UEFA website leaked user profile data
Anyone who buys a ticket or orders an official guest package on the UEFA website must register. Regardless of the login method chosen, UEFA saves at least the email address in a profile. While researching another article, c’t editors happened upon a UEFA subdomain that spat out first names and email addresses in JSON format. Further research revealed that created profiles only appeared in the list when the user deleted them in the UEFA profile under the menu item “Data protection”. The data leak dripped until c’t made the football association aware of it. The API was then shut down within 24 hours. UEFA is currently still checking whether it will inform the fans concerned about the incident. In their opinion, however, this is not legally necessary. It remains to be seen whether or not she is correct: In principle, the GDPR applies because customers are served in the EU, even if UEFA is based in Switzerland.
Global minimum tax for businesses
Around 130 countries have agreed on a global minimum tax for international companies. The countries participating in the agreement account for around 90 percent of global economic output, said the Organization for Economic Cooperation and Development (OECD). Federal Finance Minister Olaf Scholz sees the agreement as “colossal progress” on the way to more tax justice. He spoke of an “actual, really massive change that we will see for the next few years and decades.” The tax race to the bottom was over, he said in Washington.
Our weekday news podcast delivers the most important news of the day compressed to 2 minutes. If you use voice assistants such as Amazon Alexa or Google Assistant, you can also hear or see the news there. Simply activate the skill on Alexa or say to the Google Assistant: “Play heise top”.
Printer gap PrintNightmare in Windows
Microsoft has released new information about the security vulnerability called PrintNightmare. Among other things, the software company warns that attackers are already actively exploiting the vulnerability. The extent to which this will take place is currently unknown. Since there is no security update yet, admins have to act now and protect systems temporarily with an interim solution. You can find step-by-step instructions for this at heise.de.
Tired of video chats
After the end of the corona pandemic, the majority of Germans would like to forego video conferences and chats again. That comes from a YouGov survey on behalf of Web.de and GMX. Less than a third of those surveyed want to continue using video telephony services on a regular basis. The overwhelming majority also prefer to attend further education and training in the analog world.