Security, Spoken

Daniel Crowley has a long list of software platforms, computers, and Internet of Things devices that he suspects he could hack. As research director of IBM’s offensive security group X-Force Red, Crawley’s job is to follow his intuition about where digital security risks and threats may be lurking, and expose them so they can be fixed. But so many types of computing devices are vulnerable in so many ways, he can’t chase down every lead himself. Learn about your ad choices: dovetail.prx.org/ad-choices

The National Security Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn't leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency chose for the first time demonstrated Ghidra, a refined internal tool that it has chosen to open source. Learn about your ad choices: dovetail.prx.org/ad-choices

When Google's team of ninja bug-hunting researchers known as Project Zero finds a hackable flaw in somebody else's code, they give the company responsible 90 days to fix it before going public with their findings—patched or not. Learn about your ad choices: dovetail.prx.org/ad-choices

The 2018 midterm elections were hardly a glowing reflection on the state of America’s voting technology. Even after Congress set aside millions of dollars for state election infrastructure last year, voters across the country still waited in hours-long lines to cast their ballots on their precincts’ finicky, outdated voting machines. Learn about your ad choices: dovetail.prx.org/ad-choices

Will Roper, assistant secretary of the Air Force for acquisition, technology and logistics, is something like Q for the Defense Department. He formerly ran the Strategic Capabilities Office, a secretive military skunkworks designed to figure out how to fight future wars. While there, he helped design swarms of tiny unmanned drones; he helped create Project Maven; and he tried to partner the Defense Department with the videogame industry. Learn about your ad choices: dovetail.prx.org/ad-choices

When the lip-syncing app Musical.ly first exploded in popularity nearly four years ago, it was best-known for being a teen sensation. But according to the Federal Trade Commission, the app also illegally collected information from children under the age of 13. The agency announced Wednesday that Musical.ly, now known as TikTok, has agreed to pay a $5. Learn about your ad choices: dovetail.prx.org/ad-choices

The bombshells and not-so-surprising surprises, both legal and those just plain embarrassing, come on almost every page of Michael Cohen’s 20 pages of prepared testimony for the House Oversight and Reform Committee. Learn about your ad choices: dovetail.prx.org/ad-choices

A much-touted two-day summit between Donald Trump and North Korean leader Kim Jong-Un failed to reach the finish line Thursday, as talks collapsed and Trump returned to Washington, DC. It’s unclear exactly what unraveled the process; Trump says Kim asked for the lifting of all economic sanctions in exchange for closing the Yongbyon Nuclear Scientific Research Complex, while North Korea reportedly says it had asked for relief on some, but not all. Learn about your ad choices: dovetail.prx.org/ad-choices

Like many reporters and editors in DC or New York, I have been yelled at by Michael Cohen. It's been almost a rite of passage for anyone writing about Donald Trump over the past decade. There was no bone too small for his long-time lawyer and fixer to pick when it came to published criticisms of the real estate developer. My turn came in June 2012, when he called to yell at me over an item the magazine I then edited had written about Trump's forthcoming hotel on Pennsylvania Avenue. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the past 18 months, revelations about wireless carriers selling smartphone location data to third parties have forced telecoms to promise reform. Worryingly, but perhaps not surprisingly, these user protections have been slow to actually materialize. Even if carriers shape up, though, an attacker can still track a smartphone's location and snoop on phone calls thanks to newly discovered flaws in 4G and even 5G protocols. Learn about your ad choices: dovetail.prx.org/ad-choices

The security world's paranoiacs have long cautioned that if a computer falls into a stranger's hands, it shouldn't be trusted again. Now one company's researchers have demonstrated how, in some cases, that maxim applies just as strongly to a class of machine that never touches your hands in the first place: cloud servers. Learn about your ad choices: dovetail.prx.org/ad-choices

The breaking news hit a snowy Washington on Wednesday: Newly installed attorney general William Barr appears to be preparing to announce the end of special counsel Robert Mueller’s Russia investigation. Learn about your ad choices: dovetail.prx.org/ad-choices

The phony Facebook pages looked just like the real thing. They were designed to mimic pages that service members use to connect. One appeared to be geared toward a large-scale, military exercise in Europe and was populated by a handful of accounts that appeared to be real service members. In reality, both the pages and the accounts were created and operated by researchers at NATO’s Strategic Communications Center of Excellence, a research group that's affiliated with NATO. Learn about your ad choices: dovetail.prx.org/ad-choices

The Mueller investigation has lasted so long, it's easy to forget that it'll end at some point. In fact, according to recent reports, it may wrap up as early as next week. But what does that mean exactly? We took a look at seven distinct possibilities, from fizzle to fireworks. As though the border wall "national emergency" wasn't enough to worry about. Learn about your ad choices: dovetail.prx.org/ad-choices

If New Yorker writer George Packer hadn’t already taken the title, former acting FBI director Andrew McCabe’s new book might be best titled The Unwinding. Learn about your ad choices: dovetail.prx.org/ad-choices

After years of promises about a physical wall stretching along the United States-Mexico border, president Donald Trump declared a state of emergency last week in an attempt to secure wall funding in spite of Congressional opposition. But physical barriers alone have always been both ineffective and expensive. Learn about your ad choices: dovetail.prx.org/ad-choices

Ten years ago, Roman Dobrokhotov sat down in the front row of a Kremlin auditorium, surrounded by a polite audience of journalists and dignitaries attending a speech by Russia’s then-president Dmitri Medvedev. Medvedev was only a few minutes into his address on the importance of the country's constitution—which he had just amended to allow Vladimir Putin to serve as president again—when Dobrokhotov stood up, turned around, and addressed the audience himself. Learn about your ad choices: dovetail.prx.org/ad-choices

On Wednesday, Facebook introduced a new privacy setting for Android users. Previously, if you had Location History turned on, the app could track you in the background. In other words, even if you didn’t have the app open, it knew where you were. Now, you can stop it from doing so. And you should. Learn about your ad choices: dovetail.prx.org/ad-choices

You may have noticed this happening more and more lately: Online accounts get taken over in droves, but the companies insist that their systems haven't been compromised. It's maddening, but in many cases, technically they're right. The real culprit is a hacker technique known as "credential stuffing." The strategy is pretty straightforward. Learn about your ad choices: dovetail.prx.org/ad-choices

The US government averted another shutdown when Donald Trump instead opted to declare a national emergency to fund his border wall dreams—a wall which raises huge privacy and security concerns and will cause more problems than it solves. As the country digested the national emergency, cybersecurity workers were still scrambling to clean up the security nightmare wrought by the longest shutdown in history. Learn about your ad choices: dovetail.prx.org/ad-choices

In the handwringing post mortem after a hacker breach, the first point of intrusion usually takes the focus: The phishing email that Clinton campaign manager John Podesta's aide accidentally flagged as legit, or the Apache Struts vulnerability that let hackers get access to an Equifax server. Learn about your ad choices: dovetail.prx.org/ad-choices

Dating is hard enough without the added stress of worrying about your digital safety online. But social media and dating apps are pretty inevitably involved in romance these days—which makes it a shame that so many of them have had security lapses in such a short amount of time. Learn about your ad choices: dovetail.prx.org/ad-choices

In the summer of 2006, Fidel Castro unexpectedly announced that he was temporarily handing over power to his brother. Turns out he needed to undergo intestinal surgery. Afterward, an anchor on state-run television read a statement, said to have been written by Castro, attesting that all was well. But there were no photographs of Fidel in recovery, no nine-hour radio address from his hospital bed. Rumors flew that the longtime Cuban leader had died. Learn about your ad choices: dovetail.prx.org/ad-choices

Toward the end of a White House press conference Friday morning, during which President Donald Trump declared a national emergency in order to secure up to $8 billion in funding for a border wall, White House reporter Brian Karem stood to ask the president a single question: “What do you base your facts on?” It was the most clarifying question in an hour-long display that at times felt as hard to grasp as a slinky. Learn about your ad choices: dovetail.prx.org/ad-choices

After weeks—years, really, but lately more urgent—of debate over the Trump administration's proposed wall at the US-Mexico border, Congress will vote on a spending bill Thursday that includes $1.375 billion for 55 miles of border fence construction. President Donald Trump has long sought $5.7 billion for a more comprehensive concrete or steel structure spanning the 2,000 mile border, but has not managed to garner much political support. Rightly. Learn about your ad choices: dovetail.prx.org/ad-choices

Happy Valentine’s Day! Since it’s 2019, you and a partner could celebrate by installing an app on your phone that lets you control a vibrator your partner discreetly wears in their underwear all day. Learn about your ad choices: dovetail.prx.org/ad-choices

Two weeks out from the longest government shutdown in United States history—and with the possibility of another still looming—government employees are still scrambling to mitigate impacts on federal cybersecurity defenses. And the stakes are high. Furloughed cybersecurity employees returned to expired software licenses and web encryption certificates, colleagues burned out from working on skeleton crews, and weeks-worth of unanalyzed network activity logs. Learn about your ad choices: dovetail.prx.org/ad-choices

Despite concerted efforts by tech giants to cut back on abhorrent behavior on their platforms, a new survey finds that severe forms of online hate and harassment, including stalking and physical threats, may be on the rise. According to the survey, released Wednesday by the Anti-Defamation League, more than one third of Americans reported experiencing some type of severe online hate or harassment in 2018. Learn about your ad choices: dovetail.prx.org/ad-choices

The world’s internet infrastructure has no central authority. To keep it working, everyone needs to rely on everyone else. As a result, the global patchwork of undersea cables, satellites, and other technologies that connect the world often ignores the national borders on a map. To stay online, many countries must rely on equipment outside their own confines and control. Learn about your ad choices: dovetail.prx.org/ad-choices

The fleets of electric scooters that have inundated cities are alarming enough as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi’s popular M365 scooter model has a worrying bug. The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking. Learn about your ad choices: dovetail.prx.org/ad-choices

Three of the Senate’s biggest privacy advocates are sending letters to Facebook, Google, and Apple executives Thursday, following a recent TechCrunch report that Facebook used an iOS and Android app to monitor the phones of users as young as 13 years old. The app, called Research and sometimes referred to as Project Atlas, gave Facebook complete visibility into users' app activity, web searches, encrypted data, and even private messages. Learn about your ad choices: dovetail.prx.org/ad-choices

It's frankly hard, at the end of this long week, to devote much mental energy to any news that's not Jeff Bezos going to war with the National Enquirer, but stay with us! There's a lot going on—including some intriguing developments in special counsel Robert Mueller's probe. Before we get too far into it, though, please take a moment to update to iOS 12.1.4, which fixes that very bad FaceTime group chat bug and a few more previously undisclosed vulnerabilities as well. Learn about your ad choices: dovetail.prx.org/ad-choices

One of the easiest ways to protect your privacy and security on a smartphone is set a passcode or biometric lock to enable disk encryption. That way if your phone gets lost or stolen, no one can take data off the device in a readable form. But not all smartphones—and tablets, and smartwatches, and so on—offer that protection. They don’t have the processing power to deal with resource-intensive encryption. Learn about your ad choices: dovetail.prx.org/ad-choices

Since the world learned of state-sponsored campaigns to spread disinformation on social media and sway the 2016 election, Twitter has scrambled to rein in the bots and trolls polluting its platform. But when it comes to the larger problem of automated accounts on Twitter designed to spread spam and scams, inflate follower counts, and game trending topics, one study argues that the company still isn’t keeping up with the deluge of garbage and abuse. Learn about your ad choices: dovetail.prx.org/ad-choices

On a frigid morning in Washington, DC, last week, four staffers from the United States Census Bureau stood shoulder to shoulder on a stage, smiling widely as they soaked in the whoops, whistles, and eager applause from the crowd seated before them. The Esri Federal GIS Conference, an annual event where government employees gather to talk about mapping technology, isn’t exactly what you’d call a rowdy affair. Learn about your ad choices: dovetail.prx.org/ad-choices

Data breaches that compromise people's usernames and passwords have become so common, and used in crime for so long, that millions of stolen credential pairs have actually become practically worthless to criminals, circulating online for free. And that doesn't even begin to scratch the surface of the more current credentials sold on the black market. All of this means that it's increasingly difficult to keep track of which of your passwords you need to change. Learn about your ad choices: dovetail.prx.org/ad-choices

As happens infrequently—but definitely not never—Apple wrestled with an embarrassing and problematic security bug this week in its iOS FaceTime group calling feature. The flaw was bad enough that Apple took the drastic step of pulling group FaceTime functionality altogether. A full fix will come next week. Learn about your ad choices: dovetail.prx.org/ad-choices

When hackers breached companies like Dropbox and LinkedIn in recent years—stealing 71 and 117 million passwords, respectively—they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2. Learn about your ad choices: dovetail.prx.org/ad-choices

For the past three years, Facebook has paid consumers as young as 13 to download a “Facebook Research” application that gives the company wide-ranging access to their mobile devices, according to a TechCrunch investigation published Tuesday. In order to allow people with iPhones to participate, Facebook sidestepped the strict privacy rules imposed by Apple in its App Store by taking advantage of a business applications program designed for internal company use. Learn about your ad choices: dovetail.prx.org/ad-choices

For years, critics have taken aim at Facebook's privacy missteps, from the Cambridge Analytica scandal to this week's revelation that Facebook has paid people—including minors—to let it spy on all of their online activity, potentially even including their encrypted private messages. Which makes it a potentially very big deal that over the last several weeks, the company has quietly hired three prominent privacy advocates, all outspoken critics, ostensibly to help right the ship. Learn about your ad choices: dovetail.prx.org/ad-choices

At its annual worldwide threat assessment hearing on Tuesday, top national security officials gave the Senate Intelligence Committee a rundown from top intelligence officials of the dangers the United States will face in 2019 and beyond. The adversaries were familiar, with China, Russia, North Korea, and Iran mentioned alongside evolving situations like Brexit and the power struggle in Venezuela. Learn about your ad choices: dovetail.prx.org/ad-choices

In September, members of Google's Chrome security team put forth a radical proposal: Kill off URLs as we know them. The researchers aren't actually advocating a change to the web's underlying infrastructure. They do, though, want to rework how browsers convey what website you're looking at, so that you don't have to contend with increasingly long and unintelligible URLs—and the fraud that has sprung up around them. Learn about your ad choices: dovetail.prx.org/ad-choices

It’s often hard to tell just how seriously to take reports of a new vulnerability. The jargon is inscrutable, and the skills needed to pull off the attacks are possessed only by highly skilled professionals. But a bug afflicting Apple’s FaceTime chat has no such ambiguity. How bad is it? Rather than risk exposing people to it, Apple pulled the plug on FaceTime group chats altogether. Learn about your ad choices: dovetail.prx.org/ad-choices

Technology has never limited its effects to those its creators intended: It disrupts, reshapes, and backfires. And even as innovation's unintended consequences have accelerated in the 21st century, tech firms have often relegated the thinking about its second-order effects to science fiction and the occasional embarrassing congressional hearing, scrambling to prevent unexpected abuses only after the harm is done. Learn about your ad choices: dovetail.prx.org/ad-choices

In an effort led by CEO Mark Zuckerberg, Facebook has plans to rearchitect WhatsApp, Instagram direct messages, and Facebook Messenger so that messages can travel across any of the platforms. The New York Times first reported the move Friday, noting also that Zuckerberg wants the initiative to "incorporate end-to-end encryption. Learn about your ad choices: dovetail.prx.org/ad-choices

Close observers of Robert Mueller’s investigation of possible collusion between Donald Trump’s 2016 presidential campaign and Russia have long wondered when, exactly, Roger Stone would be indicted. The answer came Friday, when FBI agents arrested Trump’s longtime friend and advisor on seven counts, including obstruction, making false statements, and witness tampering. Garrett Graff breaks down the four key takeaways from the 24-page indictment. Learn about your ad choices: dovetail.prx.org/ad-choices

Roger Stone’s pre-dawn arrest in Florida Friday, a raid executed by FBI agents working without salary during the government shutdown, had long seemed a matter of when, not if. Special counsel Robert Mueller has been deeply interested in Stone for months, and at least nine of the political operative’s associates have appeared before Mueller’s grand jury, including talk radio host Randy Credico and conspiracy theorist Jerome Corsi. Learn about your ad choices: dovetail.prx.org/ad-choices

It’s 8 on a Wednesday morning in January, and David Carroll’s Brooklyn apartment, a sunny, wood-beamed beauty converted from an old sandpaper factory, is buzzing. His 10-year-old daughter, dressed in polka-dot pants, dips out the front door and off to school, Jansport backpack slung over her shoulders. His 5-year-old son darts into the living room in a luchador mask he picked up on the family’s holiday trip to Mexico. (His wrestling name, he tells me, is Diablo. Learn about your ad choices: dovetail.prx.org/ad-choices

Each January, the Bulletin of the Atomic Scientists greets the new year with a readout of its Doomsday Clock, an allegorical timepiece created in 1947 to illustrate our species’ proximity to the apocalypse. The announcement of the time—with human civilization in its eleventh hour—tends to arrive amid considerable fanfare, especially in these tempestuous times. WIRED OPINION ABOUT Kyle L. Learn about your ad choices: dovetail.prx.org/ad-choices

Dozens of Nest camera owners this week heard a disembodied voice insist that they subscribe to PewDiePie's YouTube channel. On Sunday, a voice emanating from a Nest security camera told a family of three that North Korean missiles were en route to Ohio, Chicago, and Los Angeles. In December, a couple was startled out of bed when they heard sexual expletives coming from their baby's room over a monitor. Learn about your ad choices: dovetail.prx.org/ad-choices