while the latter can jump start your car up to 10 times. Check out the Indigogo page for more specs.

Even if you’re not Grizzly Adams, this piece of tech could really be handy in an emergency if you live in a storm or flood zone. You never know when you might need power.

River Bank

The River Bank is the follow-up crowdfunded project from EcoFlow Tech, who raised over 3,000% of its target for the River Power Station last year. They appear to have combined the campaigns, so even though the target has been smashed, they’re still offering discount deals for those who pre-order the River Bank now.

The price depends on the pack you’re after. At the time of writing you could pre-order the AC pack for $295 including shipping. That’s $50 lower than the retail price.

That said, the giant countdown clock says the price will go up soon. If it sounds like the River Bank could solve your power needs then check out the Indigogo page via the link below.

The AAPicks team writes about things we think you’ll like, and we may see a share of revenue from any purchases made through affiliate links. To see all our hottest deals, head over to the AAPICKS HUB.


Looking for a new phone or plan? Start here with the Android Authority Plan Tool:

This smart tool lets you filter plans by phone, price, data tiers, and regional availability. Stop overpaying for cell service you hate and a phone that you’re tired of. Use our Compare Phones & Plans tool to fully customize your mobile experience and painlessly transition from one carrier to another!

Verizon data caps – which the company denies

  • With Net Neutrality about to end, some customers found Verizon data caps on their internet bills this week.
  • Verizon claims that the data usage limits are not caps, and will not be enforced.
  • Verizon credits the confusion to a “system error” and says it has no plans to cap internet data.

A small collection of Verizon DSL subscribers in New York and New Jersey were surprised to find data caps on their Verizon dashboards yesterday. According to Verizon, it is “conducting a usage billing trial” and the listed limits are not caps.

Net Neutrality – the idea that the internet should remain free, open, and treated as a public utility – is going to cease to be the law of the land in a few weeks. One of the major fears of the death of Net Neutrality is ISP’s like Verizon imposing usage caps on customers.

The screenshot below, provided to a pro-Net Neutrality group called Stop the Cap, shows the test usage caps for two DSL plans Verizon offers.

verizon data caps Stop the Cap

The two limits present are 150GB/month for the basic “high-speed” DSL plan and 250GB/month for the “enhanced” DSL plan.

According to the customers who saw the data cap information in their accounts, Verizon gave no warning that a change was coming.

Stop the Cap reached out to Verizon for comment, and the company gave some statements in response.

According to Verizon, the customers in New York and New Jersey experienced a “system error,” as the company is not testing usage caps in those areas. The “usage billing trial” is supposed only to be happening in Virginia.

Verizon assures Stop the Cap that the test is only to “measure [customers’] data use and display it in their billing.” The company emphasized that although “these customers were given the 250 GB and 150 GB allowances you showed in those screenshots, we’ve never billed customers who exceed those allowances and have no plans to do so. The purpose of the trial was more the idea of accurately collecting and displaying usage in billing.”

While Verizon replying to Stop the Cap is commendable, it does seem pretty strange that it is claiming it has no interest in imposing data caps while simultaneously showing customers that their data is at the very least “soft” capped.

With the loss of Net Neutrality on June 7, expect to see a lot more “tests” like this one from the ISP’s across the nation.

NEXT: Net Neutrality now has a specific death date – June 11, 2018

What are the rules for VAT liability and invoicing in Belgium?

New rules were introduced on 1 January 2013 within the context of transposing the Invoicing Directive into the Belgian VAT code. Between 2013 and 2014, some administrative tolerance was permitted thanks to a transitional arrangement. This transitional arrangement came to an end in 2015 and was replaced with a definitive system.

How does it generally work?

In principle, the taxable event takes place, and the tax is payable when the goods are delivered or the service is provided. The VAT-registered party must issue an invoice to its client by the 15th day of the month following the taxable event.

For example, goods are delivered or a service is provided on 25/01/2018. This transaction must be invoiced by 15/02/2018. The requirement specifies that this transaction must be included in the VAT return for 02/2018 (to be submitted by 31/03/2018).

If no invoice has been issued before, and the only invoice issued is done so late, VAT is still payable by the 15th day. In this case, the controller can impose late payment interest from 15/02/2018 and a fine of between 25 EUR and 5,000 EUR depending on the breach. For more information, all of these breaches are described in Royal Decree no. 44 of 9 July 2012, section 2.

However, there are several exemptions to this basic rule, depending on the type of transaction in question.  We have identified the two most commonly encountered exemptions.

The first is when the invoice is issued before the taxable event. VAT is then payable on the invoice date. The relevant VAT return is therefore the one for 01/2018 (to be submitted by 28/02/2018).

The second is when VAT is payable when payment is received. For example, for deliveries of movable assets to public bodies (B2G).

Limitations of the article

This article does not cover all the possible cases, and may therefore not be accurate in some cases.  We therefore recommend that anybody affected by this legislation contacts the SPF Finances Call Centre (https://finances.belgium.be/fr/Contact) for any additional information about this law.

 

 

 

 

 

Task management in the accounting department

These days, efficient, effective collaboration via information systems within a company appears to be a vital key to its smooth running, both internally and externally.  This collaborative philosophy is embedded in each and every function of our accounts and finance management software, Adfinity.

For several years, Adfinity has offered a task management module in its rich client. Today, EASI is going one step further. From now on, this advanced function will also be available via our online platform. This tool is clearly a real asset when it comes to collaboration, and it is fully integrated in Adfinity’s rich client.

Among other things, task management allows you to plan the work of the employees in the company and oversee follow-ups sorted by manager. The goal was to make collaboration easier and smoother by increasing visibility and follow-ups for all kinds of tasks. 

Now, employees will be able to create different kinds of tasks that have already been defined on the platform. This offers all sorts of possibilities. Some of the actual examples already used include the option to submit budget requests, create stock items or new suppliers, a new analytical dimension… So what are the limits in terms of usefulness? There aren’t any! The kinds of tasks possible and conceivable are infinite.

In practice, this “ticketing tool” allows all online users to submit various requests to the accounts department. 

Let’s imagine that a user wants to submit a request to buy an item that isn’t already in the current table, from a supplier that does not exist. No need to call the purchasing department anymore, or send emails to create the relevant information! The user creates a ticket by filling in a series of fields and, if necessary, leaving a comment for the person in charge. A notification will then be sent to the person nominated to complete these task. In response, that person will, in turn, have the option to add text comments as well as attachments to have a conversation with the person making the request, as shown in the screenshot below.

The fields to be completed include:

  • a heading 
  • a type of activity 
  • a manager
  • a date
  • a priority 
  • a status
  • etc.

Depending on the type of activity, you will be able to provide a whole range of details. The various text fields (name of the item, supplier, reference etc.) can also be configured from the rich client and activated for each type of task, via a screen similar to the one below.

 

When the user decides to create a new task online, all the configured text fields will be shown and must be completed. 

Thanks to online task management, your employees will benefit from significant time savings, improved follow-ups, greater visibility and simplified, effective organisation every day.

 

GlobalSign disables support for TLS 1.0 and 1.1

The protocol support for TLS 1.0 and 1.1 will be disabled on 21st of June 2018.

What should I do?

You should do two things:

  • Verify your websites: check if the following protocols are disabled: TLS 1.0, 1.1 and also SSLv2 and SSLv3
  • Verify your browsers. Most recent browsers support TLS 1.2 or higher:
    • Google Chrome: version 30 or higher
    • Mozilla Firefox: version 27 or higher
    • MS Internet Explorer: version 11 or Edge
    • Apple Safari: version 6 and higher (mobile version 7 and higher)

You can verify your website configuration with this SSL checker: https://globalsign.ssllabs.com/

Please contact EASI if you have further questions.