Security, Spoken

The Mueller report has been sitting in the Justice Department for nearly two weeks. Attorney general William Barr told Congress Wednesday he’s hoping the public will finally get a look at the 300-plus page document sometime within the next week, ending a bizarre period of dissembling and fumbling by Barr that has left America with more questions than answers about the seriousness of what Mueller uncovered. Learn about your ad choices: dovetail.prx.org/ad-choices

It was another busy week in the security world, and perhaps the biggest story was the arrest of Julian Assange in London on Thursday. The WikiLeaks founder is facing criminal charges in the US over allegations that he conspired to help Chelsea Manning hack into Pentagon computer networks nine years ago. It’s hardly an open-and-shut case, which Andy Greenberg broke down shortly after the indictment was unsealed. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech news you can use, in two minutes or less: Julian Assange charged with computer hacking. WikiLeaks founder Julian Assange was arrested today in London and faces hacking charges from the US government. The indictment, which was unsealed today, centers around an allegation that Assange promised to help then Army-private Chelsea Manning gain access to classified materials. Learn about your ad choices: dovetail.prx.org/ad-choices

If you use a smart speaker, you know all of the conveniences and delights that make it more than just a glorified paper weight. But, admit it, you've probably given it some privacy side-eye from time to time. After all, it is a microphone that just sits in your house waiting for a wake word to start recording what you say. Here's how to tighten the reins on what Alexa, Google Assistant, and Siri can hear, when, and how it gets used. It's a good time to take stock. Learn about your ad choices: dovetail.prx.org/ad-choices

For the first time since 2012, WikiLeaks founder Julian Assange no longer has the legal protections of the Ecuadorean Embassy in London. He now faces the criminal charges he's always suspected and feared—although it's now clear that he's accused of criminal behavior not as a journalist, or even a spy, but a hacker. On Thursday, London's metropolitan police physically dragged Assange out of his residence at the embassy and into a police van. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the past few years, scammers have increasingly siphoned cash off of digital payment networks, stealing hundreds of millions of dollars so far. Not only is the problem hard to contain; new findings show that it's evolving and maturing, with new types of ATM malware on the rise. Researchers at the Kaspersky Security Analyst Summit in Singapore are presenting findings on Wednesday about a new wave of payment system scams. Learn about your ad choices: dovetail.prx.org/ad-choices

Private companies around the world have evolved a gray industry supplying digital surveillance and hacking tools to governments and local law enforcement. As the once little-known practice has grown, so too has the resulting malware. Researchers have now found that one of these spyware products, which had previously been found on the Google Play Store, also targeted iOS. Learn about your ad choices: dovetail.prx.org/ad-choices

When the malware known both as Triton and Trisis came to light in late 2017, it quickly gained a reputation as perhaps the world's most dangerous piece of code: the first ever designed to disable the safety systems that protect industrial facilities from potentially lethal physical accidents. But Triton hackers still have to engage in a far more common forms of hacking to plant that code, in some cases spending close to a year digging their way through IT networks before they reach their targets. Learn about your ad choices: dovetail.prx.org/ad-choices

In March 2017, the Android security team was feeling pleased with itself. The group had detected, analyzed, and neutralized a sophisticated botnet built on tainted apps that all worked together to power ad and SMS fraud. Dubbed "Chamois," the malware family had already cropped up in 2016, and was being distributed both through Google Play and third-party app stores. So the Android team started aggressively flagging and helping to uninstall Chamois until they were sure it was dead. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech news you can use, in two minutes or less: Hackers found their way into Apple's ecosystem, and possibly your phone Cyber criminals have been directing users to download something called Exodus, an app that was actually malware. It allowed access to photos, videos, device IDs, audio recordings, and contacts, potentially tracking a victim's location and listening to their conversations through the microphone. Learn about your ad choices: dovetail.prx.org/ad-choices

What a week for Facebook. The news blitz began over the weekend, as the company responded to multiple recent controversies, from livestreaming to disappearing blog posts. Then on Wednesday, security researchers at UpGuard found that two different third-party apps left more than 540 million Facebook records unprotected in the cloud. On Friday, we reported that Facebook had been letting cybercrime groups operate in plain sight. It never ends. Learn about your ad choices: dovetail.prx.org/ad-choices

Years into the robocalling frenzy, your phone probably still rings off the hook with "important information about your account," updates from the "Chinese embassy," and every bogus sweepstakes offer imaginable. That's despite promises from the telecom industry and the US government that solutions would be coming. Much like the firehose of spam that made email almost unusable in the late 1990s, robocalls have made people in the US wary of picking up their cell phones and landlines. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook's failure to moderate bad behavior on the sprawling online world it created, from political trolls to extremist content to livestreamed acts of horrific violence, has received a torrent of criticism. But one group of researchers found that the social media giant is also failing to police a far more basic and decades-old internet problem among its users: plain old cybercrime. Learn about your ad choices: dovetail.prx.org/ad-choices

“If it ain’t broke, don’t fix it,” the adage goes. But for the sunset of Patriot Act authorities later this year—including Section 215, a controversial provision that allows the National Security Agency to collect records, including those about Americans’ phone calls—the more applicable phrase may be “If it keeps breaking, throw it out. Learn about your ad choices: dovetail.prx.org/ad-choices

On Saturday afternoon, Yujing Zhang arrived at Mar-a-Lago and approached a Secret Service agent, seeking entry. She explained, according to court documents, that she was there to use the pool. What happened next illustrates just how hard it is to secure President Trump’s home away from the White House, and it joins a steadily growing number of concerning incidents. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech news you can use, in two minutes or less: Facebook exposed your personal information ... again Researchers discovered hundreds of millions of Facebook users' data was left unprotected once again, this time on Amazon's servers. The information exposed was stuff like names, passwords, comments, interests, and likes. The tl;dr: Facebook doesn't seem to have much control over what third parties do with your data, basically ever, so you might want to lock down those privacy settings. Learn about your ad choices: dovetail.prx.org/ad-choices

Researchers at the cybersecurity firm Upguard have discovered two troves of unprotected Facebook user data sitting on Amazon’s servers, exposing hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The datasets had been uploaded to Amazon’s cloud system by two different Facebook app developers. Learn about your ad choices: dovetail.prx.org/ad-choices

In December, Mastercard announced that it was working to develop an international digital identity scheme which could be used as a flexible verifier for financial transactions, government interactions, or online services. The idea of a secure, decentralized, universal ID has become a sort of holy grail in the age of rapid digital interactions and rampant identity fraud. Mastercard's initial announcement was met with some skepticism from privacy-minded observers. Learn about your ad choices: dovetail.prx.org/ad-choices

A report on Thursday from a British government oversight group found that Chinese telecom-equipment maker Huawei has basic, but deeply problematic flaws in its product code that create security risks. The shortcomings, many of which Huawei had previously promised to improve, stem from issues with its software development processes, according to the report. Learn about your ad choices: dovetail.prx.org/ad-choices

"Right to repair just basically says, ‘Hey guys, you got to make the information and the parts available.’" U.S. Sen. Elizabeth Warren, appearing on All In with Chris Hayes, Wednesday March, 27. Our work to help people fix their stuff reached a milestone last week, when Massachusetts Senator Elizabeth Warren called for Right to Repair to support farmers struggling with growing antitrust issues in agriculture. Learn about your ad choices: dovetail.prx.org/ad-choices

With so much of our lives lived online, people have often assumed that the pictures, financial documents, and other sensitive information we store on our password-protected phones and computers are kept private. But every day, it seems there’s a new data breach, or another story about our information being passed around in ways we couldn’t imagine. WIRED OPINION ABOUT Molly Davis is a policy analyst at Libertas Institute, a policy think tank in Utah. Learn about your ad choices: dovetail.prx.org/ad-choices

Ransomware has long been the scourge of the cybersecurity industry. When that extortionate hacking goes beyond encrypting files to fully paralyze computers across a company, it represents not just a mere shakedown, but a crippling disruption. Now a nasty new breed of ransomware known as LockerGoga is inflicting that paralysis on industrial firms whose computers control actual physical equipment, and it's enough to deeply spook security researchers. Learn about your ad choices: dovetail.prx.org/ad-choices

Widespread adoption of the web encryption scheme HTTPS has added a lot of green padlocks—and corresponding data protection—to the web. Almost all of the popular sites you visit every day likely offer this defense, called Transport Layer Security (TLS), which encrypts data between your browser and the web servers it communicates with to protect your travel plans, passwords, and embarrassing Google searches from prying eyes. Learn about your ad choices: dovetail.prx.org/ad-choices

Nothing much happened this week except, oh yeah, special counsel Robert Mueller filed his report on Friday night. Though attorney general William Barr now has the report in hand, the American people will still have to wait to see how much of it he decides to make public. In anticipation of the report, Mueller expert Garrett Graff laid out what information it could contain that would get Trump impeached. Beyond Mueller, it was actually already a news-packed week. Learn about your ad choices: dovetail.prx.org/ad-choices

Today's news that hackers put backdoors into thousands of Asus computers using the company's own software update platform is a reminder of why supply-chain compromises are one of the scariest digital attacks out there. Attackers compromised Asus’s Live Update tool to distribute malware to almost a million customers last year, according to initial findings researchers at the threat intelligence firm Kaspersky Lab disclosed Monday. The news was first reported by Motherboard. Learn about your ad choices: dovetail.prx.org/ad-choices

At a typically glitzy launch event in Cupertino on Monday, Apple debuted the Apple Card, a new credit card offered in collaboration with Goldman Sachs and Mastercard. Apple claims it will resolve many consumer frustrations with current credit cards: the card will be simple to sign up for, there won't be any fees, and it will be easy to redeem rewards. Learn about your ad choices: dovetail.prx.org/ad-choices

In old spy novels, when two secret agents need to communicate with each other out in the field, one of them often leaves a document in an assigned place—tucked in the hollow of a tree trunk or between the pages of a certain library book. Once the first agent has safely vacated the scene, the second one moves in to fetch it. This maneuver—called a dead drop—may seem straight­forward. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech news you can use, in two minutes or less: Apple announced a whole lot of new things today Today's Apple Event had all kinds of updates: A new credit card, a new news subscription, and a new streaming subscription featuring celebrities from Oprah to Steven Spielberg and more. Let's break down exactly what's new: Apple News +, Apple's news subscription service: Roughly 300 magazines (including WIRED) within the Apple News App Designed for Apple devices $9. Learn about your ad choices: dovetail.prx.org/ad-choices

Continuing a now time-honored tradition of creating explosive news late on a Friday afternoon, special counsel Robert Mueller has delivered his final report to attorney general William Barr. The Mueller probe, which began not quite two years ago, has come to its conclusion. Time for the fallout—whatever form that takes. There are certain basic procedural facts that govern what happens next. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech news you can use, in two minutes or less: The Mueller Report, Finally After nearly two years of work, special counsel Robert Mueller has turned in his final report to the nation's attorney general, William Barr. But what happens next is anyone's guess. For now the report will be for Barr's eyes only, who at some point will submit his own report to Congress with as much, or as little, information as he chooses to share. So for now, we wait. Again. Learn about your ad choices: dovetail.prx.org/ad-choices

The internet is full of lies. That maxim has become an operating assumption for any remotely skeptical person interacting anywhere online, from Facebook and Twitter to phishing-plagued inboxes to spammy comment sections to online dating and disinformation-plagued media. Now one group of researchers has suggested the first hint of a solution: an "online polygraph" that uses machine learning to detect deception from text alone. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech news you can use, in two minutes or less: Change your Facebook password Facebook acknowledged a bug that caused hundreds of millions of user passwords (dating back to 2012) for both Facebook and Instagram to be stored as readable text internally. This basically means that thousands of Facebook employees could have searched for and found them. Facebook says they weren't accessible outside of the company, and that there's no evidence employees did in fact abuse or improperly access them. Learn about your ad choices: dovetail.prx.org/ad-choices

At this point, it’s difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description. And it just got even harder. On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. Learn about your ad choices: dovetail.prx.org/ad-choices

When school began in Lockport, New York, this past fall, the halls were lined not just with posters and lockers, but cameras. Over the summer, a brand new $4 million facial recognition system installed by the school district in the town’s eight schools from elementary to high school. The system scans the faces of students as they roam the halls, looking for faces that have been uploaded and flagged as dangerous. Learn about your ad choices: dovetail.prx.org/ad-choices

With more than 2 billion users, Android has a staggering number of devices to protect. But a "high-severity" bug that went undetected for more than five years—that attackers could exploit to spy on a user and gain access to their accounts—serves as a reminder that Android's impressive open source reach also creates challenges for defending a decentralized ecosystem. Learn about your ad choices: dovetail.prx.org/ad-choices

Steve Hardigree hadn't even gotten to the office yet, and his day was already a waking nightmare. As Googled his company's name that morning last June, Hardigree found a growing list of headlines naming the 10-person marketing firm he'd founded three years earlier, Exactis, as the source of a leak of the personal records of nearly everyone in the United States. Learn about your ad choices: dovetail.prx.org/ad-choices

As all of Washington—and the country—await the conclusion of Robert Mueller’s special counsel probe, which could come at any moment, House Speaker Nancy Pelosi put words last week to the as-yet-unspoken consensus on Capitol Hill: Impeaching the president will be a high bar. Learn about your ad choices: dovetail.prx.org/ad-choices

The world of antivirus is already fraught. You’re basically inviting all-seeing, all-knowing software onto your device, trusting that it’ll keep the bad guys out and not abuse its own access in the process. On Android, that problem is compounded by dozens of apps that aren’t just ineffective—they’re outright phony. That’s the finding of newly published research from AV-Comparatives, a European company that, as its name suggests, tests antivirus products. Learn about your ad choices: dovetail.prx.org/ad-choices

This week ended with terror, as a shooting in New Zealand took the lives of at least 49 people at two mosques in Christchurch, New Zealand. A video of the attack, livestreamed by the shooter on Facebook, quickly spread across all major internet platforms, which demonstrated a general inability to stop it. Separately, we took a look at how ICE leans on cozy relationships with local law enforcement to access license plate location data it wouldn't otherwise be allowed to. Learn about your ad choices: dovetail.prx.org/ad-choices

In January 2018 a group of hackers, now thought to be working for the North Korean state-sponsored group Lazarus, attempted to steal $110 million from the Mexican commercial bank Bancomext. That effort failed. But just a few months later, a smaller yet still elaborate series of attacks allowed hackers to siphon off 300 to 400 million pesos, or roughly $15 to $20 million from Mexican banks. Here's how they did it. Learn about your ad choices: dovetail.prx.org/ad-choices

It happened again. Facebook went down in several pockets around the world for several hours Wednesday, as did Facebook-owned Instagram and WhatsApp. The outage inspired the usual existential jokes—and rush to news sites, to fill the void—but also gave rise to conspiracy theories that hackers were the cause. As is almost always the case, those theories are wrong. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the last decade, license plate readers have become an increasingly popular tool for law enforcement around the United States. One federal agency that has aggressively pursued this data is US Immigration and Customs Enforcement, through a $6.1 million contract with a private firm called Vigilant Solutions. Learn about your ad choices: dovetail.prx.org/ad-choices

You’ve got no shortage of ways to send encrypted messages, and at least as many cloud services for sending large files. But the Venn diagram for the two remains surprisingly, inconveniently small. That’s the beauty of Mozilla’s Firefox Send, a free, intuitive, web-based service that lets you share large encrypted files, no strings attached. Send began in 2017 as an experiment, part of Firefox’s since-discontinued Test Pilot program. Learn about your ad choices: dovetail.prx.org/ad-choices

Venezuela's massive, nationwide power outages, which began on Thursday, have so far resulted in at least 20 deaths, looting, and loss of access to food, water, fuel, and cash for many of the country's of 31 million residents. Late Monday, the United States said its diplomats would leave the US embassy in Caracas, citing deteriorating conditions. Learn about your ad choices: dovetail.prx.org/ad-choices

This week, RSA, one of the biggest cybersecurity conferences of the year took place in San Francisco. Researchers demonstrated lots of new reasons to freak out about your data security, but they also highlighted new techniques for staying safe. There’s the clever new tool that can protect Macs using Apple’s video game logic engine. And the NSA even made an appearance, revealing an open-source version of a powerful cybersecurity tool that agency had developed in house. Learn about your ad choices: dovetail.prx.org/ad-choices

Aric Toler’s face is illuminated only by the glow of the video playing on his laptop. It’s dashcam footage, supposedly captured by a driver in the town of Makiivka in eastern Ukraine, showing a Russian military convoy on its way to shoot down Malaysia Airlines flight 17 on July 17, 2014. At least, that’s the theory. Toler just has to prove it. To the untrained eye, the video is awfully dull. Learn about your ad choices: dovetail.prx.org/ad-choices

At the endless booths of this week's RSA security trade show in San Francisco, an overflowing industry of vendors will offer any visitor an ad nauseam array of "threat intelligence" and "vulnerability management" systems. But it turns out that there's already a decent, free feed of vulnerability information that can tell systems administrators what bugs they really need to patch, updated 24/7: Twitter. Learn about your ad choices: dovetail.prx.org/ad-choices

By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters. But increased awareness hasn't slowed the problem. In fact, it's only grown bigger—and more confounding. Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes-worth of detailed, plaintext marketing data—including 763 million unique email addresses. Learn about your ad choices: dovetail.prx.org/ad-choices

Yesterday afternoon, Mark Zuckerberg presented an entirely new philosophy. For 15 years, the stated goal of Facebook has been to make the world more open and connected; the unstated goal was constructing a targeted advertising system built on nearly infinite data. Yesterday, though, Zuckerberg pronounced that the company was reversing course. Learn about your ad choices: dovetail.prx.org/ad-choices

It's a familiar playbook for Google and Alphabet: Offer high-quality products like Gmail or Chrome, build a massive user base, and then capitalize on that reach to paternalistically promote safer practices across the tech industry. So far, this strategy has generally proved to be extremely effective. Now Chronicle, a company born last year out of X, Alphabet's "moonshot factory," is going to try it for defending corporate networks. On Monday, Chronicle announced its first product: Backstory. Learn about your ad choices: dovetail.prx.org/ad-choices