Hello, welcome to the Wednesday, December 6th, 2017 edition of the Sansonet Storms and Stormcast. My

name is Johannes Ulrich and I'm recording from Jacksonville, Florida. Some mobile keyboards have long been

in the crosshairs of privacy advocates just because they essentially collect all the data you type.

One example is AI type.

AI type claims to use artificial intelligence as the name implies in order to create a better typing experience.

Now apparently in the AI type case, some of the data collected

ended up in an unsecured MongoDB database. This was found by Chrome Tech Security Center, which

then notified AI type and AI type and then promptly secured the database.

No telling if anybody else got the data.

According to AI type, the data did not include any keyboards or such,

but as they describe it, mostly statistical behavior information about user use patterns of the keyboard.

They also state that only about half of the data that they had available was exposed.

Now spoofing the from header in an email is probably one of the oldest tricks out there, but it has

gotten a little bit more difficult lately with spam filters and such, obeying things like

D-KIM, D-Mark, SPF, all these good standards.

Now in order to be able to still make the user believe that an email came from a certain

from address, there is a fairly common trick and that involves UTF encoding the from

address.

Now, if you UTF encode the from address, then essentially you're sort of using a base 64 encoded UTF8 string,

it does bypass many of the spam filters and depending on the main mail client is still displayed as the fake from address.

Now while this is not terribly difficult to pull off, there are variations in different mail

readers, how they are displaying these types of from addresses.

...