Security, Spoken

In these predominantly digital times, it's all too easy to build up a long trail of unused accounts that are now gathering dust: free trials that you never followed up on, streaming services you abandoned, on-demand clothing boxes that in the end weren't quite what you were looking for, and so on. In some ways these old accounts aren't doing any harm besides gathering virtual dust or sending you the occasional email nag. Learn about your ad choices: dovetail.prx.org/ad-choices

Spend enough time on the social media app TikTok, and you’re bound to see a Life360 meme. That’s because Life360, a location-sharing app aimed at families, is apparently ruining the lives of teenagers all across the United States. The service allows parents to track their kids’ whereabouts in real time, among other features. As one girl with long blond hair jokes in a popular TikTok clip, it’s set her summer vacation on fire. Learn about your ad choices: dovetail.prx.org/ad-choices

In the wake of jarring revelations about how United States law enforcement agencies have deployed facial recognition, Congress seemed, for a moment, galvanized to act. Based on a Homeland Security Committee hearing in the House Wednesday, that moment appears to be fading—as hundreds of local, state, and federal law enforcement officials continue to amass and access the controversial data every day. Learn about your ad choices: dovetail.prx.org/ad-choices

You may not recognize the name Magecart, but you’ve seen its impact. A set of sophisticated hacking groups, Magecart has been behind some of the bigger hacks of the past few years, from British Airways to Ticketmaster, all with the singular goal of stealing credit card numbers. Think of them as the ATM skimmers of the web. And thanks to poor security hygiene, they’ve managed to hit 17,000 domains in the past few months alone. Learn about your ad choices: dovetail.prx.org/ad-choices

Next week, Amazon will celebrate Prime Day, a bacchanal of modestly discounted ephemera. But amid the flurry of cheap TVs and ebooks and what else, maybe Instant Pots? Watch out for this clever phishing campaign that might hit your inbox. Researchers from security company McAfee today have shared details of a so-called phishing kit, which contains the tools an aspiring hacker would need to kick off a phishing campaign, designed to target Amazon customers. Learn about your ad choices: dovetail.prx.org/ad-choices

The announcement came as we began to board. Last month, I was at Detroit’s Metro Airport for a connecting flight to Southeast Asia. I listened as a Delta Air Lines staff member informed passengers that the boarding process would use facial recognition instead of passport scanners. WIRED OPINION ABOUT Allie Funk is a research analyst for Freedom on the Net, Freedom House's annual country-by-country assessment of internet freedom. She focuses on developments in the US and Asia. Learn about your ad choices: dovetail.prx.org/ad-choices

YouTube is currently under investigation by the Federal Trade Commission following complaints that the platform improperly collected data from young users. It’s unclear how much data this might be, but there’s reason to believe it could be a lot. For many kids, YouTube has replaced television; depending on how parents use online platforms, children could begin to amass data even before birth. Learn about your ad choices: dovetail.prx.org/ad-choices

Six months of 2019 are on the books already, and certainly there have been six months' worth of data breaches, supply chain manipulations, state-backed hacking campaigns, and harbingers of cyberwar to show for it. But the hallmark of 2019, perhaps, is feeling like the worst is yet to come. Ransomware is an ever-growing threat, corporate and US government security is still a mess, and geopolitical tensions are rising worldwide. Learn about your ad choices: dovetail.prx.org/ad-choices

Stalkers have ways of tracking you even without fancy malware, airport facial recognition is becoming more common, and WIRED has some advice on how to take the very best fireworks photos. Here's the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every weekday? Sign up here! Today's Headlines Opting out of facial recognition at the airport isn't easy. Learn about your ad choices: dovetail.prx.org/ad-choices

One morning a couple of weeks ago, I handed my iPhone to my wife and asked her to help with with a privacy experiment. She would use my handset to track my location for the next few days, and with only the software I already had installed. Like a lot of couples, my wife and I know each other's phone PINs. So I left her with the device as I walked into our bathroom to take a shower, simulating an opportunity that I figured would present itself daily to snooping spouses. Learn about your ad choices: dovetail.prx.org/ad-choices

Ransomware has no shortage of cautionary tales and wakeup calls from the past decade. But for local governments, this past year has been a particularly brutal reminder of the threat. Learn about your ad choices: dovetail.prx.org/ad-choices

As we approach the July 4 holiday, the security world had no shortage of fireworks—starting with a hacker group, likely from China, that has spent years breaking into carriers in an effort to hoover up metadata from prime targets. Russia gets most of the attention lately, but never count out China's sophistication and verve. Also never count out Excel as a popular target for hackers. Learn about your ad choices: dovetail.prx.org/ad-choices

In a weeks-long stretch in 2014, hackers stole thousands of dollars a day in cryptocurrency from owners. In 2017, internet outages cropped up around the United States for hours. Last year, Google Cloud suffered hours of disruptions. Earlier this month, a large swath of European mobile data was rerouted through the state-backed China Telecom. And on Monday, websites and services around the world—including the internet infrastructure firm Cloudflare—experienced hours of outages. Learn about your ad choices: dovetail.prx.org/ad-choices

On February 22, cybersecurity researcher Filippo Cavallarin told Apple that he had found a bug in macOS. Left unchecked, the vulnerability could let malware slip past the operating system’s Gatekeeper security feature ndetected. According to Cavallarin, Apple said it would fix the problem by mid-May. Learn about your ad choices: dovetail.prx.org/ad-choices

You probably think of Microsoft's classic spreadsheet program Excel as mostly boring. Sure, it can wrangle data, but it's not exactly Apex Legends. For hackers, though, it's a lot of fun. Like the rest of the Office 365 suite, attackers often manipulate Excel to launch their digital strikes. And two recent findings demonstrate how the program's own legitimate features can be used against it. Learn about your ad choices: dovetail.prx.org/ad-choices

Like many people, I use Venmo to pay for stuff: to split the check at dinner, to send my roommate my portion of the utility bills each month, to reimburse friends for concert tickets. It's a useful app for sending and receiving money, regardless of who you bank with. WIRED OPINION ABOUT Dan Salmon is a masters graduate from Minnesota State University who specializes in information security. Learn about your ad choices: dovetail.prx.org/ad-choices

For anyone who's worried that their phone might be hacked to track their location, who they call and when, and other metadata that describes the intimate details of their life, one cyberespionage group has provided a reminder that hackers don't necessarily even need to reach out to your device to gain that access. It may be far easier and more efficient for sophisticated stalkers to penetrate a mobile provider, and use its data to surveil whichever customers they please. Learn about your ad choices: dovetail.prx.org/ad-choices

According to recent polling, Americans view malicious cyber activity as their top security concern—ahead of the economy, nuclear threats, and ISIL. This fear is well-justified. Within the last couple of years, there have been cyberattacks in the United States against the electoral system, the financial industry, the power grid, and hospitals. Learn about your ad choices: dovetail.prx.org/ad-choices

When two countries begin to threaten war in 2019, it's a safe bet that they've already been hacking each other's networks. Learn about your ad choices: dovetail.prx.org/ad-choices

The week began with a tricky Google Calendar phishing scam, and ended with Iran ramping up its cyberattacks against the US, as talk of war with that nation mounts. That, as they say, escalated quickly. Before things took a turn for the geopolitical, we walked you through a dead simple way to stop data breaches with... database encryption. We explained why Google is getting retro when it comes to ways to encrypt data sets. Learn about your ad choices: dovetail.prx.org/ad-choices

In 2013, Amy Krekelberg received an unsettling notice from Minnesota’s Department of Natural Resources: An employee had abused his access to a government driver’s license database and snooped on thousands of people in the state, mostly women. Krekelberg learned that she was one of them. Learn about your ad choices: dovetail.prx.org/ad-choices

Certain studies require sensitive datasets: the relationship between nutritious school lunch and student health, the effectiveness of salary equity initiatives, and so on. Valuable insights require navigating a minefield of private, personal information. Now, after years of work, cryptographers and data scientists at Google have come up with a technique to enable this "multi-party computation" without exposing information to anyone who didn't already have it. Learn about your ad choices: dovetail.prx.org/ad-choices

Not so long ago, companies that cracked personal devices on behalf of governments did so in secret, closely guarding even the descriptions of their capabilities. Now, it seems, they proudly tweet about their updated abilities to hack into new iPhones, like a video game firm offering an expansion pack. Learn about your ad choices: dovetail.prx.org/ad-choices

At this point, you're probably keeping an eye out for possible phishing messages in your email. You know the drill: If you have any doubts, don't click links or download attachments. That's difficult enough to adhere to in practice. Now, thanks to new findings from the threat intelligence firm Kaspersky, along with phishing texts, phishing tweets, and phishing pop-ups, you need to worry about one more thing: phishing in your calendar. Learn about your ad choices: dovetail.prx.org/ad-choices

Data breaches and exposures have been so rampant over the last few years that it's difficult to even keep track at this point, much less step back to mull a solution. But, perhaps out of necessity, researchers from the database giant MongoDB have spent the last two years developing a new database encryption scheme aimed squarely at reducing these damaging incidents. Their secret weapon? Radical simplicity. The idea of encrypting databases in various ways isn't new. Learn about your ad choices: dovetail.prx.org/ad-choices

There's a new scam getting after your Google Calendar, you can now control TVs with your eyes, and it's time to get your smorgasbord of cell phone photos organized. Here's the news you need to know, in two minutes or less. Want to receive this two-minute roundup as an email every week day? Sign up here! Today's Headlines A tricky scam plants phishing links in your calendar You hopefully already know to avoid phishing emails ... and texts ... and popups . Learn about your ad choices: dovetail.prx.org/ad-choices

There's a new battleground in the browser wars: user privacy. Firefox just made its Enhanced Tracking Protection a default feature, Apple continues to pile privacy-focused features into its Safari browser, and people are more aware than ever before of the sort of information they can reveal every time they set a digital footprint on the web. If you want to push back against online tracking, you've got several options to pick from when choosing a default browser. Learn about your ad choices: dovetail.prx.org/ad-choices

It’s mid June, and according to tradition, the news cycle is supposed to be lethargic, cooling off in a hammock somewhere and taking it easy. Not so much this week. It started off well enough: On Sunday we explained how to actually, finally stop all those robocalls---or at least slow them down. But then Monday hit, and the US government confirmed that hackers had stolen a border agency database full of traveler photos. Learn about your ad choices: dovetail.prx.org/ad-choices

Amazon cloned an entire neighborhood, a dangerous hacker group takes aim at the US electrical grid, and the world remembers a running great. Here's the news you need to know, in two minutes or less. Learn about your ad choices: dovetail.prx.org/ad-choices

In May 2018, the Middle East-focused free speech and information access group Majal suffered a major cyberattack. Someone had managed to infiltrate a Majal Amazon Web Services account, access a content repository and backups, and wipe out six months of user data and posts across the organization's various message boards and social media platforms. Learn about your ad choices: dovetail.prx.org/ad-choices

The internet-wide push to encrypt more web traffic has resulted in a wave of safer, snoop-proof connections. The next challenge, though, is completing that transition from using a mixture of unencrypted HTTP and protected HTTPS to requiring that baseline protection everywhere. And over the past year, Google has been publicly offering a simple and straightforward way for websites to eliminate these subtle weak spots. Learn about your ad choices: dovetail.prx.org/ad-choices

When the European Union enacted the General Data Protection Regulation (GDPR) a year ago, one of the most revolutionary aspects of the regulation was the “right to be forgotten”—an often-hyped and debated right, sometimes perceived as empowering individuals to request the erasure of their information on the internet, most commonly from search engines or social networks. WIRED OPINION ABOUT Darren Shou is vice president of research at Symantec. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the past 18 months, Google has pushed to improve Chrome extension security—a welcome goal given the sketchy morass of extensions that have been out there for years. But one proposed change related to this effort threatens to hobble ad blocking extensions. And the pending transition has set up a showdown between Google, ad blocker makers, and even other browsers. Learn about your ad choices: dovetail.prx.org/ad-choices

Radiohead owned some hackers, the T-Mobile/Sprint merger runs into some hiccups, and a Swedish mining town is being picked up and moved. Here's the news you need to know, in two minutes or less. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday, Radiohead guitarist and composer Jonny Greenwood made an announcement on Twitter and Facebook: The band had been "hacked," and the perpetrator attempted a $150,000 shakedown to prevent the public release of the files. In response? Radiohead dumped all of it online for free. You can stream it below for the next 18 days, or buy it on Bandcamp for about $23. All proceeds will go to a climate protest organization called Extinction Rebellion. Learn about your ad choices: dovetail.prx.org/ad-choices

For years, countries have spoken in vague terms about creating domestic internets that could be isolated from the world at will. Now, we’re seeing some begin to execute that vision. Last month, Iran announced its national information network, or its domestic internet, is 80 percent complete. Learn about your ad choices: dovetail.prx.org/ad-choices

Apple's Worldwide Developers Conference kicked off the week, bringing with it some interesting security enhancements for iOS and macOS users. The company will start offering its own single sign-on option, competing with Google and Facebook but with enhancements those two currently don't offer. And it rejiggered its Find My feature using some very clever cryptography. Learn about your ad choices: dovetail.prx.org/ad-choices

Five days ago, the internet had a conniption. In broad patches around the globe, YouTube sputtered. Shopify stores shut down. Snapchat blinked out. And millions of people couldn’t access their Gmail accounts. The disruptions all stemmed from Google Cloud, which suffered an prolonged outage—which also prevented Google engineers from pushing a fix. Learn about your ad choices: dovetail.prx.org/ad-choices

The Russian meddling that rocked the 2016 United States presidential election gave the public a full view of something election officials and advocates have warned about for years: weak voting infrastructure and election systems around the US, and a lack of political will and funding to strengthen them. Two and a half years later, real progress has been made in key areas. But with a new presidential election less than 18 months away, glaring systemic risks remain. Learn about your ad choices: dovetail.prx.org/ad-choices

Campaign finance laws prohibit businesses and even many nonprofits from directly contributing to political campaigns. They can’t even send pizza. Now, the United States Federal Election Commission may apply the same laws to block a cybersecurity firm from offering free or low cost defense services to campaigns, at a time when those protections are badly needed. Learn about your ad choices: dovetail.prx.org/ad-choices

At Apple's Worldwide Developers Conference on Monday, the company debuted a slew of products and services, including a new Mac Pro that's part raw computing power, part cheese grater. But one new feature, mentioned in passing, could have an outsized impact on user security and privacy for years to come. Apple now has its own single-sign-on scheme—and it's a major reimagining of how such a mechanism can work. You've seen single-sign-on before, even if you don't use it. Learn about your ad choices: dovetail.prx.org/ad-choices

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. Learn about your ad choices: dovetail.prx.org/ad-choices

Apple (the company) is rolling out a new sign-on feature, the Big Apple (the city) is pushing a groundbreaking privacy law, and Hot Wheels cars are being put to the test. Here's the news you need to know, in two minutes or less. Today's Headlines New York is set to pass a landmark privacy law Just last week, California passed a historic privacy bill that gave people the power to know how their data was being shared, and the ability to request changes or stop sharing it all together. Learn about your ad choices: dovetail.prx.org/ad-choices

Two hours into his keynote at Apple’s Worldwide Developer's Conference last June, senior vice president Craig Federighi revealed a new privacy feature in MacOS Mojave that forces applications to ask the user if they want to "allow" or "deny" any request to access sensitive components and data, including the camera or microphone, messages, and browsing history. The audience dutifully applauded. Learn about your ad choices: dovetail.prx.org/ad-choices

In 1999, Apple released a slew of new features with Mac OS 9, calling it "the best internet operating system ever." The idea was to unlock the full potential of the turquoise plastic iMac G3—the Internet Mac!—released in 1998. But 12-year-old Joshua Hill didn't have an iMac. To take advantage of all the new connectivity from his parents' mid-'90s Mac Performa, he needed a modem that would plug into the computer through one of its chunky "serial" ports. Learn about your ad choices: dovetail.prx.org/ad-choices

Returning to work after a long weekend is always rough—especially if you have to deal with a looming worm attack or yet another disinformation operation on your networks! Which was the case in the security world this week. Despite dire warnings and an urgent update issued from Microsoft, customers are taking too long to patch a critical vulnerability that still remains in approximately 900,000 Windows computers. Learn about your ad choices: dovetail.prx.org/ad-choices

One of the most difficult things about detecting manipulated photos, or "deepfakes," is that digital photo files aren't coded to be tamper-evident. But researchers from New York University's Tandon School of Engineering are starting to develop strategies that make it easier to tell if a photo has been altered, opening up a potential new front in the war on fakery. Learn about your ad choices: dovetail.prx.org/ad-choices

Two weeks have passed since Microsoft warned users about a critical vulnerability in a common Windows protocol that could enable a hacker to remotely take over machines without even a click from their owners, potentially allowing an infectious worm to rip through millions of PCs. That bug might be fading from the headlines, but it still lingers in at least 900,000 computers. Learn about your ad choices: dovetail.prx.org/ad-choices

After years of issues with rogue Chrome extensions, hijacks, and malware, Google announced a slew of new policies Thursday to ensure the little browser applets are secure. The improvements come as part of a wider company push to evaluate how much user data third-party applications can access. Google launched the audit, known as Project Strobe, in October alongside an announcement that Google+ had suffered data exposures and would be shuttered. Learn about your ad choices: dovetail.prx.org/ad-choices

Last August, researchers from the threat intelligence firm FireEye uncovered a vast social media influence campaign, conducted by a network of inauthentic news outlets and fake personas with ties to Iran. Their findings were a stark reminder that these kinds of tactics aren't limited to Russia. Now FireEye has published a sequel of sorts, documenting the evolving methods of disinformation actors are using across social media platforms and other outlets to promote Iranian interests online. Learn about your ad choices: dovetail.prx.org/ad-choices