website utilities

People before Profit

Follow on:

The Consumerist

Dell Helpfully Installs Yet Another Gaping Security Hole On Some Laptops

Wed, 2015-11-25 19:11

(Byron Chin)That big fat “Superfish”-style security hole in Dell laptops that we told you about yesterday? Turns out, it’s not alone. There’s another basically just like it on Dell laptops, too. ZDNet has instructions for how to remove these troublesome certificates from your laptop if it has them. [ZDNet]

New Hire At FCC May Indicate More Protection For Consumers’ Privacy Down The Road

Wed, 2015-11-25 18:37

fcc_sealGovernment agencies are basically giant businesses: they hire new people all the time, and it’s very rarely news when they do. Occasionally, though, the match of person and position may hint at big news for consumers, as one recent hire at the FCC just did.

The new guy is named Jonathan Mayer, as the Washington Post reports, and his new gig might signal a big shift at the FCC toward protecting consumer privacy.

Mayer’s new job is to be the top technology guy working on investigations into consumer protection issues relating to security and privacy, the WaPo explains. Perhaps it doesn’t sound like that should be a big deal, but until now issues like data breaches, hacks, and other privacy issues have more-or-less been handled entirely by a different agency, the FTC.

But as everything commercial moves increasingly to an all-digital space, the line between the FTC’s and FCC’s jurisdiction has gotten a little blurry in the middle. Hiring Mayer may signal that the FCC intends to step it up in the consumer privacy arena, at least as it relates to phone, TV, or internet service. And frankly, they probably have to: as a side-effect of this year’s net neutrality rule, internet services are now classified as common carriers… which are exempt from certain regulation by the FTC.

Mayer is not the sort one typically expects to find in a regulatory leadership position. For one thing, he’s still in his late twenties, so he doesn’t have the decades of experience one usually hears about.

In the years he has been working, though, he’s been busy in a very high-profile way. He spotted the privacy violation in Safari browsers that led to Google having to cough up $22.5 million to the FTC in 2012. He also helped develop the do not track standard for web browsers (that the FCC recently declined to enforce).

Most recently, earlier this year he found and announced that the tracking supercookie on Verizon phones could be accessed by third parties, despite what Verizon said. The FCC has since started an investigation into those trackers.

With this hire, the FCC could soon get tougher on privacy and security [Washington Post]

Jamaican Lottery Scammer Sentenced To U.S. Prison

Wed, 2015-11-25 17:57

(Spider Mann) The fraudulent lottery industry is huge in Jamaica, extracting hundreds of millions of dollars from the pockets of victims, who are mostly in the U.S. and mostly elderly. For the first time, someone involved in the industry has been tried and sentenced in a federal court in this country for selling lists of leads to current and aspiring scammers.

The fallout in the lives of scam victims is devastating. Once on the hook, victims send thousands of dollars in the hope of receiving millions back, but in the end all they get are a barrage of phone calls demanding more money. Some victims have committed suicide.

Scammers contact their victims through the mail or over the phone, and they obtain the mailing lists that they use from specialized services. That’s the business that the 26-year-old Jamaican who was tried in North Dakota was in: he was a former scammer who went into the lead list business instead. He sold lists to hundreds of other scammers

The federal government found 80 victims who were on this seller’s lead lists, and their losses totaled $5.5 million U.S. Attorney Christopher C. Myers called the victims willing to tell their stories publicly “heroes,” since exposing scams is the only way to hold the people behind them accountable. “Until recently, these scammers operated with impunity,” Myers said in a statement. “We are helping to find them and hold them accountable for their crimes.”

There are no legitimate lotteries that you can win without entering, or that require you to send money to claim prizes.

HOA Decides Not To Sue Man Over Controversial Christmas Display With Hundreds Of Lights, Live Camel

Wed, 2015-11-25 17:55

(KREM-2)The Christmas show will go on this year at the home of one Washington man who takes a next-level approach to the holiday: his local homeowner’s association has decided it won’t sue him over his display, which in the past included hundreds of lights, a live camel, carolers and of course, Santa Claus.

The HOA and a local law firm told the Spokane, WA homeowner after his first event in 2014 that the light show went against clauses in his home agreement including noise levels, excessive brightness and nuisance, reports KREM-2.

On Oct. 26, the board sent the man a letter threatening to sue if he put on his Christmas light show for the second year, and gave him 10 days to respond before legal action was taken. The clock ticked onward and past that deadline, and no lawsuit had been filed.

The vice president of the HOA board said Tuesday that the group wouldn’t be suing, noting that they hadn’t been opposed to the decorations. Instead, they had a beef with the extra traffic and noise the event would bring to the area.

“I’m really pleased to hear that they’re moving beyond this threat of litigation. I think the reason is obvious. That is that I never violated any rules,” the homeowner told the new station. He added that last year’s event was also a fundraiser, allowing him to donate hundreds of dollars to local children’s charities.

HOA backs down from lawsuit over Hayden Christmas lights [KREM-2]

Hide Your Stuff, Lock Your Car: Black Friday Is Also A Pretty Big Day For Thieves

Wed, 2015-11-25 16:55

(Mahat Tattva)Black Friday is not only a big day for shoppers, with stores throwing open their doors early (or staying open all night since they opened on Thanksgiving) and the mad marketing blitz of discounts, sales and deals coming at you from every angle, but it’s a pretty fruitful day for thieves, as well.

Thefts on Black Friday are on average 2% higher than on any other Friday, or any day of the year, for that matter, according to analysis of theft claims by insurance company Travelers (via Fortune) over the past seven years.

You’ll want to make sure you’re extra careful with your purchases on that day as you stow your booty in your car parked in the mall parking lot: when those claims are broken down to look at off-premise thefts, which means the incidents happened away from home, Black Friday thefts are 28% higher than on any other day.

“On Black Friday, thieves are just much more focused on the opportunity than on a regular basis,” Patrick Gee, senior vice president at Travelers, told Fortune.

It’s no surprise that thieves zero in on vehicles with purchases loaded into them, with clothing and apparel 40% more likely to get stolen on Black Friday than other Fridays of the year, while toys are three times more likely to be stolen. Somewhat unexpectedly, theft of electronic items — which are often the focus of many holiday sales — isn’t much different on Black Friday than on other days.

If you don’t trust your fellow citizens to leave your car alone at the mall, even with all your purchases shoved under coats and blankets in an attempt to hide the goodies, then you can always go shopping online as well. However, then you’ll have to keep an eye on your front porch to ward off holiday package thieves.

More Thefts Happen on Black Friday Than on Any Other Day [Fortune]

AT&T, Verizon Tell FCC That They Should Be Able To Block Texts When They Want To, For Your Own Good

Wed, 2015-11-25 16:21

(Adam Fagen)Texting isn’t just the purview of teenagers. Bulk texting is a huge business. Sometimes they’re scam spam in about the same category of usefulness as emails from a wealthy Nigerian prince who doesn’t exist, granted, but sometimes they’re useful blasts from businesses or public entities that let a whole bunch of people get useful information quickly in a low-bandwidth way. But what they aren’t, quite yet, is clearly regulated. A case moving through the FCC right now, however, may change that.

Phone lines, including mobile, are common carriers, subject to Title II regulation. That’s been true for decades, and it means wireless carriers have to treat all phone calls the same way, without providing priority to one caller over another. Calls from grandma come through to you in the exact same way as calls from “Rachel in cardholder services,” for better or worse.

Mobile broadband — your 3G or 4G LTE network — is also subject to Title II common carrier regulation… at least, for now. That was part of the net neutrality rule that went into effect earlier this year, and it means that wireless carriers have to treat all data the same way, without providing priority to one app or website over another. Downloads from Candy Crush will get to you under the same conditions as downloads from The New York Times, unless next month’s court date upends everything once again.

But text messages still exist in a strange netherworld. SMS messaging is neither voice nor data… or maybe somehow it’s both voice and data. Right now, all of that is still up for grabs. And that’s where this fight comes in.

Back in August, a company called Twilio, which provides the back-end systems for businesses to text customers, petitioned the FCC formally to classify SMS as a Title II service along with your phone’s voice and data. Twilio’s goal is, of course, to make sure that all the texts it sends on behalf of its customers can get through to subscribers without being blocked or throttled… or, more importantly from their perspective, without having to pay a pile of extra fees to the carriers.

Twilio argues that under the existing law, texts are treated in the same way as phone calls, which have a very clear regulatory status. Additionally, Twilio points out, it basically makes no sense to apply the same kind of regulation to everything a phone does except text.

The wireless companies, however, are not a fan of this idea. AT&T, Verizon, and the CTIA (a trade group that represents most of the wireless carriers) all filed responses with the FCC strongly urging against making texts as subject to Title II as everything else you do on your phone is. According to AT&T, since texting doesn’t exist on landlines it is exempt from the statute. Verizon, meanwhile, likens it to email and calls it an information service.

All three argue that to oblige wireless businesses to treat all texts as equally as they treat voice calls and data would harm consumers because it would hamper their anti-spam efforts and open up texting to the same sort of incessant spam harassment consumers are already subject to with robocalls.

(Yours truly, who has so far received three phishing scam texts this week, would suggest that perhaps that ship has already sailed.)

Consumer advocate groups, including Common Cause, Public Knowledge, and Free Press, all supported Twilio’s side. Smaller businesses and start-ups, they said, had been facing challenges getting their bulk texts to consumers because of disparate treatment from mobile companies.

[via Ars Technica]

Ringo Starr Auctioning Off Copy No. 0000001 Of Beatles’ White Album

Wed, 2015-11-25 16:16

0000001Are you a Beatles fan with somewhere between $40,000 to $60,000 to spend on yourself this holiday season? You are! What a coincidence, because Beatles drummer Ringo Starr has a record he’d like to sell you.

Julien’s Auctions has a listing for copy “No. 0000001” of the classic 1968 double LP. As the auction house clarifies, that doesn’t mean the vinyl discs inside are the absolute first pressings of the album. But it does indicate that this was definitely the first sleeve printed, making it the first completed package of the White Album to be produced.

“Both discs were pressed from the very first Masters as indicated by the -1 matrix numbers on all four sides,” reads the listing. “The records are contained in their original black inner sleeves and feature ‘Factory Sample Not For Sale’ labels on the whole apple side of disc 1 and on the cut apple side of disc 2. All labels feature the ‘Sold in UK.’ text but omit the ‘An EMI Recording’ text found on later editions. Together with the four original UK portrait photos and UK lyric poster, both in mint condition.”

Nos. 0000001 through 0000004 were given out to the four members of the band, and it had long been believed that this copy had ended up in the hands of John Lennon. But Julien’s says that it was Starr who scored this coveted piece of music history, and that the drummer has kept it sealed up in a vault for more than 25 years.

The price estimate of $40,000 to $60,000 is based in part on the $30,000 sale price for copy No. 0000005 in 2008.

As The Guardian notes, the White Album is just one of dozens of items Starr has put up for auction to benefit his charitable Lotus Foundation.

If the White Album’s presumed price tag is too high for you, perhaps you could bid on Ringo’s suit from the film A Hard Day’s Night. That’s only expected to go for around $20,000.

Survey Says: Supermarkets’ Turkey Giveaways Aren’t That Exciting To Younger Shoppers

Wed, 2015-11-25 15:44

(poopoorama)Getting a free turkey to serve proudly on your Thanksgiving table used to be a source of great excitement for shoppers in the holiday season, and an easy way for supermarkets to attract more customers (who then buy more stuff when they’re in the store). But nowadays there’s a new demographic on the block that everyone’s trying to please, and a free turkey just isn’t going to cut it.

Those all-important millennials aren’t about to be wooed by a marketing gimmick featuring a free fowl, according to a new survey from retail analytics company Precima (h/t Forbes): Only 27% of millennial respondents (folks born anywhere from the early 1980s to the early 2000s) polled said receiving a free turkey was important to them, versus 66% of Generation X shoppers.

But as millennials age, the tradition could appeal to them more as they start to pay to host their own Thanksgiving dinners instead of going home to mom and dad’s for the holiday.

Businesses using free turkeys as a shopping lure near Thanksgiving is a tradition that goes back at least to the 1800s, Forbes notes, giving the example of an 1887 mention in The Cincinnati Enquirer that says that most of the saloons in the city were dangling the bait of a free turkey lunch on the holiday. While you’re there, you might as well order a few non-free drinks to wash that bird down with, of course.

Walmart Used Defense Contractor Lockheed Martin To Monitor Employees

Wed, 2015-11-25 15:23

A section of the Lockheed Martin brochure for its "LM Wisdom" product that Walmart used to track dissident employees and pro-union activists in 2012. As a growing number of Walmart employees began demanding higher wages, with some also calling for workers to unionize, the nation’s largest retailer hired one of the world’s largest defense contractors to follow the online activities of critical employees.

A lengthy report from Bloomberg Businessweek details Walmart’s multi-pronged approach to keeping track of its employees in response to rising pro-union sentiment, like calling the FBI Joint Terrorism Task Forces when it learned that supporters of the Occupy movement might protest Walmart HQ.

The part that really caught our attention was Walmart’s use of Lockheed Martin, a company associated more with fighter jets than labor disputes.

But since 2011, the folks at Lockheed’s data analytics division have offered a product called LM Wisdom, which the company’s own brochure [PDF] markets as a tool for fighting things like drug/guns/human trafficking, organized crime, and gang violence, but which Walmart used in 2012 and 2013 to track Walmart staffers.

According to testimony in a recent National Labor Relations Board case involving Walmart’s alleged history of retaliating against employees who protest, the retailer’s global security division hired Lockheed leading up to Black Friday 2012 “to help source open social media sites.”

Lockheed analysts would follow the Twitter and Facebook feeds of employees and then report company-related activity back to Walmart HQ in Bentonville. The retailer was also kept up to date on the actions of non-employee organizers and activists who took part in protests. The defense contractor also helped prepare a map of likely routes for five “Ride for Respect” bus caravans destined for a protest at HQ.


While it may be creepy for Walmart to spend so much time and effort following the legally protected actions of its employees, there is nothing inherently illegal about tracking someone’s public social media feed. If you write something where anyone can read it, don’t expect your employer to turn a blind eye.

And some who were monitored tell Bloomberg they knew that Walmart was following their every public statement.

“I sent a couple of fake Tweets about where we would be or what we were doing. I don’t know if it worked,” says one employee who was fired in 2012 and is now working for OUR Walmart. “I wonder how people feel about Walmart wasting money by hiring Lockheed Martin to read my Tweets. I wouldn’t be happy about that if I was a shareholder.”

But if Walmart used this information for the purpose of punishing dissident employees, then it may have crossed the line. In 2014, the NLRB accused the retailer of retaliating against nearly 70 employees — 20 of whom were fired — who took part in the 2012 protests.

Walmart maintains these were not punitive measures against employees who exercised their right to protest, but were instead about enforcing the company’s attendance policies.

How Walmart Keeps an Eye on Its Massive Workforce [Bloomberg Businessweek]

Hilton Confirms Credit Card Breach In On-Property Stores And Restaurants

Wed, 2015-11-25 14:13

(Adam Fagen)Two months ago, reports from banks indicated that there may have been a credit card breach from the payment systems in on-site stores, coffee shops, and restaurants in Hilton-owned hotels. Reservation and payment systems for hotel rooms were not affected. Hilton confirmed the breach late yesterday, warning customers who had used payment cards to check their statements.

Security researcher Brian Krebs noticed the announcement, which came out after business hours. The breach started last year, and Hilton says that their investigation indicates that cards taken were used between November 18 and December 5, 2014, and between April 21 and July 27, 2015. The card data taken included names, card numbers, security codes, and expiration dates, but not PINs from cards that had them, or other personal data about cardholders.

Hilton encourages people who may have shopped, dined, or picked up a coffee in shops inside their hotels to check their statements for suspicious activity, and to contact their bank if they find any. They are also offering the obligatory year of free credit monitoring that isn’t all that useful if someone has your credit card number.

What they did not do is specify which of their many brands were affected: Hilton-owned hotels range from the Waldorf-Astoria to your neighborhood Hampton Inn.

If this story sounds sort of familiar, it’s not because we’re in pre-holiday reruns: it’s because just last week Starwood Hotels announced a similar breach that may have affected points of sale in gift shops and restaurants in their hotels between November 2014 and October 2015.

Hilton Acknowledges Credit Card Breach [Krebs on Security]
Hilton Worldwide Has Identified and Taken Action to Eradicate Malware [Hilton]

Some Shopping Malls Forcing Stores To Open On Thanksgiving

Wed, 2015-11-25 13:56

pieroneimportsEveryone knows that a handful of major retailers now choose to open on Thanksgiving, but most smaller businesses have remained closed on the holiday — whether it was out of a desire to enjoy the day, or simply because the extra expense of paying people to work on Thanksgiving wasn’t worth the few hours of additional sales. But now some shopping mall operators are spoiling the holiday for their smaller tenants by forcing them to open up on Thanksgiving.

Anchor stores in malls — like Sears, Macy’s, and JCPenney, all of which will open at some point this Thanksgiving — generally have their own entrances and the ability to open and close without concern for the hours of their smaller mall family members.

The Wall Street Journal reports that some mall operators have now decided that since these stores are going to be open, everyone in the mall should be working too. In some cases, if a store remains shuttered on the holiday, it could face fines from their mall overlandlord.

One letter to merchants at the Sunvalley mall in Concord, CA, declares that stores are “required” to open up at 6 p.m. on Thanksgiving and remain open until at least midnight. Those retailers have the option of remaining open until 5 a.m. the next morning, which should be fun for a small retailer whose staff is mostly high school age teens.

A rep for the company that runs this mall says that since Sunvalley shoppers have demonstrated that they like going to the anchor stores on Thanksgiving, “We ask that all in-line stores open so our customers have a consistent shopping experience.”

And this isn’t a fluke. The Journal reports that around half of the country’s biggest mall owners recently notified tenant shops that they had to open up on Thanksgiving.

Malls are able to compel stores to open on Thanksgiving because they often have conditions in their leases that stores are to maintain the same hours as the mall in general. So if the mall is open on Thanksgiving, dadgummit, those stores will be too.

“Thanksgiving is going to become more of a shopping day rather than the day after,” explains one mall executive who understands the true meaning of Thanksgiving. “The object of all of us is keeping someone in the store as long as we can.”

So when you’re with your family and loved ones this Thanksgiving, be mindful of the fact that every moment you are not shopping you are failing at living up to your potential as a revenue source by not experiencing all the glorious shopping options the mall has to offer.

Just ask “Joliet” Jake Blues of the Blues Brothers: “It’s got everything.”

Costco Chicken Salad E. Coli Outbreak Found In 7 States So Far

Wed, 2015-11-25 12:54

The label for the Costco chicken salad responsible for the outbreak. Researchers have not yet identified which ingredient is the source of the E. coli.When last we discussed the recently announced outbreak of E. Coli illnesses tied to chicken salad sold at Costco, the sick customers had been limited to four states — Washington, Colorado, Utah, and Montana. Last night, the Centers for Disease Control and Prevention revealed that the outbreak is more widespread, sickening Costco customers on both coasts.

As of Monday, the CDC had confirmed 19 infections in seven states — add California, Missouri, and Virginia to the above list — from this particular strain of the bacteria. Montana, Utah, and Colorado currently account for 15 of the confirmed cases.

So far, five people have been hospitalized to treat their infections. Two of those have experienced kidney failure as a result of the E. coli contamination. The first known illness for this outbreak began on Oct. 6. The sickness has affected people from ages 5 to 84 (median:18). As of now, the CDC knows of no fatalities.

Researchers have yet to identify which ingredient in the chicken salad is responsible for the outbreak. Costco has pulled all remaining rotisserie chicken salad from all of its U.S. stores. In case the source of the E. coli is in the production process, the company has halted production of the chicken salad until further notice.

The CDC is advising anyone who bought the chicken salad at Costco on or before Nov. 20, 2015, should not eat it and should throw it away — even if you’ve already eaten some and not yet gotten ill. The CDC says that it can take upwards of four days for someone to develop symptoms, like (probably bloody) diarrhea and abdominal cramps.

Mysterious Cargo Operation In Ohio Might Belong To Amazon

Tue, 2015-11-24 23:29

(Alan Rappa)In 2008, DHL abandoned its domestic shipping operations in the United States, putting thousands of employees out of work and leaving behind a very nice air cargo facility at a decommissioned air base in Ohio. A company started using the base recently, shipping unspecified “consumer goods,” but no one will identify who it is. One likely suspect is Amazon.

Amazon? In the cargo business? It makes sense if you remember Christmas of 2013, when Amazon’s carriers failed to deliver a percentage of last-minute gifts that the retailer found unacceptable. Since the 2013 late delivery debacle, the retailer has been looking to diversify its selection of shipping carriers, perform some of its own deliveries, and hire independent contractors to make deliveries in their own cars. They want to depend on existing major carriers less.

Vice’s Motherboard did some fab reporting and dot-connecting, noting that the four flights per day land at two airports that are 60 miles from Amazon distribution centers, and two airports that are only 20 miles from distribution centers. A spokesperson from Air Transport Services Group, which Mystery Company has hired to handle the operation, said that the freight is “consumer goods” and that he couldn’t elaborate further.

Could the facility belong to some other mysterious consumer goods company? Sure. Yet the possibilities are interesting: could Amazon have its own version of FedEx SmartPost, where they move packages around the country and then turn them over to the U.S. Postal Service to deliver to customers’ doorsteps? That would be a good option. A cargo service could also be a money-making operation, much like Amazon’s server-rental services.

A Secretive Air Cargo Operation Is Running in Ohio, and Signs Point to Amazon [Motherboard]

No, Target Is Not Giving You A 50% Off Everything Coupon For Liking A Page On Facebook

Tue, 2015-11-24 21:52

targetcouponWe all want to believe that there are special coupons out there just waiting to be grabbed, and the newest questionable offer to take hold of Facebook newsfeeds involves the false promise of a coupon that will magically grant you 50% off anything at Target.

As you can see above, folks are sharing a link from a site called, with an image of this supposed coupon offering half off your Target purchase through the end of the year with no exceptions and very few qualifications.

If it sounds too good to be true, it is. A rep for Target HQ confirms to Consumerist that there is no such coupon and this is a fake.

So why the trickery?

Clicking on the link takes you out of Facebook to a page with instructions on how to “Get Your Target Reward!”


Given the spare design, the fact that it’s not a Target site and that all you supposedly have to do is like something on Facebook, you should be suspicious.

Missing from that second screengrab is a third step — hitting a heavily pixelated “Like” button, which doesn’t actually “like” anything on Facebook, but takes you to… a site where you supposedly get rewarded for taking surveys:

But it’s not as simple as taking a survey. The only way to actually get the Target gift card (which is decidedly not the same as a 50% off coupon), is to complete the “purchase requirement,” which is detailed in microprint below:

So you have to register (10 points), respond to the survey (20 points), review “optional offers” (30 points), and then buy at least one of those special offers, which “usually requires a purchase or entering into a paid subscription program for goods or services.”

And there we have it. All that work to get you to sign up to some sort of subscription service (best of luck trying to cancel it), to maybe receive a gift card from a third-party company you’ve never heard of, for a promotion that Target denies exists.

In short, please stop perpetuating these sketchy sites on Facebook. It annoys your friends who know better and only confuses things for people who think they might be getting a good deal.

Some Dell Laptops Shipping With Big Security Flaw Pre-Installed

Tue, 2015-11-24 21:48
(Renata Prazeres)

There are millions of Dell laptops out there in the world; businesses by them by the tens of thousands and plenty of home consumers use them too. And unfortunately, that means there are millions of laptops out there with a big fat security hole that could allow mischief-makers and would-be-thieves a way to access users’ private, theoretically secure data.

At least three different lines of laptop models — the Inspiron 5000, XPS 15, and XPS 13 — are affected by this particular security flaw, The Verge reports.

It is not unlike the “Superfish” security hole identified in Lenovo laptops earlier this year. In Lenovo’s case, the weakness was deliberately introduced (before it was corrected) in order to allow for highly targeted advertising to appear on your system. Dell’s error is inadvertent, but no less troubling.

In Dell’s case, their laptops ship with an SSL certificate called eDellRoot on them. Dell computers are set by default to trust any SSL certificate eDellRoot signs off on. That key is signed locally, which means anyone with the know-how who wants to make trouble could create a fake version and then use it to carry out SSL attacks.

Now in English: as we explained when Lenovo had their trouble, this kind of flaw interferes at the level where your computer and a secure website are showing each other their metaphorical ID. Instead of a secure site and your PC comparing notes with each other directly, a hole like this allows a third party to interfere.

That means instead of something like an online banking site saying directly to your computer, “I am me, here is my ID, please trust me now,” and your computer having something useful to compare that against, the SSL flaw functionally allows something else to pop in and say to your computer, “Oh, the bank? Yeah, that’s, uh, real. Totally real. Yup. Reality-real. Don’t worry about it. Here, trust me!” during the connection… even if the site you are visiting is fake.

The good news is, only about 24 hours elapsed between the security flaw going public yesterday and Dell issuing an apology and announcing a fix today.

As the Verge points out, Dell has somewhat ironically marketed itself on the back of not having security flaws like Superfish. Unlike Lenovo’s advertising malware, the point of Dell’s certificate is to allow remote, online support to be able to report back the system model and specifications, for ease service.

But intent isn’t magic, and a flaw is still a flaw. So Dell is pushing an update today that should scan their computers for the certificate and remove it if present.

Dell apologizes for laptop security scare, will remove vulnerability today [The Verge]

42 Million Drivers Likely Grateful They’ll Be Paying Lowest Thanksgiving Gas Prices Since 2008

Tue, 2015-11-24 21:41

(Enokson)The roads are going to be crowded this Thanksgiving, with 42 million drivers expected to travel the highways and byways of the U.S. According to AAA, they’ll be enjoying the lowest prices at the gas pump for the holiday since 2008.

Retail averages have fallen for 17 straight days for a total drop of $0.15 per gallon, the travel and leisure group said this week.

The current national average gas price is $2.07, but more than half the gas stations in the country are now selling gas for under $2 a gallon. The rest of the U.S. is slated to hit that mark by Christmas.

Drivers may be even more grateful when reflecting on gas prices past: last year on Thanksgiving the national average price for a gallon of gas was about $0.75 more.

The most fortunate drivers are those buying gas in Indiana ($1.82 a gallon), Ohio ($1.83), and Oklahoma ($1.85), while the most include Hawaii ($2.83), California ($2.73) and Nevada ($2.59).

Lawsuit Claims Kate Spade Advertised Imaginary Outlet Prices

Tue, 2015-11-24 21:04

(Jeepers Media)In yet another of alleged imaginary discount prices, Kate Spade shoppers have filed a proposed class-action lawsuit claiming that the brand’s outlet stores sold items marked as a steal of a deal, when really they were never sold at a higher price or in higher-end boutiques in the first place.

The lawsuit filed in California accuses Kate Spade’s outlet stores of advertising big markdowns on merchandise that was originally made to be sold at that discount price (h/t

One plaintiffs says she bought a handbag from a Kate Spade outlet that had been advertised as 70% off the retail price of $355. She scored it for what she thought was a discount at $142, but claims in the lawsuit that the bag was never intended to be sold for the higher price.

According to the lawsuit, “Kate Spade misrepresented the existence, nature and amount of price discounts to consumers in its outlet stores by purporting to offer specific percentage discounts from expressly referenced former retail prices, which were represented as ‘our price’ retail prices.”

The plaintiffs allege that the brand has been selling merchandise that was “made exclusively for sale at the outlets and never intended to be sold at non-outlet stores,” the lawsuit states, claiming that “thousands of consumers … were victims of Kate Spade’s deceptive, misleading and unlawful pricing schemes and thousands more will be deceived if Kate Spade’s practices continue.”

This isn’t the first time a big name brand has been accused of peddling wares at fake discount prices: Michael Kors recently agreed to pay consumers a total of $4.88 million to make up for years of imaginary price tags.

Car Dealers Can’t Scream “Zero Down On All Leases” If Most Buyers Won’t Qualify For Deal

Tue, 2015-11-24 20:40

leasenonoCar dealers are known for hyperbolic slogans like “Everybody rides!” or “Nobody walks away from our lot!,” but that sort of puffery is a far cry from repeatedly claiming that the advertised lease price includes “Zip, Zero, Zilch — Nothing Down!” only to hide the ugly truth in fine print that most people won’t understand.

The Federal Trade Commission announced today that it had reached a settlement with some Ohio car dealers who were zealous in advertising their zero down payment promotions, but not as forthcoming in revealing how few people could actually qualify for the deal.

According to the administrative complaint [PDF] filed by the FTC against Progressive Chevrolet Company and Progressive Motors, both of Massillon, OH, the car dealers ran ads for cars, each featuring specific monthly pricing, and each accompanied with the “Zip, Zero, Zilch…” and “Sign & Drive!” touts.

And right across the top of those ads, it explicitly states that this applies to “ALL LEASES,” but following the tiny asterisk next to the prices leads one to the microprint at the bottom of the page.

That’s where the dealer reveals that the advertised payment amount does not include tax, title, and fees. Even if you assumed that the actual monthly payment would be higher, it’s the next fine-print disclosure that is the most problematic — that zero down offer is subject to an 800 BEACON score or higher.

What’s a BEACON score? Good question. It’s an industry-specific credit score offered by EquiFax, and not only is it unlikely that most people are familiar with the term, most consumers fall short of the 800 threshold required to qualify for the advertised leases.

According to the FTC, fewer than 20% of American consumers have a BEACON score of at least 800, meaning 4-in-5 car buyers would not be able to get the deal touted in the Progressive ads.

This failure to adequately disclose a material condition of obtaining a lease is a violation of the FTC Act, according to the complaint. The dealers were also accused of violating the Consumer Leasing Act by mentioning specific monthly lease payment amounts without fully disclosing additional terms as required by law, including the total amount due at consummation or delivery, the number of payments and their amounts and timing, and whether or not a security deposit is required.

General Mills Sets A Goal To Buy Only Cage-Free Eggs By 2025

Tue, 2015-11-24 20:13

(PepOmint)Following moves by several other major food companies and restaurants, General Mills has announced a new goal of only buying cage-free eggs in the U.S.

The change will be far from immediate: General Mills has set a date of 2025 for the effort to reach fruition, reports Reuters.

General Mills previously said in July that it was working on going entirely cage-free with eggs used in its products, but didn’t give any details on when that would happen.

Unsurprisingly, the move is being met with approval by animal rights groups.

“General Mills is further demonstrating that confining hens in cages has no place within our food system. We applaud the company for its great work,” said Josh Balk, senior food policy director for the Humane Society of the United States.

Rival company Kellogg was about a month ahead of General Mills this time, after promising in October that it would only use eggs from cage-free hens, also by 2035. In the restaurant world, Panera promised to source only cage-free eggs by 2020; McDonald’s pledged to go the cage-free route for all eggs served in its 16,000 U.S. and Canadian locations within 10 years; Taco Bell is aiming for cage-free eggs by the end of 2016 and Burger King is working toward a 2017 deadline for its cage-free initiative.

Justice Department Investigating Comcast’s Influence On Cable TV Ads

Tue, 2015-11-24 20:04

Comcast-owned Comcast Spotlight partners offers ad sales services to smaller pay-TV providers.You know when you’re watching national prime-time TV and, after a bunch of ads for big-name brands you’ll suddenly be treated with a commercial for some local car dealer? Those are called “spot” ads and Comcast is being investigated for possibly having too much control over their sales.

Unlike the rest of the ads that you’ll see during that hour of programming, the couple of minutes of spot ads aren’t sold by the network you’re watching. For national advertisers who want to target local markets during these few available seconds, the option is often to go to a company called NCC Media — which just happens to be co-owned by Comcast, Time Warner Cable, and Cox.

Regional advertisers who want to cover their bases by buying spot ads that everyone in their market will see do so through an “interconnect,” a fancy term for a cooperative of local pay-TV companies. Comcast manages more than half of the interconnects in the nation’s top 50 markets.

Then on the local level, when an advertiser wants to just reach one company’s audience in one market, they can sometimes buy the ad time through that particular pay-TV provider. But a number of smaller cable companies have handed off their ad management business to third party sales rep firms, the biggest of which is Comcast Spotlight.

Which is why, according to the Wall Street Journal, the Justice Department has served Comcast with a civil investigative demand, focusing on “monopolization or attempted monopolization” of the spot cable ad sales business.

During the antitrust review of Comcast’s failed acquisition of Time Warner Cable, concerns about the spot ad market were raised by competitors who felt that combining Comcast Spotlight with TWC’s existing spot sales business would give one company too much control over the multibillion-dollar field.

Some competitors accused Comcast of using its dominance in the interconnect business to force smaller pay-TV providers to use Comcast Spotlight as ad sales reps, effectively shutting out existing competition.

It’s not clear whether this investigation is an offshoot of the TWC merger review or if something else spurred the DOJ on. Similarly, there is no way to say at this point if anything will come of the investigation other than requesting some information from Comcast and a few other companies.