Security, Spoken

You probably get robocalls all the time. Some pretend to be from the IRS, others come from a phone number very similar to yours. And then there's the rash of free airline tickets/problem with your credit card/complete this short survey intrusions. If it feels like they're cropping up more than ever, you're right. The blocking service YouMail estimates that 2.49 billion robocalls were placed to US consumers last month, marking a 4.1 percent increase over September. This translates to 80. Learn about your ad choices: dovetail.prx.org/ad-choices

As many as a million spectators turn out for the Macy's Thanksgiving Day Parade. Another 200,000 show up the night before to watch the enormous balloons inflate. Keeping New York City safe on an ordinary day is challenging enough; locking down a massive parade route is all the more so. But the New York Police Department has recently deployed a new secret weapon to counter body-worn bombs: A team of Labrador retrievers who have graduated from patent-pending "Vapor Wake" security training. Learn about your ad choices: dovetail.prx.org/ad-choices

By now, the name Uber has become practically synonymous with scandal. But this time the company has outdone itself, building a Jenga-style tower of scandals on top of scandals that has only now come crashing down. Not only did the ridesharing service lose control of 57 million people's private information, it also hid that massive breach for more than a year, a cover-up that potentially defied data breach disclosure laws. Learn about your ad choices: dovetail.prx.org/ad-choices

Well, it’s been a wild and wooly week for security, especially for Face ID, which a group of hackers at a Vietnamese security firm convincingly claim to have broken just a week after the iPhone X release. They’re joined by a 10-year-old boy, who managed to break into his mother’s iPhone X thanks to a little trick known as genetics. Learn about your ad choices: dovetail.prx.org/ad-choices

Four months ago, HBO faced a punishing series of leaks of unreleased episodes, scripts, and even celebrities' contact information. On Tuesday, the Department of Justice named the alleged culprit behind that extortion campaign: An Iranian hacker named Behzad Mesri. By indicting Mesri, prosecutors have sent a message that even anonymous cybercriminals in countries as distant as Iran can be tracked down and unmasked. Learn about your ad choices: dovetail.prx.org/ad-choices

We get it. Presidential campaigns are a blur. One day you're kissing babies in an Iowa cornfield, the next you're working the spin room at a Las Vegas debate. Who among us can remember every hand shaken, every appointment kept, every 30-year-old underling plotting a backroom conversation with Vladimir Putin to acquire dirt on a political opponent? Certainly not Attorney General Jeff Sessions. Learn about your ad choices: dovetail.prx.org/ad-choices

WikiLeaks has been sliding into Donald Trump Jr.’s DMs. The mostly one-sided conversation, surfaced by The Atlantic, lasted at least from September 2016 to July 2017. Throughout that stretch, WikiLeaks sent Donald Trump Jr. direct messages through Twitter, asking him for his father's tax returns, suggesting Trump Senior reject election results if Hillary Clinton won, and even oh-so-casually floating the idea that Julian Assange might make a good Australian ambassador. Trump Jr. Learn about your ad choices: dovetail.prx.org/ad-choices

Five years ago, Benjamin Delpy walked into his room at the President Hotel in Moscow, and found a man dressed in a dark suit with his hands on Delpy's laptop. Just a few minutes earlier, the then 25-year-old French programmer had made a quick trip to the front desk to complain about the room's internet connection. He had arrived two days ahead of a talk he was scheduled to give at a nearby security conference and found that there was no Wi-Fi, and the ethernet jack wasn't working. Learn about your ad choices: dovetail.prx.org/ad-choices

The United States government doesn't get along with hackers. That's just how it is. Hacking protected systems, even to reveal their weaknesses, is illegal under the Computer Fraud and Abuse Act, and the Department of Justice has repeatedly made it clear that it will enforce the law. In the last 18 months, though, a new Department of Defense project called "Hack the Pentagon" has offered real glimmers of hope that these prejudices could change. Learn about your ad choices: dovetail.prx.org/ad-choices

The first time the police arrived on her doorstep, in March of 2015, Courtney Allen was elated. She rushed to the door alongside her dogs, a pair of eager Norwegian elkhounds, to greet them. “Is this about our case?” she asked. The police looked at her in confusion. They didn’t know what case she was talking about. Courtney felt her hope give way to a familiar dread. Learn about your ad choices: dovetail.prx.org/ad-choices

When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible. Learn about your ad choices: dovetail.prx.org/ad-choices

It was 10 am on a hot, humid Tuesday in August when I decided I could finally relax. After a frantic weekend of finishing a big story—and typing so much that my forearms tingled—I needed to decompress. I placed my phone on do not disturb, turned on my air conditioner, and blissfully spent an hour contorting myself into various poses on the yoga mat next to my bed. Learn about your ad choices: dovetail.prx.org/ad-choices

You've been there: browsing on a slightly backwater website, crossing your fingers as you click what looks like a video's play button. Instead of the TV show you had queued up, a million pop-ups spew out. The page you were on morphs into a Caribbean timeshare ad. It's the sort of misdirection that Google aptly calls an "unwanted behavior." And on Wednesday, the company's Chrome browser team announced a series of fixes that attempt to block these sketchy shenanigans. Learn about your ad choices: dovetail.prx.org/ad-choices

The email hits your inbox with an urgent warning: Your Netflix account has been suspended, due to a problem with your billing information. It offers a link, which takes you to what looks very much like a Netflix landing page. It's not. Instead, it's a phishing scam that collects extensive personal data on victims. Learn about your ad choices: dovetail.prx.org/ad-choices

Owning cryptocurrency isn't quite the Wild West experience it was at the beginning of the decade, but investors still face plenty of instability and risk. The threats aren't just abstract or theoretical; new scams crop up, and old ones resurge, all the time. Whether it's a fake wallet set up to trick users, a phishing attempt to steal private cryptographic keys, or even fake cryptocurrency schemes, there’s something to watch out for at every turn. Learn about your ad choices: dovetail.prx.org/ad-choices

“We reject: kings, presidents, and voting. We believe in: rough consensus and running code.” So declared MIT professorDavid D. Clarkin 1992. Twenty-five years later, this sentiment mirrors the global zeitgeist more than ever. TheAmerican public distrusts governmentin record numbers. Other nation-states disdain the USto world-historical degrees. Learn about your ad choices: dovetail.prx.org/ad-choices

For the last two years, America's cybersecurity relationship with China has been held up as a triumph of digital diplomacy: Since the two countries signed an agreement not to hack each others' private sector companies for commercial gain in late 2015, that pact has come to represent one of the most effective demonstrations in history of government negotiation to curtail state-sponsored cyberspying. Learn about your ad choices: dovetail.prx.org/ad-choices

This week, some old security threats came back to haunt the internet, a fitting horror trope this close to Halloween. Remember the Mirai botnet that took out the internet for a big chunk of the East Coast and beyond last year? It’s back, sort of. More specifically, a new botnet called Reaper is steadily growing, based on Mirai but with an added trick. It doesn’t just seek out IoT devices with poor password protections; it can actively take advantage of known vulnerabilities. Learn about your ad choices: dovetail.prx.org/ad-choices

Angst over a potential electromagnetic pulse attack bubbles up every few months, and it’s easy to understand why. The EMP impact envisioned by people who have studied it closely would be downright apocalyptic: a decimated US power grid, and up to 90 percent of Americans dead within a year. It doesn’t help, either, that North Korea recently invoked the specter of an EMP attack, and seems increasingly like it would have the wherewithal to pull one off. Learn about your ad choices: dovetail.prx.org/ad-choices

Monday morning, just hours after pundits had settled into dissecting what everyone assumed to be the day’s big revelation—the indictment of former Trump campaign chairman Paul Manafort, and his former business associate Rick Gates, on a slew of charges related to an alleged money laundering scheme—came an even bigger revelation: George Papadopoulos, foreign policy advisor to the Trump campaign, had struck a plea agreement with Robert Mueller’s special counsel office. Learn about your ad choices: dovetail.prx.org/ad-choices

The Trezor: January 4, 2016: 7.4 BTC = $3,000 In January 2016, I spent $3,000 to buy 7.4 bitcoins. At the time, it seemed an entirely worthwhile thing to do. I had recently started working as a research director at the Institute for the Future’s Blockchain Futures Lab, and I wanted firsthand experience with bitcoin, a cryptocurrency that uses a blockchain to record transactions on its network. Learn about your ad choices: dovetail.prx.org/ad-choices

The Kodi box pitch is hard to resist. A little black plastic square, in look not much different from a Roku or Apple TV, and similar in function as well. This streamer, though, offers something those others never will: Free access to practically any show or movie you can dream of. No rental fees. No subscriptions. Just type in the name of a blockbuster, and start watching a high-definition stream in seconds. Learn about your ad choices: dovetail.prx.org/ad-choices

Of the many new features in Apple’s iOS 11—which hit your iPhone a few weeks ago—a tool called Core ML stands out. It gives developers an easy way to implement pre-trained machine learning algorithms, so apps can instantly tailor their offerings to a specific person’s preferences. Learn about your ad choices: dovetail.prx.org/ad-choices

The Mirai botnet, a collection of hijacked gadgets whose cyberattack made much of the internet inaccessible in parts of the US and beyond a year ago, previewed a dreary future of zombie connected-device armies run amuck. But in some ways, Mirai was relatively simple—especially compared to a new botnet that's brewing. While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. Learn about your ad choices: dovetail.prx.org/ad-choices

There's nothing like a hefty security freakout to start the week, and the Key Reinstallation AttackWi-Fi vulnerability—you know it as Krack—announced on Monday fit the bill. The bug is in the ubiquitous WPA2 Wi-Fi protocol, so while it fortunately doesn't impact every single device that exists, it does affect a significant portion of them. Learn about your ad choices: dovetail.prx.org/ad-choices

When you consider the nagging privacy risks of online advertising, you may find comfort in the thought of a vast, abstract company like Pepsi or Nike viewing you as just one data point among millions. What, after all, do you have to hide from Pepsi? And why should that corporate megalith care about your secrets out of countless potential Pepsi-drinkers? But an upcoming study has dissipated that delusion. Learn about your ad choices: dovetail.prx.org/ad-choices

There’s something new to add to your fun mental list of invisible internet dangers. Joining classic favorites like adware and spyware comes a new, tricky threat called “cryptojacking,” which secretly uses your laptop or mobile device to mine cryptocurrency when you visit an infected site. Malicious miners aren’t new in themselves, but cryptojacking has exploded in popularity over the past few weeks, because it offers a clever twist. Learn about your ad choices: dovetail.prx.org/ad-choices

When it comes to the eternal tradeoff between digital security and convenience, most tech firms focus their efforts on the vast majority of people who choose a painless user experience over a paranoid one. But Google is adding a set of features specifically targeted at those who prefer the latter. You can now lock down your account to a degree that no other major tech firm has ever offered directly to users, convenience be damned. Learn about your ad choices: dovetail.prx.org/ad-choices

A vulnerability in Wi-Fi encryption has sent the entire tech industry scrambling; the so-called Krack attack affects nearly every wireless device to some extent, leaving them subject to hijacked internet connections. In terms of scope, it doesn’t get much worse—especially for the Internet of Things. The extent of the Krack fallout remains to be seen. Learn about your ad choices: dovetail.prx.org/ad-choices

When you set up a new Wi-Fi network, you're probably conditioned by now to check the "WPA2" box. You may not specifically know when or why someone advised you to do this, but it was solid advice. Wi-Fi Protected Access 2 is the current industry standard that encrypts traffic on Wi-Fi networks to thwart eavesdroppers. And since it's been the secure option since 2004, WPA2 networks are absolutely everywhere. They're also, it turns out, vulnerable to cryptographic attack. Learn about your ad choices: dovetail.prx.org/ad-choices

This week was one of revelations in the security world, most of them centered around nation-states pulling off ambitious hacks. In the wake of reports that Russia had used Kaspersky Lab software to steal NSA secrets, we took a look at the antivirus paradox that applies to every company selling it. And given reports that North Korea had attempted to hack a US energy utility, we looked at when exactly grid-attacks should freak you out. Learn about your ad choices: dovetail.prx.org/ad-choices

Firewalls, intrusion detection systems, and even encryption haven't kept hackers out of hoards of data like the ones stolen in the catastrophic breaches of Equifax or Yahoo. But now, some Silicon Valley firms are trying a deeper approach, building security into the basic design of how data moves between a company's servers. The method aims not to seal intruders out of sensitive systems, but to tighten the rim of the cookie jar around their wrist, trapping their grabby hands inside. Learn about your ad choices: dovetail.prx.org/ad-choices

When evidence suggested President Trump was still using his personal Android phone in the White House earlier this year, security experts expressed both alarm and dismay at what might happen if hackers broke into that device. Now, POLITICO reports that former Department of Homeland Security head and current chief of staff John Kelly used a personal smartphone, possibly for months, that was compromised. That is bad. Don't do that. Learn about your ad choices: dovetail.prx.org/ad-choices

When evidence suggested President Trump was still using his personal Android phone in the White House earlier this year, security experts expressed both alarm and dismay at what might happen if hackers broke into that device. Now, POLITICO reports that former Department of Homeland Security head and current chief of staff John Kelly used a personal smartphone, possibly for months, that was compromised. That is bad. Don't do that. Learn about your ad choices: dovetail.prx.org/ad-choices

This week saw a tragic start, when late Sunday night a man named Stephen Paddock killed 58 people and wounded hundreds more in Las Vegas. Hoaxes and conspiracy theories flooded the internet in the immediate aftermath, as did questions—since answered—around how Paddock was able to fire at automatic speeds. We also took a look at gun-control tech—but didn't find much that's promising. Learn about your ad choices: dovetail.prx.org/ad-choices

Like so many other Fox News devotees in search of new voids to shout into, Donald Trump loves to tweet. He also, though, happily shares his account with at least one staffer. So how do we know when the most-mad-online president in human history is actually tapping out his own material? Fortunately for us, Trump is a creature of habit, and he's got some tells. In the early days, all it took to figure out whether a tweet came from Trump himself was to peek at the source device. Learn about your ad choices: dovetail.prx.org/ad-choices

In the aftermath of mass shootings in the United States, like Sunday evening's Las Vegas tragedy that killed at least 58 people and wounded over 500, a debate often emerges about how to prevent such incidents from occurring again. Part of that heated and longstanding gun-control battle is the question of whether technology can make guns safer. And they can—but not in a way that can prevent many of the country's most high profile attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

Fatimah Gifford was nervous the day she was scheduled to testify in front of Texas’ Health and Human Services committee. Gifford is the VP of Communications for Whole Woman’s Health, which operates five reproductive healthcare clinics across Texas. This wasn’t her first time testifying before the state legislature, but it was her first time testifying about abortion. Learn about your ad choices: dovetail.prx.org/ad-choices

The initial drama over Equifax's September data breach has mostly subsided, but the actual damage will play out for years. And indeed, there turns out to be plenty of spectacle and public controversy left. It was all on display at a Tuesday Congressional hearing, in which lawmakers questioned Equifax's former CEO Richard Smith in an attempt to make sense of how things went so wrong. Learn about your ad choices: dovetail.prx.org/ad-choices

For the past five years, Cody Wilson has applied every possible advance in digital manufacturing technology to the mission of undermining government attempts at gun control. First he created the world's first 3-D printed gun, a deadly plastic weapon anyone could print at home with a download and a few clicks. Learn about your ad choices: dovetail.prx.org/ad-choices

The country’s most famous inmate is free. O.J. Simpson's release highlights the challenges of leaving prison, saddled with multiple felony convictions.I would know. It’s hard to re-enter society, but it might be easier for those returning citizens, like Simpson, whose NFL pension and luxury homes, along with the prospect of the new iPhone, await him, compared with the likely transition for those who will return to poverty. Learn about your ad choices: dovetail.prx.org/ad-choices

The encrypted-communication app Signal has a sterling reputation within the security and crypto community, but its critics point to a nagging flaw: The app asks for access to your phone's contact list when you install it. Signal's creators, like the developers of so many other social apps, consider that contact-sharing request a necessary evil, designed to make the app as easy to use as your normal calling and texting features. Learn about your ad choices: dovetail.prx.org/ad-choices

Since moving into the White House months ago, Jared Kushner—senior advisor and son-in-law to the President, savior of the Middle East, and possible person of interest in a federal investigation—has amassed a rather extensive project portfolio. The issues under Kushner's purview include negotiating peace between Israel and Palestine, fixing the opioid crisis, updating technology across the entire federal government, and spearheading criminal justice reform, to name just a few. Learn about your ad choices: dovetail.prx.org/ad-choices

In 2003, when Jon Phillips was 24, he met someone who changed everything about how he perceived the world. At the time, Phillips was a graduate student in computer science and visual art at the University of California, San Diego. Rather than work for a big tech company, as most of his friends were doing, he wanted to use his computing skills to “build society and community. Learn about your ad choices: dovetail.prx.org/ad-choices

The digital assaults known as distributed denial of service attacks occur constantly, whether you notice them or not. Corporations, internet infrastructure companies, and other large targets like universities and government agencies experience them frequently, or in some cases constantly. The only reason more of the internet doesn't exist in a constant state of DDoS-caused collapse? Third-party companies that offer protection services. Learn about your ad choices: dovetail.prx.org/ad-choices

The week kicked off with news that CCleaner, a popular security software tool, had itself been compromised, distributing a backdoor to hundreds of thousands of users and highlighting software's serious supply-chain security issue. Just a few days later, it turned out that the CCleaner was designed instead to target nearly two dozen specific tech firms. That's... not good. Learn about your ad choices: dovetail.prx.org/ad-choices

The standard advice for Android users to avoid downloading malicious apps is simple: Only get apps from the official Google Play Store. Unlike third-party app stores that are generally difficult to vet and validate, Google Play has built-in mechanisms to screen every app for malware, ransomware, and assorted sketchiness. Learn about your ad choices: dovetail.prx.org/ad-choices

For more than five years, Iran has maintained a reputation as one of the most aggressive nations in the global arena of state-sponsored hacking, stealing data from corporate and government networks around the world, bombarding US banks with cyberattacks, and most brazen of all, unleashing multiple waves of computer-crippling malware that hit tens of thousands of PCs across the Middle East. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday morning, Donald Trump gave a bombastic speech to the assembled delegates of the United Nations. Pay special attention to how he addressed North Korea and its looming nuclear threat. Unlike most of what Trump said otherwise, its implications are as wide-ranging as they are grim. “The United States has great strength and patience, but if it is forced to defend itself or its allies, we will have no choice but to totally destroy North Korea,” said Trump. Learn about your ad choices: dovetail.prx.org/ad-choices

This article was published in partnership with The Marshall Project, a nonprofit news organization that covers the US criminal justice system. Sign up for its newsletter, or follow The Marshall Project on Facebook or Twitter. Calling home from prison is cumbersome and expensive. For deaf people behind bars, it’s even tougher, sometimes impossible. Learn about your ad choices: dovetail.prx.org/ad-choices