Security, Spoken

The Google Pixel 3 has all the betterments you would expect from a flashy flagship smartphone: great camera, zippy processor, smarter AI. It also, though, comes with an unexpected bonus, one that works so deeply in the background you’ll likely never even know it’s there. The Titan M chip may be small and discreet, but it helps make the Pixel 3 and its beefier sibling, the Pixel 3 XL, among the most secure smartphones you can buy. Learn about your ad choices: dovetail.prx.org/ad-choices

When Facebook announced at the end of September that it had suffered a data breach that ultimately affected 30 million accounts, it seemed, perhaps, like the work of sophisticated nation state hackers. But a new report from The Wall Street Journal suggests spammers as the culprit instead. That shouldn't make you feel that much better, though, given just how much damage criminals can do with the kind of information stolen from Facebook. It was, after all, a lot. Learn about your ad choices: dovetail.prx.org/ad-choices

In 2013, cybersecurity firm Mandiant published a blockbuster report on a state-sponsored hacking team known as APT1, or Comment Crew. The Chinese group achieved instant infamy, tied to the successful hacks of more than 100 US companies and the exfiltration of hundreds of terabytes of data. They also vanished in the wake of being exposed. Now, years later, researchers from security firm McAfee say they’ve found code based on APT1–associated malware cropping up in a new set of attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

One nice thing about using web-based services is that you rarely need to take charge. You just sign up for an account, and instantly access your data from anywhere on any device without having to know how the internet works, much less how to configure a server. But that lack of control over the process is also, increasingly, the problem. Companies hold your data on their servers, which means it could get used in ways you—and sometimes even they—don't realize. Learn about your ad choices: dovetail.prx.org/ad-choices

After two weeks of investigation, Facebook announced additional details on Friday of how attackers carried out a massive breach of the social network that compromised accounts for tens of millions of users. The company downgraded its estimate of how many users had their access tokens stolen from an original estimate of at least 50 million to 30 million—and shed new light on exactly how an attack of this magnitude happened in the first place. Learn about your ad choices: dovetail.prx.org/ad-choices

When you give an organization your data, and then that data gets exposed or stolen, you probably want to know about it. Seems simple enough. If a friend lost your sweater, you'd expect him to tell you. But a seemingly endless parade of massive data exposures—including, most recently, at Facebook and Google—reveal just how complicated that practice of disclosure can be. Learn about your ad choices: dovetail.prx.org/ad-choices

With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff. Graff, a historian and journalist, wrote the book on Robert Mueller (literally), has interviewed him probably more than any other journalist, and covers the investigation for WIRED. Learn about your ad choices: dovetail.prx.org/ad-choices

The good news: A recent scourge of fake Adobe installers really does update you to the latest version of Flash. The bad news: It places cryptomining malware on your machine in the meantime. The Hack Researchers at Palo Alto Networks this week warned of the latest evolution in both cryptojacking and fake Flash updates, two popular forms of cyber malfeasance united in one unpleasant parcel. Learn about your ad choices: dovetail.prx.org/ad-choices

At the end of last month, Facebook made a bombshell disclosure: As many as 90 million of its users may have had their so-called access tokens—which keep you logged into your account, so you don't have to sign in every time—stolen by hackers. Friday, the company put the actual number at 30 million. Here's how to see if you were one of them, and if so, what the hackers got from your account. Learn about your ad choices: dovetail.prx.org/ad-choices

For years, the Kremlin's increasingly aggressive hackers have reached across the globe to hit targets with everything from simple phishing schemes to worms built from leaked NSA zero day vulnerabilities. Now, law enforcement agencies in the US and Europe have detailed another, far more hands-on tactic: Snooping on Wi-Fi from a vehicle parked a few feet away from a target office—or even from a laptop inside their hotel. Learn about your ad choices: dovetail.prx.org/ad-choices

The first step in solving any problem is admitting there is one. But a new report from the US Government Accountability Office finds that the Department of Defense remains in denial about cybersecurity threats to its weapons systems. Specifically, the report concludes that almost all weapons that the DoD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. Learn about your ad choices: dovetail.prx.org/ad-choices

Cybersecurity researchers regularly disclose the bugs they find in different applications and websites across the internet. Sometimes, these vulnerabilities are incredibly complicated to exploit, evidence more of a researcher's expertise than something the average consumer should worry about. In other scenarios, analysts find simple holes that a novice could use to steal information. This is a case of the latter. Learn about your ad choices: dovetail.prx.org/ad-choices

A major report from Bloomberg on Thursday describes an infiltration of the hardware supply chain, allegedly orchestrated by the Chinese military, that reaches an unprecedented geopolitical scope and scale—and may be a manifestation of the tech industry's worst fears. If the details are correct, it could be a nearly impossible mess to clean up. "This is a scary-big deal," says Nicholas Weaver, a security researcher at the University of California at Berkeley. Learn about your ad choices: dovetail.prx.org/ad-choices

Google announced on Monday that it is shuttering its Google+ social network, following revelations in a Wall Street Journal report that the company did not disclose a recently discovered bug that had exposed data from up to 500,000 Google+ users users since 2015. In the same breath, the company introduced new tools to give users more control over the data they share with apps and services that connect to Google products. Learn about your ad choices: dovetail.prx.org/ad-choices

Donald Trump plans to text you Wednesday, whether you want him to or not. The first nationwide test of the government’s Presidential Alert system will unfold at 2:18 pm ET, when every cell phone user in the United States will receive a text message from FEMA saying, “THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed. Learn about your ad choices: dovetail.prx.org/ad-choices

Near the end of September, before the United Nations, President Donald Trump leveled an extraordinary charge: China was attempting to “meddle” and “interfere” in the upcoming US election. A senior intelligence official repeated the claim on a subsequent call with reporters. Learn about your ad choices: dovetail.prx.org/ad-choices

The sales intelligence firm Apollo sent a notice to its customers last week disclosing a data breach it suffered over the summer. "On discovery, we took immediate steps to remediate our systems and confirmed the issue could not lead to any future unauthorized access," cofounder and CEO Tim Zheng wrote. "We can appreciate that this situation may cause you concern and frustration." In fact, the scale and scope of the breach has a lot of people concerned. Learn about your ad choices: dovetail.prx.org/ad-choices

You lock your phone so other people can't access it. But how you lock your phone is an important factor in whether law enforcement can compel you to unlock it. Apple's year-old Face ID system is no exception. On Sunday, Forbes reported the first known example of law enforcement anywhere using a suspect's face to unlock a phone during an investigation. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook has received ample blame for the historic data breach that allowed hackers to not only take over the accounts of at least 50 million users, but also access third-party websites those users logged into with Facebook. But what makes it so much worse is that fixing the issue is, in many ways, out of Facebook's hands. Learn about your ad choices: dovetail.prx.org/ad-choices

Malware on Apple's MacBook and iMac lines is more prevalent than some users realize; it can even hide in Apple's curated Mac App Store. But the relatively strong defenses of macOS make it challenging for malware authors to persist long-term on Apple computers, even if they can get an initial foothold. Additionally, the avenues available for lurking on macOS are so well known at this point that technicians and malware scanners can flag them quickly. That's why more subtle approaches are significant. Learn about your ad choices: dovetail.prx.org/ad-choices

At 2:18 PM ET today, millions of people in America will get a text message that reads, "Presidential Alert.” The text is a test of FEMA’s Wireless Emergency Alerts System. If you click on the text, you’ll see the words: “THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.” As we reported, this test is the evolution of long-standing national effort to create the perfect doomsday alert system. Some people, however, want to opt out. Learn about your ad choices: dovetail.prx.org/ad-choices

Thanks to a push over the last few years, led by Google and others, encrypted HTTPS connections protect more data than ever as it passes between web servers and browsers. But another fundamental component of web browsing too often remains unencrypted: the Domain Name System connections that act as the address lookups of the internet. In Android 9, also known as Android Pie, Google has added a feature called Private DNS to start encrypting DNS on mobile. Learn about your ad choices: dovetail.prx.org/ad-choices

Cloud services host vast quantities of valuable information, making them perpetually attractive targets for hackers. Attackers regularly develop new and clever ways to access cloud accounts—or find ones that have been left exposed—and exfiltrate data. Those in charge of protecting cloud accounts have their own methods of shoring up defenses and securing account perimeters. Learn about your ad choices: dovetail.prx.org/ad-choices

As the controversy surrounding the Supreme Court confirmation for Judge Brett Kavanaugh escalates, the online conversation around it has started to feel less like a debate and more like a war. That’s because it is one. WIRED OPINION ABOUT P.W. Singer and Emerson T. Brooking are the authors of LikeWar: The Weaponization of Social Media, out Oct 2, 2018. It's been more than three decades since the alleged sexual assaults. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook’s privacy problems severely escalated Friday when the social network disclosed that an unprecedented security issue, discovered September 25, impacted almost 50 million user accounts. Unlike the Cambridge Analytica scandal, in which a third-party company erroneously accessed data that a then-legitimate quiz app had siphoned up, this vulnerability allowed attackers to directly take over user accounts. The bugs that enabled the attack have since been patched, according to Facebook. Learn about your ad choices: dovetail.prx.org/ad-choices

On Friday, Facebook revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook. If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook. That's a lot of them. Learn about your ad choices: dovetail.prx.org/ad-choices

While Russian interference operations in the 2016 US presidential elections focused on misinformation and targeted hacking, officials have scrambled ever since to shore up the nation's vulnerable election infrastructure. New research, though, shows they haven't done nearly enough, particularly when it comes to voting machines. The report details vulnerabilities in seven models of voting machines and vote counters, found during the DefCon security conference's Voting Village event. Learn about your ad choices: dovetail.prx.org/ad-choices

The Fancy Bear hacking group has plenty of tools at its disposal, as evidenced by its attacks against the Democratic National Committee, the Pyeongchang Olympics, and plenty more. But cybersecurity firm ESET appears to have caught the elite Russian team using a technique so advanced, it hadn’t ever been seen in the wild until now. Learn about your ad choices: dovetail.prx.org/ad-choices

When an app wants to access data from your smartphone's motion or light sensors, iOS and Android require them to get your permission first. That keeps a fitness app, say, from counting your steps without your knowledge. But a team of researchers has discovered that those rules don't apply to websites loaded in mobile browsers, which can often often access an array of device sensors without any notifications or permissions whatsoever. Learn about your ad choices: dovetail.prx.org/ad-choices

For over half a decade, Cody Wilson has been a unique thorn in the side of anyone who advocates even the most minimal form of gun control. More than any person else on the planet, the creator of the world's first 3-D printed gun has advanced the dangerous idea that with digital DIY tools, anyone can make a deadly weapon at home. Learn about your ad choices: dovetail.prx.org/ad-choices

What was already setting up to be one of the biggest, most consequential weeks of Trump’s presidency—as the commander-in-chief, in New York, chaired a meeting of the United Nations and, in Washington, the city braced for a showdown over Supreme Court nominee Brett Kavanaugh—saw the stakes appear to rise to historic levels by noon Monday, as news outlets raced to report the long anticipated denouement of deputy attorney general Rod Rosenstein. It was not to be. Learn about your ad choices: dovetail.prx.org/ad-choices

Though Chrome launched in 2008 as a scrappy upstart, it has for years been the dominant web browser, with over 60 percent market share on both desktop and mobile. So when Chrome adjusts its features or policies, it impacts a huge chunk of people worldwide. And a recent change to how Chrome treats logins has shown how poorly those alterations can go over. Learn about your ad choices: dovetail.prx.org/ad-choices

By now it's hopefully been drilled into you to enable two-factor authentication on your online accounts, giving you more protection than a password alone. And while the most ubiquitous second factor is a numeric code sent to your smartphone via an app, physical tokens that you plug into your computer have become increasingly popular. And now they're angling to make passwords obsolete. Learn about your ad choices: dovetail.prx.org/ad-choices

Cryptography schemes are complicated to understand and implement. A lot of things can go wrong. But when it comes to web encryption, a surprising number errors actually stem from a straightforward and seemingly basic mechanism: timekeeping. Synced clocks in operating systems may make digital timekeeping look easy, but it takes a lot of work behind the scenes, and doesn't always solve problems online. Learn about your ad choices: dovetail.prx.org/ad-choices

Blockchain phones are coming, that much is certain. The Sirin Labs Finney and the HTC Exodus are both expected by the end of the year, each with its own, sometimes vaguely defined sense of what exactly that term means. HTC’s Phil Chen, who spearheaded Exodus development, has at least started to fill in the blanks of how the Exodus will pull off its most important trick: keeping your cryptocurrency safe. The Exodus has loftier ambitions than mere storage, of course. Learn about your ad choices: dovetail.prx.org/ad-choices

The fight for our right to repair the stuff we own has suffered a huge setback. As anyone who repairs electronics knows, keeping a device in working order often means fixing both its hardware and software. But a big California farmers’ lobbying group just blithely signed away farmers’ right to access or modify the source code of any farm equipment software. As an organization representing 2. Learn about your ad choices: dovetail.prx.org/ad-choices

On Monday evening, the White House released an order instructing the Department of Justice and the Office of the Director of National Intelligence to declassify excerpts from an array of documents related to special counsel Robert Mueller's investigation into Russian interference. He has every legal right to do so. But national security analysts and former intelligence officials say that such a demand isn't just largely unprecedented; it's potentially dangerous. Learn about your ad choices: dovetail.prx.org/ad-choices

The three college-age defendants behind the creation of the Mirai botnet—an online tool that wreaked destruction across the internet in the fall of 2016 with unprecedentedly powerful distributed denial of service attacks—will stand in an Alaska courtroom Tuesday and ask for a novel ruling from a federal judge: They hope to be sentenced to work for the FBI. Learn about your ad choices: dovetail.prx.org/ad-choices

WIRED ICON Edward Snowden, NSA whistle-blower NOMINATES Malkia Cyril, Founder of the Center for Media Justice, cofounder of Media Action Grassroots Network October 2018. Subscribe to WIRED.Plunkett + Kuhr DesignersPeople generally associate the word radical with extreme. But I prefer to think of the word in reference to its Latin origin:radix, the root of the issue. My friend Malkia Cyril is a radical in the truest sense of the word. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook was a relatively early proponent of so-called bug bounties, paying out more than $6 million to security researchers who have spotted vulnerabilities in its platform since its program launched in 2011. But as the social network has faced a series of high profile and impactful controversies, its bug bounty increasingly doubles as an opportunity for Facebook to demonstrate maturation. That trend continues Monday, with the company's latest expansion. Learn about your ad choices: dovetail.prx.org/ad-choices

If you want to secure the data on your computer, one of the most important steps you can take is encrypting its hard drive. That way, if your laptop gets lost or stolen—or someone can get to it when you're not around—everything remains protected and inaccessible. But researchers at the security firm F-Secure have uncovered an attack that uses a decade-old technique, which defenders thought they had stymied, to expose those encryption keys, allowing a hacker to decrypt your data. Learn about your ad choices: dovetail.prx.org/ad-choices

The arc of innovation has reached aninflectionpoint: technological change now threatens to overwhelm us. Discovery is unstoppable, but it must be shaped for good. We ourselves—not just market forces—must manage it. WIRED OPINION ABOUT Ash Carter, former US Secretary of Defense, is the Director of Harvard Kennedy School’s Belfer Center for Science and International Affairs and its project on Technology and Public Purpose. He is also an Innovation Fellow at MIT. Learn about your ad choices: dovetail.prx.org/ad-choices

On Wednesday, President Donald Trump signed an executive order that would automatically impose sanctions against any person or group attempting to interfere in United States elections. "The proliferation of digital devices and internet-based communications has created significant vulnerabilities and magnified the scope and intensity of the threat of foreign interference [to elections]," Trump writes in the order. "I hereby declare a national emergency to deal with this threat. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday, Arizona's governor appointed former Republican senator Jon Kyl to fill the US Senate seat vacated by the late John McCain. The appointment could spell even more government scrutiny for tech giants like Facebook and Google—even though Kyl has only committed to serving until the start of the next Congressional session in January, though he may stay through 2020. Learn about your ad choices: dovetail.prx.org/ad-choices

On Friday, British Airways disclosed a data breach impacting customer information from roughly 380,000 booking transactions made between August 21 and September 5 of this year. The company said that names, addresses, email addresses, and sensitive payment card details were all compromised. Now, researchers from the threat detection firm RiskIQ have shed new light on how the attackers pulled off the heist. Learn about your ad choices: dovetail.prx.org/ad-choices

Apple prides itself on prioritizing user security and privacy. It counts the iOS and Mac App Stores, where customers can download an array of trusted, vetted software, as cornerstones of that initiative. But while the approach does minimize situations where users get tricked into downloading something nasty on the open web, malware inevitably slips through. In this case, that appears to include one of the most popular offerings in the Mac App Store. Learn about your ad choices: dovetail.prx.org/ad-choices

It's an unfortunate fact that the pricey pocket computers we carry around with us at all times are prime targets for thieves—as well as very easy to leave behind in subway cars or on coffee shop tables. Now that we all rely on our smartphones for so much, having one stolen or misplaced can feel like the end of the world. But it doesn't have to be, not quite. Here are the preparations you can take before the worst happens, and what to do if it does. Learn about your ad choices: dovetail.prx.org/ad-choices

A screenshot of the suspicious text message began making the rounds on social media Wednesday. "Hi, it's Patsy here w/Beto for Texas. Our records indicate that you're a supporter," the text message read, purportedly coming from a volunteer for Texas Senate hopeful Beto O'Rourke's campaign. "We are in search of volunteers to help transport undocumented immigrants to polling booths so that they will be able to vote. Learn about your ad choices: dovetail.prx.org/ad-choices

Professional tragedy troll Alex Jones went to Washington Wednesday to claw back the attention he's lost since Facebook, Apple, YouTube, Spotify, and other tech giants booted him from their services last month. Learn about your ad choices: dovetail.prx.org/ad-choices

On the Monday morning before the Thanksgiving holiday in 2014, employees at the Culver City headquarters of Sony Pictures Entertainment found their computer screens taken over by an image of a red skeleton, and a message: “We’ve already warned you, and this is just a beginning. Learn about your ad choices: dovetail.prx.org/ad-choices