Porn shown on legitimate news sites thanks to Internet Rot


This week, Venmo took a long overdue step towards privacy by eliminating its global social feed in its latest overhaul. It’s good! Now you can no longer witness an endless stream of complete strangers sending money to each other. But privacy advocates say until Venmo makes every transaction private by default, this is still a handicap for users who may not realize that they have to dig into the settings to hide their Venmo life from others.

Amnesty International and a consortium of researchers and media organizations released a major investigation this week into the NSO group and an Israel-based spyware vendor. The report alleges that governments used NSO Group malware to spy on activists, journalists, politicians and executives; the NSO group has issued several denials. Security researchers, meanwhile, view the revelations as evidence that they need more visibility on iOS and Android to better spot attacks like this, and prevent them from moving forward.

In another global team this week, countries around the world detailed years of aggressive hacking behavior by China, including indictments from the US Department of Justice. While China has historically focused on espionage, its growing dependence on criminal entrepreneurs in recent years led to more reckless campaigns.

Speaking of recklessness, remember that Absurdly widespread ransomware attack who knocked at the beginning of the month? A little less than three weeks later, the IT management company Kaseya has finally got her hands on a universal decryption tool, which means that all victims who had not yet recovered their data through backups or other means can finally breathe easy. At least until the next ransomware alert. We have also took a look at Space Jam: a new legacy and the bad lessons it’s teaching AI to young people.

And there’s more. Each week, we put together all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.

A very good take by Motherboard and the Twitter user @dox_gay this week: news sites like The Washington Post, new York magazine and, more importantly, inadvertently displayed pornography on older pages. (And yes, that includes a handful of old WIRED stories.) The culprit? A video platform called Vidme that operated from 2014 to 2017, the domain of which has since been purchased by an adult site called 5 Star Porn HD. Webpages that had a built-in Vidme player from when the service was viable started showing thumbnails of graphic sexual content instead of whatever was originally there. As Motherboard also notes, this is a funny example of a serious problem: the decaying infrastructure of the Internet as a whole.

Chromebook owners may have found themselves unable to connect to their devices this week. A bug introduced in a recent update caused cloud-based laptops to not accept passwords on the login screen, leaving users locked out indefinitely. Not great! But what makes it even worse is that the bug apparently boils down to one small typo. Some Chrome OS programmers left out an “&” somewhere in a conditional statement, none of their colleagues caught it, and chaos ensued. Google quickly pulled the wrong update and a fix is ​​being rolled out, but that’s of little comfort to Chromebook owners who have been affected.

Twitter this week revealed that very, very, very, very, very few of its users are actually taking advantage of two-factor authentication. Only 2.3%, to be precise. This is not great! Two factors can’t stop every attack, but it provides a huge security upgrade for little additional hassle, on a platform that regularly experiences account takeover outbreaks. You can even use an authenticator app in the place of your phone number, an even more secure and easier to manage method. If you are among the 97.7% of active Twitter users who do not use the double factor, please take 90 seconds of your day to set it up.

Remember how we just said that China has historically focused on espionage? It is still true. But a troubling FBI and Department of Homeland Security alert this week indicates that hackers across the country have at least considered more disruptive attacks. From around 2011 to 2013, they surveyed nearly two dozen US pipeline companies, and not just for intellectual property. “This activity was ultimately intended to help China develop cyberattack capabilities against US pipelines to physically damage pipelines or disrupt pipeline operations,” the alert said. This is the kind of behavior you have come and wait from Russia or hooligans ransomware, but less China. Fortunately, the incidents go back years; the hope is that he does not revisit those plans.


More great WIRED stories





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *