Security

Your daily briefing on security, freedom, and privacy in the technology world.

Each year since 2011, the security firm SplashData has released a list of the most commonly used passwords, based on caches of leaked account credentials. The annual list, intended as a reminder of humanity’s poor password practices, always includes predictable entries like “abc123,” “123456,” and “letmein.” But one entry, finishing in the top 20 every
0 Comments
In February, the ACLU of Massachusetts released a damning report detailing prejudice in social media surveillance efforts by the Boston Police Department (BPD). The report revealed that between 2014 and 2016, the BPD had tracked keywords on Facebook and Twitter in an effort to identify potential terrorist threats. The BPD labeled as “Islamist extremist terminology”
0 Comments
Facebook profiles have become the de-facto identities of people across the internet. This is thanks, in large part, to Login With Facebook, the social network’s universal login API, which allows users to carry their profile information to other apps and websites. You’ve probably used it to log in to services like Spotify, Airbnb, and Tinder.
0 Comments
On Tuesday, about 250 people gathered in the event space of Cloudflare’s San Francisco headquarters for an unusual security conference—or, perhaps more accurately, one that aimed to modernize the longstanding tradition in security of creating alternative, transgressive gatherings. The one-day Our Security Advocates event offered a counterpoint to the monolithic approach of large, prominent security
0 Comments
Have you used a friend’s laptop to charge your iPhone and gotten a prompt that says, “Trust This Computer?” Say yes, and the computer will be able to access your phone settings and data while they’re connected. And while it doesn’t feel like your answer really matters—your phone will charge either way—researchers from Symantec warn
0 Comments
In September, security researchers at Cisco Talos and Morphisec made a worst nightmare-type disclosure: the ubiquitous computer cleanup tool CCleaner had been compromised by hackers for more than a month. The software updates users were downloading from CCleaner owner Avast—a security company itself—had been tainted with a malware backdoor. The incident exposed millions of computers
0 Comments
In recent months, even established industry standards like Bluetooth and WPA2 Wi-Fi have been shown to have vulnerabilities and flaws. But as impactful and potentially damaging as these revelations have been, some wireless communication technologies have their own alarming risks—precisely because the industry hasn’t yet agreed on how to architect and implement them. Among those
0 Comments
The adult website Pornhub has of late taken pride in being something of a pioneer. A year ago, it implemented HTTPS encryption, making it safer for users to click without being snooped on. Last fall, it introduced a suite of accessibility features for its blind and visually impaired users. And Tuesday, it began accepting Verge,
0 Comments
Today, the White House confirmed that cybersecurity coordinator Rob Joyce will head back to the National Security Agency, where he previously ran the nation’s top hacking team. His departure comes just a week after Tom Bossert, Trump’s cybersecurity czar and Joyce’s boss, was forced out—and leaves the administration without two trusted voices on one of
0 Comments
The bulk of major corporate hacks follow time-tested strategies, like phishing emails that trick employees into giving up their credentials, or hackers exploiting a bug in a web portal. While effective, these strategies also open an attacker to early detection. So increasingly, hackers have taken the scenic route—through the Internet of Things. Vulnerabilities in internet-connected
0 Comments
It was the week of Zuck. As Facebook founder and CEO Mark Zuckerberg slogged through more than 10 hours of testimony in front of two different Congressional committees, privacy and security advocates were listening for anything they could glean about how Facebook manages data, implements privacy protections, and helps users make informed choices—or doesn’t. Neither
0 Comments