Security, Spoken

A tense weekend of brinksmanship between the United States and North Korea culminated in a failed missile test from the reclusive dictatorship. And while the busted launch does highlight the country’s long-term commitment to advancing its warfare capabilities, it also shouldn’t cause undo alarm. In fact, it was something close to routine. Learn about your ad choices: dovetail.prx.org/ad-choices

Phishing attacks can make even crusading technovangelists paranoid. One wrong click can put you out a ton of cash, or cause a corporate breach. And they evolve constantly. Case in point: A cunning new exploit makes malicious phishing websites appear to have the sameURL asknown and trusted destinations. You knowby now to check your browser while visitinga site to besure it sportsthelittle green padlock indicatingTLS encryption. Learn about your ad choices: dovetail.prx.org/ad-choices

National security experts and North Korea watchers say the reclusive countrymay test a nuclear bomb on Saturday, the ‘Day of the Sun’ holiday that marks the birthday of national father Kim Il-sung. The Hermit Kingdom’s recent saber-rattling prompted the United States to dispatch the Vinson carrier group as a show of force, and President Trump has not ruled out a pre-emptive strike. Learn about your ad choices: dovetail.prx.org/ad-choices

It feels like all weeks in security news are overstuffed lately, and this one's no exception. It started with a bang, or more of a blare, as all of Dallas's dozens of tornado sirens were hacked to sound off at once. And it ended with a boom, as the US dropped the Moab ('Mother of All Bombs,' colloquially), a 22,600 pound bomb, for the first time. Learn about your ad choices: dovetail.prx.org/ad-choices

When the US dropped a 22,600-pound bomb near suspected ISIS tunnels in Afghanistan’s Nangarhar province on Thursday, the blast from the explosion would have rushed into the furthest reaches of the mountain complex about a mile away. The GBU-43, known as Moab—short for Massive Ordnance Air Blast, or, colloquially, Mother of All Bombs—is the largest non-nuclear, non-penetrating bomb in the US arsenal. And until now, this mother had never been used outside of a testing facility. Learn about your ad choices: dovetail.prx.org/ad-choices

It’s easy for all sides to read too much into the news tat FBI reportedly obtained a warrant to surveil former Trump foreign policy adviser Carter Page. Those convinced of Trump’s Russia ties may see validation, and proof of a grander conspiracy. Others may see this lending credence to Trump’s allegations that the Obama administration ordered illegal, politically motivated surveillance in the heat of last years’s presidential campaign. In truth, it does neither. Learn about your ad choices: dovetail.prx.org/ad-choices

Windows Vista was not a popular Microsoft release. We can just say it. Launched in 2007 (after a few delays), it was the first Windows overhaul since the well-loved XP release in 2001. Six years is a long time to make people wait, no matter how great the replacement. And Vista, well, was not great. A decade later, Microsoft's finally pulling the plug on support tomorrow. Which means, if you're somehow stuck with Microsoft's least popular operating system, it's time to move on. Like, now. Learn about your ad choices: dovetail.prx.org/ad-choices

Filing and paying taxes can be frustrating enough without the looming threat of identity theft and refund fraud. But tax scams have become so prevalent, you’ve likely received a bogus call, text message, or email in the last few years. As painful as it is to add another item on the tax to-do list this year, working to protect yourself from cons and digital attacks could really save you money and time. The scams work a few ways. Learn about your ad choices: dovetail.prx.org/ad-choices

Well, we sent 59 Tomahawk cruise missiles smack into a Syrian airbase this week. But other stuff happened too! The week started off with some clever hack revelations, including a backdoor that Russians have used for two decades, and an ATM hack that just takes a drill hole and $15 worth of gear. And some particularly industrious hackers took over a Brazilian bank's entire online footprint for a few hours. Spies got their own cool new app that you can't play with. Learn about your ad choices: dovetail.prx.org/ad-choices

On Thursday night, two US Navy warships fired 59 Tomahawk cruise missiles at a Syrian airbase after President Bashar al-Assad’s regime used chemical weapons earlier this week against civilians. For months, Donald Trump has espoused a hands-off approach to intervening in the Middle Eastern country’s six-year-long civil war, yet it took just 24 hours for the president to reverse course and launch America’s first military action against the Syrian government. Learn about your ad choices: dovetail.prx.org/ad-choices

When you lose the key to your bike lock you borrow bolt cutters. When your door is jammed you look up a locksmith. And when you need targeted surveillance of a smartphone, you call your cyberarms dealer. Naturally! For bad actors and nation states, sometimes all it takes to access someone’s private text messages, browsing history, calls, emails, calendar, location, contacts, and apps, is a big enough check. Although maybe not as big as you’d think. Learn about your ad choices: dovetail.prx.org/ad-choices

Chris Rasmussen is an evangelist, and his message is crowdsourcing. As a career analyst inside the National Geospatial-Intelligence Agency, Rasmussen’s sermons have been limited to a closed top-secret community. But this week, he’s going public with his most radical idea to date, in the form of a smartphone app for senior US intelligence officers. Learn about your ad choices: dovetail.prx.org/ad-choices

On a desert-cold, moonlit night just over two years ago, Amir Taaki stepped off the Iraqi sand into a rubber dinghy floating in the Tigris River. The boat was just wide enough to fit his compact body next to the much larger American ex-Army machine gunner sitting beside him. Learn about your ad choices: dovetail.prx.org/ad-choices

As the internet continues to limp toward better security, sites have increasingly embraced HTTPS encryption. You’ve seen it around, including here on WIRED; it’s that little green padlock in the upper lefthand corner, and it keeps outside eyes from snooping on the details of your time online. Today, the biggest porn site on the planet announced that it’s joining those secured ranks. Pornhub’s locking it down, and that’s a bigger deal than you’d think. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday, the House of Representatives voted to reverse regulations that would have stopped internet service providers from selling your web-browsing data without your explicit consent. It’s a disappointing setback for anyone who doesn’t want big telecoms profiting off of their personal data. So what to do? Try a Virtual Private Network. It won’t fix all your privacy problems, but a VPN’s a decent start. Learn about your ad choices: dovetail.prx.org/ad-choices

This article was published in partnership with The Marshall Project, a nonprofit news organization that covers the US criminal justice system. Sign up for their newsletter, or follow The Marshall Project on Facebook or Twitter. In the new cop drama APB, an Elon Musk-type billionaire engineer buys a beleaguered Chicago police precinct to avenge his buddy's murder. Learn about your ad choices: dovetail.prx.org/ad-choices

A hacker group called Turkish Crime Family says that it can access 250 million iCloud accounts, and will do so on April 7 to reset the password, locking people out of their accounts. They’ve even threatened to wipe people’s linked iPhones if Apple doesn’t pay up. And while it’s hard to tell how legitimate the threat is, their assertions make now as good a time to lock down your iCloud as ever. Learn about your ad choices: dovetail.prx.org/ad-choices

As so many of them have been lately, it was a wild week in security. Monday, FBI Director James Comey confirmed that an ongoing investigation into the Trump campaign's ties to Russia began last July. The GOP responded minutes later by charging hard against-leaks. That really set the tone! House Intelligence Committee chairman Devin Nunes added some misplaced intrigue by suggesting Trump or his associates had been caught up in surveillance, which isn't what it sounds like. Learn about your ad choices: dovetail.prx.org/ad-choices

Because you care greatly about your personal security hygiene, you’ve already enlisted two-factor authentication to help protect most of your online accounts. That’s good! Instagram, though, hasn’t given you the option. That changes today. Go get it. While Instagram had made two-factor available to a select group of users previously, the extra layer of protection is now available to all, meaning you, meaning it’s time to fiddle with some settings. Learn about your ad choices: dovetail.prx.org/ad-choices

First, the good news: Half of all Android devices have gotten fairly recent security updates, patching the hackable flaws that leave users vulnerable to digital crime and espionage. The bad news? The other half hasn’t. In an annual report on the security of the world’s 1.4 billion Android devices that Google released today, the company touts the ever-improving state of Android security. Learn about your ad choices: dovetail.prx.org/ad-choices

Barack Obama did not wiretap Trump Tower ahead of the presidentialelection. The definitive word on this came today from two people who would know: Richard Burr and Mark Warner, who leadthe Senate Select Committee on Intelligence. Of course,President Donald Trump refuses to believe this, even though it is the best news he could hope for. Learn about your ad choices: dovetail.prx.org/ad-choices

Nothing much of interest happened in the world of cybersecurity this week. Kidding! But wouldn't that be nice? If we were living in a simpler time when innocent victims weren't hit by a new, weird hack every day, and international cyberespionage wasn't undermining everything from governments to businesses to Twitter accounts? You could just argue about who won The Bachelor and move on with your life. Unfortunately, this is 2017, so naturally this week's hacks were actually completely ridiculous. Learn about your ad choices: dovetail.prx.org/ad-choices

You know not to click on links in sketchy emails. Everybody knows that. And yet, people fall for these phishing attacks all the time. Case in point: The FBI suspects a phishing email is how the Russian hackers who were indicted this week got into Yahoo. Ditto for the breach of the Democratic National Committee, and the Sony Pictures hack. In fact, there’s currently a Gmail phishing scam going around that even super savvy techies are falling for. Learn about your ad choices: dovetail.prx.org/ad-choices

Last night, a swath of Twitter accounts with large followings—including Duke University, BBC North America, Forbes, and Amnesty International—tweeted out the same message, in Turkish, that included a swastika and hashtags that translate to “Nazi Germany, Nazi Holland.” The hacked accounts, which apparently stem from increasing vitriol between Turkey and Holland, appear to have all been restored. Learn about your ad choices: dovetail.prx.org/ad-choices

On February 26th, WIRED's security reporter Andy Greenberg received an email from Sophia Tupolev, the head of communications at the security firm Beame.io, saying she'd found a security issue on WIRED.com. Tupolev's company had discovered sensitive data in the source code on many pages on our site, including obfuscated, "hashed" passwords and email addresses for current and former WIRED writers. We corrected the problem right away. Learn about your ad choices: dovetail.prx.org/ad-choices

Amid so many recent high-profile hacks and data breaches, security experts are fond of pointing out that there’s no such thing as perfect security. It’s true! But it also invites the question: Why doesn’t literally everything get hacked all the time? The answer has to do with the relative incentives and the costs of infiltrating a given network. And one of the concepts underlying that calculus is the idea of an “attack surface.” Here’s an example. Learn about your ad choices: dovetail.prx.org/ad-choices

If you’ve been feeling a little paranoid lately—like even your standing mixer may be spying on you—rest assured that Trump senior counselor Kellyanne Conway shares your struggle. On Sunday, apparently reacting to last week’s CIA WikiLeaks data dump, Conway told the Bergen Record that at this point, US citizens should consider all appliances compromised. Even their microwaves. Learn about your ad choices: dovetail.prx.org/ad-choices

This week's WikiLeaks revelations, which showed that the CIA can compromise a huge range of devices, shouldn't send you into paroxysms of fear over your smartphone. It should, though, be a solid reminder that one of the best ways to keep yourself safe from hackers is also one of the simplest: Update your gear. What allows hackers access to your devices, after all, are breakdowns and vulnerabilities in the firmware (read: operating system) that runs them. Learn about your ad choices: dovetail.prx.org/ad-choices

Of all the revelations to come out of the 9,000-page data dump of CIA hacking tools, one of the most explosive is the possibility that the spy agency can compromise Signal, WhatsApp, and other encrypted chat apps. If you use those apps, let's be perfectly clear: Nothing in the WikiLeaks docs says the CIA can do that. A close reading of the descriptions of mobile hacking outlined in the documents released by WikiLeaks shows that the CIA has not yet cracked those invaluable encryption tools. Learn about your ad choices: dovetail.prx.org/ad-choices

US intelligence agencies face a difficult task. They are supposed to provide meaningful analysis that enables officials to manage serious national security problems such as terrorism, weapons proliferation, network attacks on government infrastructure, and counterintelligence efforts. Today these are diffuse and complex threats. There are newly powerful political actors on the international stage. Organizations that are not governments and have no physical territory can inflict great harm. Learn about your ad choices: dovetail.prx.org/ad-choices

It started, like so many eruptions these days, with a tweet. Early Saturday morning, President Trump fired off a series of tweets accusing, without evidence, former PresidentBarack Obama of wiretapping Trump Tower in the month before the election. Trump compared the alleged snooping to “Nixon/Watergate,” and intimated legal action. What makes the broader allegation so extraordinary isn’t that it is new. Quite the contrary. Learn about your ad choices: dovetail.prx.org/ad-choices

It was a week of could have beens and still coulds in security. We took a long look at a plan to stop rogue drones that might work great, if it’s ever legal. We looked at how Trump should spend that extra $54 billion on defense, if he insists. And we looked at Google’s end-to-end encryption hopes for Gmail, which appear to have faded over the last three years. Oh, also, some rogue stuffed bears made a great case against the Internet of Toys. Learn about your ad choices: dovetail.prx.org/ad-choices

As governor of Indiana, Mike Pence conducted state business usinghis personal email account. An AOL account. Soof course someone hacked it. Witha phishing scam. This story offers no end of rolling punchlines, the kicker being thevitriol the vice president showed during the campaigntoward Hillary Clinton’s use of a private email server. Learn about your ad choices: dovetail.prx.org/ad-choices

In his address to Congress, President Donald Trump said he’s preparing “a budget that rebuilds the military, eliminates the Defense sequester, and calls for one of the largest increases in national defense spending in American history.” The day before the speech, White House officials said the administration planned to propose a “historic” $54 billion increase in the defense budget. Learn about your ad choices: dovetail.prx.org/ad-choices

Hacked medical devices have made scary headlines for years now. Dick Cheney ordered changes to his pacemaker to better protect it from hackers. Johnson & Johnson warned customers about a security bug in one of its insulin pumps last fall. And St. Jude has spent months dealing with the fallout of vulnerabilities in some of the company’s defibrillators, pacemakers, and other medical electronics. You’d think by now medical device companies would have learned something about security reform. Learn about your ad choices: dovetail.prx.org/ad-choices

Right now, in a vault controlled by the Los Angeles County Sheriff’s Department, there sits a 752-pound emerald with no rightful owner. This gem is the size of a mini­fridge. It weighs as much as two sumo wrestlers. Estimates of its worth range from a hundred bucks to $925 million. Eight years ago the emerald was logged into evidence by detectives Scott Miller and Mark Gayman of the Sheriff’s Major Crimes Bureau. The two men are longtime veterans: 30 years for Miller, 28 for Gayman. Learn about your ad choices: dovetail.prx.org/ad-choices