Security, Spoken

Apple finally announced the iPhone X this week, complete with a facial recognition system that Apple calls FaceID. Preliminary impressions are that FaceID will be difficult to trick, and should be secure for the average user, but researchers are eager to test its robustness. Consumer facial recognition has been around, but not yet at this scale, inviting questions about what its implications will be, particularly for privacy. Learn about your ad choices: dovetail.prx.org/ad-choices

You intuitively know why you should bolt your doors when you leave the house, and add some sort of authentication for your smartphone. But there are lots of digital entrances that you leave open all the time, like Wi-Fi and your cell connection. It's a calculated risk, and the benefits generally make it worthwhile. That calculus changes with Bluetooth. Whenever you don't absolutely need it, you should go ahead and turn it off. Learn about your ad choices: dovetail.prx.org/ad-choices

Wednesday morning, conservative corners of the internet were furious to discover that @HopeHicks45, the Twitter account belonging to Donald Trump's newly official Communications Director, had been suspended. The only problem? That’s not Hope Hicks. @HopeHicks45 was nothing more than an imposter. The ordeal kicked off when journalist Jules Suzdaltsev noted that what appeared to be Hicks' account was not verified by the service, surprising for such a prominent public figure. Learn about your ad choices: dovetail.prx.org/ad-choices

The recent, massive Equifax data breach, which put 143 million US consumers' personal data at risk—including names, Social Security numbers, birth dates, addresses, and some drivers license and credit card numbers—drove home the dangers facing any organization that stores a valuable trove of data. Learn about your ad choices: dovetail.prx.org/ad-choices

One of the most shocking things about Thursday's announcement of the Equifax data breach is the sheer scale of the numbers involved. Particularly the Social Security numbers. Learn about your ad choices: dovetail.prx.org/ad-choices

This summer was punctuated by scams and hacks of "initial coin offerings," startup fundraisers that issue coins, tokens, or cryptocurrency to anyone who wants to invest in fledgling blockchain-related companies. In mid-July, a startup called CoinDash lost $7 million dollars during its ICO after a hacker altered the address investors were sending funds to so the money went to a malicious digital wallet instead of CoinDash. Learn about your ad choices: dovetail.prx.org/ad-choices

When it comes to Russian propaganda, things are seldom what they seem. Consider the case of the Internet Research Agency. The shadowy St. Petersburg-based online-influence operation came under fresh scrutiny this week after Facebook disclosed that entities linked to Russia had placed some 5,000 phony political ads on its platform during the 2016 election cycle. Learn about your ad choices: dovetail.prx.org/ad-choices

If you are among the millions of Americans concerned about cybersecurity at the Democratic National Committee---and how could you not be?---then the home of the party’s tech braintrust might not give you much hope. The tiny, charmless office, with "DNC Tech" scribbled in dry-erase marker on the door, contains one desk and two computer monitors. Nearby, an overturned couch pokes out from an elevator shaft, a leftover from the widespread departures that followed Hillary Clinton's defeat. Learn about your ad choices: dovetail.prx.org/ad-choices

North Korea conducted its sixth nuclear test on Sunday, claiming that it had detonated a hydrogen bomb that was small and light enough to be mounted on an intercontinental ballistic missile. Pyongyang has made such claims before without proof that it actually possesses those advanced capabilities. Learn about your ad choices: dovetail.prx.org/ad-choices

Jaquan Lugo stood stone-faced and somber inside a circular, wood-paneled courtroom on a Thursday afternoon in Paterson, New Jersey, as Superior Court Judge Donna Gallucio considered her options. Just four days prior, the 22-year-old and two other men were arrested in Paterson, accused of six counts of attempted murder and various gun charges after a pre-dawn drive-by shooting left a 17-year-old girl with a life-threatening wound near her lung. Learn about your ad choices: dovetail.prx.org/ad-choices

Android's recently released Oreo update packs in plenty of features, including a battery life boost and a notifications rethink. But Oreo's most important improvements will happen behind the scenes, with a host of security updates designed to evolve with ever-expanding digital threats. From halting ransomware to blocking malicious apps and easing Android's longstanding fragmentation woes, Oreo tackles some big problems. Learn about your ad choices: dovetail.prx.org/ad-choices

In November of 2015, Will Caput worked for a security firm assigned to a penetration test of a major Mexican restaurant chain, scouring its websites for hackable vulnerabilities. So when 40-year-old Caput took a lunch break, he had beans and guacamole on his mind. He decided to drive to the local branch of the restaurant in Chico, California. While there, still in the mindset of testing the restaurant’s security, he noticed a tray of unactivated gift cards sitting on the counter. Learn about your ad choices: dovetail.prx.org/ad-choices

In the ongoing drama that is the Trump presidency, secondary characters constantly float in and out as new storylines and Special Counsel inquiries come to light. It’s easy to lose track. So to help, let’s get to know some of Trump’s satellites, both new and old, a little better. Let’s take a look at their Amazon.com Wish Lists. In case you're unfamiliar with the feature, when you shop for an item on Amazon, an unobtrusive little button sits under the "Add to Cart" option. Learn about your ad choices: dovetail.prx.org/ad-choices

Early in August, NYU professor Siddharth Garg checked for traffic, and put a yellow Post-it onto a stop sign outside the Brooklyn building in which he works. When he and two colleagues showed a photo of the scene to their road-sign detector software, it was 95 percent sure the stop sign in fact displayed a speed limit. The stunt demonstrated a potential security headache for engineers working with machine learning software. Learn about your ad choices: dovetail.prx.org/ad-choices

Almost exactly five years after seeing the first demonstration of Cody Brocious’ Onity hacking tool, I meet Aaron Cashatt face to face in the fluorescent-lit, cafeteria-style visiting room of the Cibola Unit of the Yuma State Prison Complex. Under his orange jumpsuit he’s bulked up from prison-yard weightlifting and seems clear-eyed and sharp. Learn about your ad choices: dovetail.prx.org/ad-choices

In a refreshing change of pace, this week’s security news included little to no escalation of nuclear rhetoric. Let’s count that as a win! Among quite a few losses. Digital financial services provider Enigma, for instance, lost its supporters almost $500,000 in cryptocurrency thanks to bad password habits. Domestic helper robots lost security cred by being hacked into tiny robotic Chucky dolls. Learn about your ad choices: dovetail.prx.org/ad-choices

The Trickbot malware that targets bank customers. Password harvesters like Mimikatz. "Fileless malware" attacks. All three are popular hacking tools and techniques, but they're unconnected except for one trait: They all rely in part on manipulating a Windows management tool known as PowerShell to carry out their attacks. Long a point of interest for security researchers, PowerShell techniques increasingly pop up in real-world attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

Data breaches and hacks of US government networks, once novel and shocking, have become a problematic fact of life over the last few years. So it makes sense that a cybersecurity analysis released today placed the government at 16 out of 18 in a ranking of industries, ahead of only telecommunications and educations. Healthcare, transportation, financial services, retail, and pretty much everything else ranked above it. Learn about your ad choices: dovetail.prx.org/ad-choices

Learn about your ad choices: dovetail.prx.org/ad-choices

The digital financial services developer Enigma prides itself on ultra-secure products. The company's Catalyst platform protects financial info with a cutting-edge combination of blockchain-inspired privacy technology and cryptography. So it comes as no small surprise that on Monday, scammers took over the company's website, mailing lists, and Slack accounts by exploiting some extremely basic security mistakes Enigma had made. Learn about your ad choices: dovetail.prx.org/ad-choices

They say April is the cruelest month, but HBO may beg to differ. The company kicked off August with an apparently massive breach of its servers, in which hackers pilfered everything from full episodes of unreleased shows to sensitive internal documents. Not long after, in separate and distinct incidents, two episodes of Game of Thrones leaked out early. And Thursday, hacker group OurMine hijacked HBO’s main Twitter account, along with those of several HBO shows. Learn about your ad choices: dovetail.prx.org/ad-choices

Say you're a white supremacist who happens to hate Jewish people—or black people, Muslim people, Latino people, take your pick. Today, you can communicate those views online any number of ways without setting off many tech companies' anti–hate speech alarm bells. And that's a problem. Learn about your ad choices: dovetail.prx.org/ad-choices

The white supremacist site The Daily Stormer has taken a nomadic journey around the web this week, searching for a permanent home after being booted by the hosting and domain registry company GoDaddy. Throughout its bizarre odyssey, though, the infrastructure and web services company Cloudflare has defended the site against cyber attacks, particularly DDoS attacks. Wednesday, Cloudflare finally pulled the plug. Without its protection, The Daily Stormer promptly crashed. Learn about your ad choices: dovetail.prx.org/ad-choices

The schedule for Donald Trump's his first full day back in New York since the start of his presidency entailed walking into the Trump Tower lobby, talking about infrastructure for a few minutes, and immediately re-boarding his golden elevator without taking any questions. Much to Chief of Staff John Kelly's apparent chagrin, that did not happened. Instead, Trump opted to take a few questions after his prepared remarks. Learn about your ad choices: dovetail.prx.org/ad-choices

North Korea's nuclear and ballistic ambitions have existed for decades; the country conducted its first significant missile test launches in the 1980s, and conducted its first nuclear test in 2006. Now, thanks to a recent surge of development, the intertwined endeavors have both advanced to the point that experts have warned about for years. The worst-case North Korea hypotheticals, in other words, have suddenly become all too real. Learn about your ad choices: dovetail.prx.org/ad-choices

As smartphone users have become more aware that fake cell phone towers, known as IMSI catchers or stingrays, can spy on them, developers have rushed to offer apps that detect when your phone connects to one. Unfortunately, it seems, those tools aren't as effective as they claim. Watching the watchers turns out to be a complicated business. Researchers from Oxford University and the Technical University of Berlin today plan to present the results of a study of five stingray-detection apps. Learn about your ad choices: dovetail.prx.org/ad-choices

Digital privacy has had a very bad summer. As China and Russia move to block virtual private network services, well over a billion people face losing their best chance at circumventing censorship laws. First, China asked telecom companies to start blocking user access to VPNs that didn't pass government muster by next February. More recently, Russian president Vladimir Putin signed a law to ban VPNs and other anonymous browsing tools that undermine government censorship. Learn about your ad choices: dovetail.prx.org/ad-choices

President Trump regularly demonstrates a great capacity for playing fast and loose with the truth. By one calculation, he publicly lied or exaggerated at least once daily during the 40 days following his inauguration. Politicians routinely bend reality or, in some cases, break with it entirely. But there is no precedent for applying such casual disregard to nuclear weapons, as Trump did this week. For good reason. Learn about your ad choices: dovetail.prx.org/ad-choices

One week after hackers spilled multiple episodes of unreleased HBO shows and scripts online, the same group has dropped its second trove of purported internal data from the premium network. And this time it's not just nihilistic Game of Thrones spoilers—there's a ransom note, too. The latest leak includes another half-gigabyte sample of the group's stolen digital goods; it claims to have 1.5 terabytes in all. Learn about your ad choices: dovetail.prx.org/ad-choices

August is supposed to be a slow news month. People plan summer beach vacations on this presumption. Hackers, though, apparently hate sun and sand because this past week has been incredibly active on the security news front. WIRED broke the scoop of leaked audio from Jared Kushner’s welcome conversation with west wing interns, which revealed he has a less than nuanced grasp of the details of the Palestinian-Israeli conflict--a global problem he’s been taxed with fixing. Learn about your ad choices: dovetail.prx.org/ad-choices

Just three short months ago, security researcher Marcus Hutchins entered the pantheon of hacker heroes for stopping the WannaCry ransomware attack that ripped through the internet and paralyzed hundreds of thousands of computers. Now he's been arrested and charged with involvement in another mass hacking scheme—this time on the wrong side. Learn about your ad choices: dovetail.prx.org/ad-choices

Apple recently removed some of the virtual private networks from the App Store in China, making it harder for users there to get around internet censorship. Amazon has capitulated to China's censors as well; The New York Times reported this week that the company's China cloud service instructed local customers to stop using software to circumvent that country's censorship apparatus. Learn about your ad choices: dovetail.prx.org/ad-choices

Most consumer tech manufacturers figure that once a hacker can physically access a device, there's not much left that can be done to defend it. But a group of researchers known as the Exploitee.rs say that giving up too soon leaves devices susceptible to hardware attacks that can lead to bigger problems. Hardware hack techniques, like a flash memory attack they developed, can facilitate the discovery of software bugs that not only expose the one hacked device, but every other unit of that model. Learn about your ad choices: dovetail.prx.org/ad-choices

This weekend, the same email landed in the inboxes of an untold number of entertainment journalists. “1.5 TB of HBO data just leaked!!!” screamed the subject header, while the email itself, addressed "to all mankind," promised “the greatest leak of space era,” and a link to a site that hosts unreleased an Game of Thrones script, not-yet-aired episodes of Ballers and Insecure, Room 104, and Barry. According the hackers, there’s plenty more where that came from. Learn about your ad choices: dovetail.prx.org/ad-choices

The near-daily barrage of news and revelations, big and small, about the Trump campaign and its metastasizing ties to Russia can be hard to keep track of, even for people following the scandal closely. Story lines and players appear and disappear, sometimes for weeks or even months at a time. Learn about your ad choices: dovetail.prx.org/ad-choices

One out of every seven people on the planet uses the messaging app WhatsApp every day, according a recent blog post from the company. A billion people a day send messages to their friends and family on a service that's end-to-end encrypted by default, up from a billion per month last year. That surge in growth stands in sharp contrast to Twitter, which added approximately no new monthly uses last quarter, and had in fact lost two million in the US. Learn about your ad choices: dovetail.prx.org/ad-choices

Last week, representative Blake Farenthold of Texas lamented on the radio that some "female senators from the Northeast" stood in the way of repealing the Affordable Care Act. "If it was a guy from south Texas," he said, "I might ask him to step outside and settle this Aaron Burr-style," suggesting he'd love to duel, say, Susan Collins of Maine. Learn about your ad choices: dovetail.prx.org/ad-choices

Before my visit earlier this year, I’d never been to Cuba, though Cuba had certainly been to me. The Miami of my ’80s childhood was a suburban reboot of prerevo­lutionary Cuba, filled with people who still toasted El año próximo en La Habana (“next year in Havana”) at important occasions. Everything from family letters to fresh-off-the-raft waiters kept us apprised of the increasingly desperate conditions. Learn about your ad choices: dovetail.prx.org/ad-choices

When AlphaBay, the world’s largest dark web bazaar, went offline two weeks ago, it threw the darknet into chaos as its buyers and sellers scrambled to find new venues. What those dark web users didn't—and couldn't—know: That chaos was planned. Dutch authorities had already seized Hansa, another another major dark web market, the previous month. Learn about your ad choices: dovetail.prx.org/ad-choices

It was the week that sent dark web markets scrambling. On Thursday, the feds confirmed earlier reports that they had taken down Alphabay, a dark web bazaar substantially larger than Silk Road ever was. They tacked on a surprising revelation though: Dutch police had a month earlier quietly seized control of the third-largest dark web market, Hansa, setting a trap for displaced Alphabay buyers and sellers. What a world! While darknet drama dominated the headlines, plenty more transpired. Learn about your ad choices: dovetail.prx.org/ad-choices

The ever-changing Russian hacking scandal—which doesn’t yet have a catchy name like Treasongate but clearly needs one—took a sharp U-Turn back to email territory, when Donald Trump Jr. revealed the email chain in which he set up a meeting with a Russian government lawyer. We profiled the British publicist who organized the get-together, a guy who has had a long and colorful relationship with the Trump family, much of which helpfully lives on social media. Learn about your ad choices: dovetail.prx.org/ad-choices

Not since the days of the now-legendary Silk Road has a single site dominated the dark web's black market as completely, and for as long, as the online bazaar known as AlphaBay. And with the news that the site has been torn down by a law enforcement raid---and one of its leaders found dead in a Thai prison---the dark web drug trade has fallen into a temporary state of chaos. About a week ago AlphaBay, the dark web's largest contraband marketplace, went mysteriously offline. Learn about your ad choices: dovetail.prx.org/ad-choices

Minnesota representative and Deputy Chair of the DNC Keith Ellison recently called on Twitter to ban Donald Trump once and for all, joining countless publications who have made the same demand. And currently, nearly 72,000 people have signed an online petition asking for the same. Unfortunately for all those dreaming of a Trump-free Twitter, it is almost certainly never going to happen. Learn about your ad choices: dovetail.prx.org/ad-choices

Remember when Myspace suffered one of the largest user data breaches ever? Around 360 million accounts were compromised in June 2013, but Myspace said in 2016 when it disclosed the incident that it was taking action to shore up its security. Which would be great, except that it turns out anyone could have taken over any Myspace account if they had the account owner’s listed name, username, and birthday. Learn about your ad choices: dovetail.prx.org/ad-choices

Despite what you may have heard, an Amazon Echo did not call the police earlier this week, when it heard a husband threatening his wife with a gun in New Mexico. On Monday, news reports took Bernalillo County authorities' version of those events credulously, heralding the home assistant as a hero. Learn about your ad choices: dovetail.prx.org/ad-choices

On Thursday, President Donald Trump stressed the importance of a particular feature of his proposed border wall: transparency. His reason? Without it, a 60-pound bag of heroin might fly over, and hit an unassuming passerby on the head, striking them dead. The vivid image invites flashbacks to Chuck Jones cartoons, and more than a few questions. But to take it on its merits: Yes, drugs do fly over the wall. But … not like that. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday, Donald Trump Jr. tweeted out a lengthy email chain from June, 2016. The tweet was an effort to get out ahead of a New York Times investigation into the meeting the emails discussed. They show Trump Jr. eagerly arranging to meet with a Russian lawyer, explicitly described as being government-affiliated, for the stated purpose of getting dirt on Hillary Clinton to help elect Donald Trump. Immediately, conservative leaders leapt to the first son’s defense. Learn about your ad choices: dovetail.prx.org/ad-choices

Rob Goldstone, a British-born former tabloid reporter and current publicist, has found himself in the middle of one of the biggest scandals of Trump's presidency thus far. When Donald Trump Jr. sat down with Natalia Veselnitskaya, a Russian lawyer with reported ties to the Kremlin (ties which Veselnitskaya denies), it was Goldstone who had brokered the encounter. After The New York Times first reported that the meeting took place, Trump Jr. Learn about your ad choices: dovetail.prx.org/ad-choices

On the list of computer security advice standbys, "update your software" ranks just below with "don't use the password 'password.'" But as the cybersecurity research community gets to the bottom of the malware outbreak that exploded out of Ukraine to paralyze thousands of networks around the world last week—shutting down banks, companies, transportation and electric utilities—it's become clear that software updates themselves were the carrier of that pathogen. Learn about your ad choices: dovetail.prx.org/ad-choices

After last month's Petya/NotPetya ransomware outbreak you may be feeling like the next global attack could come at any moment. It hasn't struck yet, but if the ransomware fear doesn't get you, the phishing paranoia might. And don't forget angst about power grid hacks. Reports this week revealed that the FBI and Department of Homeland Security are scrambling to defend multiple US energy companies and manufacturing plants from hackers—including a nuclear power plant in Kansas. Learn about your ad choices: dovetail.prx.org/ad-choices