Security, Spoken

One of the most basic premises of computer security is isolation: If you run somebody else's sketchy code as an untrusted process on your machine, you should restrict it to its own tightly sealed playpen. Otherwise, it might peer into other processes, or snoop around the computer as a whole. Learn about your ad choices: dovetail.prx.org/ad-choices

When you have tons of leftovers you put them in Tupperware. When you have an excess of phone calls, you send them to voicemail. And when you have a deluge of junk from a botnet attacking your network, you put all that malicious traffic into a sinkhole. Sinkholing is a technique for manipulating data flow in a network; you redirect traffic from its intended destination to the server of your choosing. Learn about your ad choices: dovetail.prx.org/ad-choices

2017 was bananas in lots of ways, and cybersecurity was no exception. Whether critical infrastructure attacks or insecure databases, hacks, breaches, and leaks of unprecedented scale impacted institutions around the world—along with the billions of people who trust them with their data. This list includes incidents disclosed in 2017, but note that some took place earlier. Learn about your ad choices: dovetail.prx.org/ad-choices

Think of a country that stifles internet freedom. You might first jump to the oppressive regimes of North Korea, China, or Cuba, where internet access is either forbidden or radically restricted. But in fact, according to a recent study by the non-profit Freedom House, the principles of internet freedom are under attack worldwide—including in the United States. And it's only getting worse. Overt government restrictions, after all, aren't the only way to impede internet freedom. Learn about your ad choices: dovetail.prx.org/ad-choices

Back in July, WIRED security writer Lily Hay Newman assessed the year in hacks and breaches and found, "the first six months of 2017 have seen an inordinate number of cybersecurity meltdowns. And they weren't just your standard corporate breaches. It's only July, and already there's been viral, state-sponsored ransomware, leaks of spy tools from US intelligence agencies, and full-on campaign hacking. Learn about your ad choices: dovetail.prx.org/ad-choices

Cryptojacking, which exploded in popularity this fall, has an ostensibly worthy goal: Use an untapped resource to create an alternative revenue stream for games or media sites, and reduce reliance on ads. It works by embedding a JavaScript component in a website that can leverage a visiting device's processing power to mine a cryptocurrency (usually Monero). Each visitor might only do a tiny bit of mining while they're there, every user lending some hash power over time can generate real money. Learn about your ad choices: dovetail.prx.org/ad-choices

Not so long ago, the internet often felt like a fully detached realm of ephemeral fun. Today, we wake up to tweets from a president that seem intended to goad a rogue state into nuclear war. Hackers launch ransomware worms that tear across the globe in a matter of hours, paralyzing massive multinational infrastructure companies. Learn about your ad choices: dovetail.prx.org/ad-choices

Perhaps you've been hearing strange sounds in your home—ghostly creaks and moans, random Rick Astley tunes, Alexa commands issued in someone else's voice. If so, you haven't necessarily lost your mind. Instead, if you own one of a few models of internet-connected speaker and you've been careless with your network settings, you might be one of thousands of people whose Sonos or Bose devices have been left wide open to audio hijacking by hackers around the world. Learn about your ad choices: dovetail.prx.org/ad-choices

In 2013, former National Security Agency contractor Edward Snowden famously brought to light a series of classified US government spying programs. For the first time, the American people learned that the NSA was collecting millions of their phone calls and electronic communications—emails, Facebook messages, texts, browsing histories—all without a warrant. Several of the programs Snowden revealed are authorized under Section 702 of the Foreign Intelligence Surveillance Amendments Act. Learn about your ad choices: dovetail.prx.org/ad-choices

Seven months after the WannaCry ransomware ripped across the internet in one of the most damaging hacking operations of all time, the US government has pinned that digital epidemic on North Korea. And while cybersecurity researchers have suspected North Korea's involvement from the start, the Trump administration intends the official charges to carry new diplomatic weight, showing the world that no one can launch reckless cyberattacks with impunity. Learn about your ad choices: dovetail.prx.org/ad-choices

Happy holidays from your security news friends! As a special gift, we got you this analysis of the Resistance’s tactical shortcomings in The Last Jedi. And so much more! The US this week officially pinned this year’s devastating WannaCry ransomware attack on North Korea, after the security community had largely come to that same conclusion months ago. Learn about your ad choices: dovetail.prx.org/ad-choices

In the early bitcoin years, proponents promised that you would soon be able to pay for anything and everything with cryptocurrency. Order pizza! Buy Etsy trinkets! Use a bitcoin ATM! While PayPal had existed for more than a decade, frictionless, social payment platforms like Venmo were just first taking off, and cryptocurrency seemed like a legitimate way for digital transactions to evolve. It didn't happen. Learn about your ad choices: dovetail.prx.org/ad-choices

Your digital security, any sufficiently paranoid person will remind you, is only as good as your physical security. The world's most sensitive users of technology, like dissidents, activists, or journalists in repressive regimes, have to fear not just hacking and online surveillance, but the reality that police, intelligence agents, or other intruders can simply break into your home, office, or hotel room. Learn about your ad choices: dovetail.prx.org/ad-choices

As a fourth year medical student at Yale, Matthew Erlendson says he had to think long and hard about whether to participate in a recent hackathon at the Department of Health and Human services. The two-day event seemed like an innovative way to confront the opioid crisis, which kills more than 90 people in the US every day. Learn about your ad choices: dovetail.prx.org/ad-choices

Tech giants love to tout how good their computers are at identifying what’s depicted in a photograph. In 2015, deep learning algorithms designed by Google, Microsoft, and China’s Baidu superseded humans at the task, at least initially. This week, Facebook announced that its facial-recognition technology is now smart enough to identify a photo of you, even if you’re not tagged in it. Learn about your ad choices: dovetail.prx.org/ad-choices

For last-minute shoppers, tech toys hold a special appeal. They’re crowdpleasers, and generally available with two-day shipping—or faster—from any number of online retailers. Stapling on internet connectivity also might make these flashy kids gadgets sound all the more appealing; it’s not just a teddy bear, it’s a machine learning teddy bear. On the other hand: don't. Learn about your ad choices: dovetail.prx.org/ad-choices

The biggest story in tech this week—and maybe this year—was net neutrality, which the FCC effectively abolished by rolling back Obama-era rules that prevented the creation of internet “fast lanes.” They did so despite overwhelming evidence that the mandatory public comment period was overrun with bots, form letters, and over maladies. How bad was it? We tracked down all 39 Nicholas Thompsons who commented, and could only confirm that three were humans. Learn about your ad choices: dovetail.prx.org/ad-choices

The International Space Station is one of the few nonstellar things up there that we can see from down here without instruments. It’s a prefab home the size of a football field, 462 tons and more than $100 billion worth of pressurized roomlike modules and gleaming solar arrays, orbiting 250 miles above the surface of the Earth. Its flight path is available online, and you can find out when it will make a nighttime pass over your backyard. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the course of the Star Wars franchise, we’ve been treated to some epic battles: dogfights between X-Wings and TIE fighters at Yavin-4, AT-ATs on the frozen wastes of Hoth, jungle warfare on Endor, and Rogue One’s epic battles on the beaches of Scarif. The Last Jedi offers no shortage of skirmishes, either. Except this time, the Resistance’s consistently bad military tactics finally catch up with it. Learn about your ad choices: dovetail.prx.org/ad-choices

All software has flaws, no matter how carefully you vet it. So the question isn't how to write perfect code, but how to respond to mistakes as you find them. And while Apple has earned a strong reputation for security, a string of significant vulnerabilities in macOS and iOS have strained Apple's safety net—and led some security researchers and developers to question whether the issues are systemic. Take the release of Apple's macOS High Sierra operating system at the end of September. Learn about your ad choices: dovetail.prx.org/ad-choices

The Federal Communications Commissions' public comment period on its plans to repeal net neutrality protections was bombarded with bots, memes, and input from people who don't actually exist. The situation's gotten so bad that FCC Commissioner Jessica Rosenworcel, as well as several members of Congress, including one Republican, have called for the FCC to postpone its December 14 net neutrality vote so that an investigation can take place. The FCC seems unlikely to comply. Learn about your ad choices: dovetail.prx.org/ad-choices

There was a time when high-status people signaled their worth with an ostentatious key fob for an expensive car. Today the keyring of an important person—or at least a paranoid one—might be distinguished by a less obvious marker: a pair of inconspicuous plastic dongles that protect an inbox full of secrets worth keeping. Learn about your ad choices: dovetail.prx.org/ad-choices

Hackers can threaten your smartphone in lots of ways, and if you want (or need) to lock it down completely, ironclad protection gets a little complicated. Fortunately, you can take some quick and easy steps to make big improvements to your mobile security. They don’t eliminate all risk, but they’re a solid baseline for any smartphone owner. Learn about your ad choices: dovetail.prx.org/ad-choices

Any self-respecting paranoiac long ago taped over the webcam on their laptop—and for good measure, the cameras on their smartphone too. But for those truly concerned that their computers have been hacked and turned into spy tools, the microphones on those devices represent just as much of a security threat as the cameras. They would allow a hacked gadget to bug an entire room. Learn about your ad choices: dovetail.prx.org/ad-choices

You've covered the basics. You've checked off the more-than-basics. But you still can't fight a nagging feeling that it's not quite enough. At a certain point, if a nation-state wants to compromise your devices or your privacy badly enough, it's going to find a way. You can at least make it harder for them. Here are a few measures designed to do just that. The Air Gap Up There The best way not to get your computer hacked? Don't connect it to any other computer, a practice known as air-gapping. Learn about your ad choices: dovetail.prx.org/ad-choices

If you're facing targeted security threats, your problems run deeper than spyware on your devices. You need to check your physical spaces as well—your home, hotel room, office, and so on—for hidden cameras, mics, and other eavesdropping tools that someone may have planted. That means performing regular "technical surveillance counter measures" inspections. In other words? Checking for bugs. Learn about your ad choices: dovetail.prx.org/ad-choices

When you think about online security, you think digital solutions. Install a reputable antivirus program; use end-to-end encryption. But protection can be physical as well. To up your security game, think outside the code with these IRL reinforcements. Tape Over Your Webcam Mark Zuckerberg does it. So does James Comey. And you, too, should also take this high-reward, low-tech security step. Learn about your ad choices: dovetail.prx.org/ad-choices

There are few more toxic practices online than doxing, the distribution of someone's personal information across the internet against their will. It’s all too common, though, deployed regularly and devastatingly as a means to harass and intimidate. The practice is not limited to public—or briefly internet famous—figures either. Anyone can be a victim, at any time. Learn about your ad choices: dovetail.prx.org/ad-choices

Like any classic hustle, phishing has staying power. The fake emails and texts that lure you into a digital con—Free cruise! Act now!—may not comprise a very technical hack, but the attackers behind them still put a lot of resources and expertise into giving their cons as much authenticity as possible. That’s what makes it so difficult to protect yourself against phishing. You know not to click links in shady emails. You know to think twice before clicking any link in any email. Learn about your ad choices: dovetail.prx.org/ad-choices

If the web were an amusement park attraction, you’d have to be 10 feet tall to ride—it's terrifying enough for adults and a funhouse of horrors for kids, from inappropriate content to unkind comment sections to outright predators. And yet! The internet also affords opportunities to learn, to socialize, to create. Besides, at this point trying to keep your kids off of it entirely would be like keeping them away from electricity or indoor plumbing. They’re going to get online. Learn about your ad choices: dovetail.prx.org/ad-choices

Your passwords are a first line of defense against many internet ills, but few people actually treat them that way: Whether it’s leaning on lazy Star Wars references or repeating across all of your accounts—or both—everyone is guilty of multiple password sins. But while they’re an imperfect security solution to begin with, putting in your best effort will provide an immediate security boost. Don’t think of the following tips as suggestions. Learn about your ad choices: dovetail.prx.org/ad-choices

Throughout 2016 and 2017, individuals in Canada, United States, Germany, Norway, United Kingdom, and numerous other countries began to receive suspicious emails. It wasn’t just common spam. These people were chosen. WIRED OPINION ABOUT Ronald Deibert (@rondeibert) is professor of political science and director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. The emails were specifically designed to entice each individual to click a malicious link. Learn about your ad choices: dovetail.prx.org/ad-choices

When North Korea tested an intercontinental ballistic missile on Tuesday, analysts quickly determined that the weapon would be able to reach any target in the continental United States. Further photo and video analysis since, though, indicate that the missile test represents an even greater advance in capabilities than analysts first thought. Learn about your ad choices: dovetail.prx.org/ad-choices

The Internet of Things security crisis persists, as billions of inadequately secured webcams, refrigerators, and more flood homes around the world. But IoT security researchers at Microsoft Research have their eye on an even larger problem: the billions of gadgets that already run on simple microcontrollers—small, low-power computers on a single chip—that will gradually gain connectivity over the years, exponentially expanding the internet of things population. Learn about your ad choices: dovetail.prx.org/ad-choices

Pretending to be someone you're not in an email has never been quite hard enough—hence phishing, that eternal scourge of internet security. But now one researcher has dug up a new collection of bugs in email programs that in many cases strip away even the existing, imperfect protections against email impersonation, allowing anyone to undetectably spoof a message with no hint at all to the recipient. Learn about your ad choices: dovetail.prx.org/ad-choices

Most ad blockers—and there are so, so many of them now—operate roughly the same way, comparing the scripts they encounter on a given site to their whitelist and block list letting the former run and stopping the others. This means they largely share the same drawback, as well; they can’t block what they’ve never seen before. With its latest release, popular ad blocker Ghostery attempts to solve that common dilemma, with a fashionable solution: artificial intelligence. Learn about your ad choices: dovetail.prx.org/ad-choices

A massive effort to encrypt web traffic over the last few years has made green padlocks and "https" addresses increasingly common; more than half the web now uses internet encryption protocols to keep data protected from prying eyes as it travels back and forth between sites and browsers. But as with any sweeping reform, the progress also comes with some new opportunities for fraud. And phishers are loving HTTPS. Learn about your ad choices: dovetail.prx.org/ad-choices

A series of leaks has rocked the National Security Agency over the past few years, resulting in digital spy tools strewn across the web that have caused real damage both inside and outside the agency. Many of the breaches have been relatively simple to carry out, often by contractors like the whistleblower Edward Snowden, who employed just a USB drive and some chutzpah. Learn about your ad choices: dovetail.prx.org/ad-choices

It's been a rough week for a lot of people, but particularly for Apple. On Tuesday, a security researcher tweeted information about a dire bug in the company's macOS High Sierra operating system that allowed anyone being prompted for system user credentials to bypass the authentication by simply typing "root" as the username and leaving the password blank. Apple rushed to push out a necessary update on Wednesday, but botched it a bit; if you hadn't yet updated to macOS 10.13. Learn about your ad choices: dovetail.prx.org/ad-choices

When a company like Apple rushes out a software patch for a critical security bug, it deserves praise for protecting its customers quickly. Except, perhaps, when that patch is so rushed that it's nearly as buggy as the code it was designed to fix. Learn about your ad choices: dovetail.prx.org/ad-choices

Just 17 months after leading chants of “Lock her up” at the Republican National Convention, protesting FBI Director James Comey’s handling of the Hillary Clinton email investigation, retired Lt. Gen. Michael Flynn himself faced the inside of a Washington courtroom Friday morning. Learn about your ad choices: dovetail.prx.org/ad-choices

You may not realize it, but the cell phone in your pocket creates a time-stamped map of everywhere you go: where you shop, where you receive medical care, and how often you frequent a church, school, or gun range. That's because cell phones automatically connect to the nearest cell phone tower, and by doing so, constantly determine and record the user's location. WIRED OPINION ABOUT Andrew D. Learn about your ad choices: dovetail.prx.org/ad-choices

It's increasingly unremarkable for consumers to use artificial intelligence tools in their daily lives. Machine learning algorithms power your smart assistants, organize your vacation photos, and even analyze your health data. But human beings pick up the slack for those automated technologies more often than you might realize. And that means that real people can sometimes access user data that customers thought would only be seen by machines. Learn about your ad choices: dovetail.prx.org/ad-choices

The intersection of quantum computing and espionage may feel like a faraway future. But in his latest novel, David Ignatius, Washington’s own John le Carré, tackles just that. The Quantum Spy, out now, revolves around a central theme of spy literature: the race for a new technology, to discover something new that, even if only for a moment, will provide a geopolitical advantage. Learn about your ad choices: dovetail.prx.org/ad-choices

There are hackable security flaws in software. And then there are those that don't even require hacking at all—just a knock on the door, and asking to be let in. Apple's macOS High Sierra has the second kind. On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system's security protections. Learn about your ad choices: dovetail.prx.org/ad-choices

Learn about your ad choices: dovetail.prx.org/ad-choices

As you emerge from your turkey-induced coma, take a moment to reflect on the past week in security, which despite the holiday was chock-full of wonderments. From Uber shadiness to Android location-tracking, it was quite the whirlwind. Uber made headlines midweek when it came out that the company had not only been breached a year ago—coughing up the personal info of 57 million users—but paid the hackers $100,000 to keep it quiet. Learn about your ad choices: dovetail.prx.org/ad-choices

Intelligence agencies have a limited number of trained human analysts looking for undeclared nuclear facilities, or secret military sites, hidden among terabytes of satellite images. But the same sort of deep learning artificial intelligence that enables Google and Facebook to automatically filter images of human faces and cats could also prove invaluable in the world of spy versus spy. Learn about your ad choices: dovetail.prx.org/ad-choices

When Ahmed Younis first took a job at the State Department in September of 2016, the cross-country commute between his office in Washington, DC and his home in Los Angeles, where his wife and daughter live, seemed worth it. Learn about your ad choices: dovetail.prx.org/ad-choices

Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible. Learn about your ad choices: dovetail.prx.org/ad-choices