Security News This Week: The Deloitte Breach Was Worse Than We Thought

Big breaches of Deloitte, Sonic, and Whole Foods dominated this week's security news.

from
https://www.wired.com/story/security-news-of-the-week-deloitte-sonic-whole-foods-breach

How Good Are Equifax's Identity Protection Offerings?

After its massive data breach and bungled initial response, Equifax is offering a free set of tools to protect your identity, but they have limits.

from
https://www.wired.com/story/equifax-identity-protection-offerings

Critical EFI Code in Millions of Macs Isn't Getting Apple's Updates

Researchers dug into the deep-seated, arcane code in Apple machines known as EFI, and found it's often dangerously neglected.

from
https://www.wired.com/story/critical-efi-code-in-millions-of-macs-is-not-getting-apple-updates

Feds Monitoring Social Media Does More Harm Than Good

As the Department of Homeland Security takes a closer look at social media accounts, experts caution that it likely won't even accomplish much.

from
https://www.wired.com/story/dhs-social-media-immigrants-green-card

Jared Kushner Registered To Vote As a Woman

In the latest of several paperwork mishaps, the President's senior advisor and son-in-law registered to vote in New York with the wrong gender.

from
https://www.wired.com/story/jared-kushner-voter-registration-woman

How One Syrian Fought to the Death for a Free Internet

Basel Khartabil hoped the internet would lead to a flowering of freedom and openness in Syria. Then he was arrested and imprisoned by the Assad regime.

from
https://www.wired.com/story/how-one-syrian-fought-to-the-death-for-a-free-internet

Signal Has a Fix for Apps' Contact-Leaking Problem

The private messenger is testing an Intel-chip feature that could let apps check your phone's contact list—and then provably forget it.

from
https://www.wired.com/story/signal-contact-lists-private-secure-enclave

BlueParrott convertible C400-XT Bluetooth headset

There was once a time when Bluetooth headsets were all the rage — and that was close to two decades ago. Phones were just that, phones, and there was no such thing as a modern day smartphone with a full touchscreen display, although it well on its way to the existing smartphone design with the advent of the Palm treo and its ilk. Nokia ruled the roost back then, and a hands-free headset was something that was fast catching on, with more and more people being able to afford mobile phones. A Bluetooth headset was considered to be something of a luxury, a fashion statement even. Fast forward to today, and Bluetooth headsets have not deviated from its function, and rarely from its form. Enter BlueParrott’s C400-XT Bluetooth headset.

The C400-XT convertible intends to turn heads in the same way that a true convertible on the road does. This is a premium quality Bluetooth headset, where it boasts of a flexible choice when it comes to wearing styles, is IP rated water resistant and also works great even when the mercury drops to levels that require more than just a single layer of summer clothing. Specially designed to meet the needs of professionals on-the-go, it also features noise cancellation technology, enabling users to take calls while they are on-the-move without missing a beat.

The C400-XT has also been engineered to best fit the mobile worker’s hectic lifestyle, thanks to the availability of customizable wearing options. In other words, you can opt to wear the headset on either ear, around a hat, or choose from one of the two behind-the-neck options. The headset itself is able to stand up to the rigors of real-world use, and also sports VoiceControl — giving it the ability to receive calls or ignore them in a totally hands-free manner. Available from early this October onwards, the BlueParrott convertible C400-XT Bluetooth headset will retail for $139.99.

Press Release

[ BlueParrott convertible C400-XT Bluetooth headset copyright by Coolest Gadgets ]

from
http://www.coolest-gadgets.com/20170924/blueparrott-convertible-c400xt-bluetooth-headset/

Trump DOJ Nominee Jon Adler Pushed Scientology-Based Detox Program

Sitting on the Heroes Health Fund advisory board, Jon Adler helped promote Scientology founder L. Ron Hubbard's controversial "detoxification" program.

from
https://www.wired.com/story/doj-nominee-jon-adler-heroes-health-fund

Cloudflare's Unlimited DDoS Protection Won't Kill Off Botnets For Good

Cloudflare's unlimited DDoS protection should help the internet, but its broader ambitions of killing off DDoS for good remain out of reach.

from
https://www.wired.com/story/cloudflare-unmetered-mitigation-ddos-attacks

All the Ways Equifax Epically Bungled Its Breach Response

The Equifax breach that potentially exposed the personal information of 143 million people was bad. The company's response has almost been worse, if that's even possible.

from
https://www.wired.com/story/equifax-breach-response

Hackers Break Into the SEC, DHS Tells 21 States Russian Hackers Targeted Them, and More Security News This Week

An SEC hack, a Russian dark web takedown, and more security news this week.

from
https://www.wired.com/story/security-news-this-week-hackers-broke-into-the-sec-a-year-ago

I Helped Create Facebook's Ad Machine. Here's How I'd Fix It

Facebook finally laid out some changes to its ad platform. But a former employee who built it shares his own ideas on how to fix the Russia problem.

from
https://www.wired.com/story/i-helped-create-facebooks-ad-machine-heres-how-id-fix-it

Don't Rely On an Unlock Pattern To Secure Your Android Phone

A new study found test subjects could mostly spot the patterns from five or six feet away on the first try.

from
https://www.wired.com/story/android-unlock-pattern-or-pin

Why Google Play Store Malware Is So Hard To Stop

A rash of malware hit the Google Play store this summer. And while Google has taken big steps to improve Android security, there's no clear end in sight.

from
https://www.wired.com/story/google-play-store-malware

Twitter Will Meet With Senate Intelligence Committee on Russia

For the first time, a social media company will provide answers in a public hearing about Russian efforts to swing the 2016 presidential election.

from
https://www.wired.com/story/twitter-senate-committee-russia-bots

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms

The backdooring of security software CCleaner now appears to have been more of a targeted spying operation than a mere cybercrime scheme.

from
https://www.wired.com/story/ccleaner-malware-targeted-tech-firms

A WikiLeaks Russia Dump Reveals Just Enough—But Not Too Much

This week, WikiLeaks turned its sites on Russia—and while it didn't reveal much, something beats nothing at all.

from
https://www.wired.com/story/wikileaks-spy-files-russia

New Group of Iranian Hackers Linked to Destructive Malware

A suspected Iranian government hacking team known as APT33 may be planting computer-killing code in networks around the world.

from
https://www.wired.com/story/iran-hackers-apt33

Donald Trump’s United Nations Speech Stokes North Korea Tensions

At the United Nations Tuesday, Donald Trump's incendiary North Korea remarks pushed the word even further from a peaceful outcome.

from
https://www.wired.com/story/donald-trump-united-nations-north-korea

Why Many Deaf Prisoners Can’t Phone Home

States rely on faulty, outdated technology, and resist efforts to use videophones.

from
https://www.wired.com/story/why-many-deaf-prisoners-cant-phone-home

CCleaner Malware Shows Software's Serious Supply-Chain Security Problem

Hackers have targeted software's supply chain in three high profile attacks discovered over the summer.

from
https://www.wired.com/story/ccleaner-malware-supply-chain-software-security

Feds Give Kaspersky Security Products the Boot, and Other Security News This Week

Kaspersky, Apple, and more of the week's top security news.

from
https://www.wired.com/story/kaspersky-security-news

Apple's Differential Privacy Protections Fall Short, Study Says

Apple has boasted of its use of a cutting-edge data science known as "differential privacy." Researchers say they're doing it wrong.

from
https://www.wired.com/story/apple-differential-privacy-shortcomings

The Equifax Breach Was Entirely Preventable

A patch that would have prevented the devastating Equifax breach had been available for months. There's no excuse for that.

from
https://www.wired.com/story/equifax-breach-no-excuse

Apple’s FaceID Could Be a Powerful Tool for Mass Spying

Opinion: The new facial recognition technology could be the next frontier for surveillance.

from
https://www.wired.com/story/apples-faceid-could-be-a-powerful-tool-for-mass-spying

Turn Bluetooth Off When You're Not Using It

In light of the latest Bluetooth-related security meltdown, a friendly PSA.

from
https://www.wired.com/story/turn-off-bluetooth-security

Twitter Didn't Suspend Hope Hicks

Conservatives are in arms over Twitter's suspension of Hope Hicks' Twitter. There's only one problem.

from
https://www.wired.com/story/hope-hicks-twitter-suspended

How the US Can Counter Threats from DIY Weapons and Automation

Opinion: The government must address security threats from DIY weapons and autonomous vehicles.

from
https://www.wired.com/story/how-the-us-can-counter-threats-from-diy-weapons-and-automation

How Secure Is the iPhone X's FaceID? Here's What We Know

The iPhone X replaces TouchID with FaceID. Here's what kind of security trade-off you can expect.

from
https://www.wired.com/story/iphone-x-faceid-security

How to Stop the Next Equifax-Style Megabreach—Or At Least Slow It Down

The Equifax breach wasn't the first mega-breach. But there are some steps that could help make it the last.

from
https://www.wired.com/story/how-to-stop-breaches-equifax

Apple’s iOS 11 Will Make It Even Harder for Cops to Extract Your Data

Apple has added two features that could make the lives of law enforcement investigators significantly more difficult.

from
https://www.wired.com/story/apples-ios-11-will-make-it-even-harder-for-cops-to-extract-your-data

Security News This Week: Germany's Election Software Is Dangerously Hackable

Plus researchers revealed a technique called "DolphinAttack" that could allow hackers to silently "speak" to nearby voice assistants.

from
https://www.wired.com/story/security-roundup-germany-election-software-is-hackable

The Equifax Breach Exposes America's Identity Crisis

It's time to rethink the Social Security number's ubiquity.

from
https://www.wired.com/story/the-equifax-breach-exposes-americas-identity-crisis

Facebook May Have More Russian Troll Farms to Worry About

The Internet Research Agency, which appears to have purchased thousands of bogus political ads on Facebook, may be defunct, but its work may not be done.

from
https://www.wired.com/story/facebook-may-have-more-russian-troll-farms-to-worry-about

Hack Brief: Patch Your Android Phone To Block An Evil ‘Toast’ Attack

Google has released a fix against a devious new form of "overlay" attack against Android phones.

from
https://www.wired.com/story/hack-brief-patch-your-android-phone-to-block-an-evil-toast-attack

The Equifax Breach: Here’s How to Protect Yourself

Don't panic, but start watching your credit report and financial accounts *very* closely.

from
https://www.wired.com/story/how-to-protect-yourself-from-that-massive-equifax-breach

Why It’s So Easy to Hack Cryptocurrency Startup Fundraisers

Hackers, scammers, and the security threats surrounding Initial Coin Offerings

from
https://www.wired.com/story/why-its-so-easy-to-hack-cryptocurrency-startup-fundraisers

The DNC’s Technology Chief is Phishing His Staff. Good.

Uber's former head of self-driving cars is now driving the DNC's tech team, hoping to help the shattered organization recover from one of the worst tech fails in history.

from
https://www.wired.com/story/the-dncs-technology-chief-is-phishing-his-staff-good

Hackers Gain ‘Switch-Flipping’ Access to US Power Systems

Hackers who hit American utilities this summer had the power to cause blackouts, Symantec says. And yes, most signs point to Russia.

from
https://www.wired.com/story/hackers-gain-switch-flipping-access-to-us-power-systems

One State's Bail Reform Exposes the Promise and Pitfalls of Tech-Driven Justice

In its quest to eliminate bail, New Jersey has turned to tech tools that speed up the process of deciding who does and doesn't await trial behind bars.

from
https://www.wired.com/story/bail-reform-tech-justice

Hands on the Cisco 3504 WLC

Not only are WLCs not dead, they’re not even on life support. Continued investment into the WLC platform is a clear indicator that there are still several use cases for centralized data, control, and management plane functions. Cisco has a long heritage of building awesome Wireless LAN Controllers (WLCs) and the 3504 is the next in a long line of purpose built WLCs. If you’re familiar with the Cisco WLC portfolio, the 5520 and 8540 WLCs are basically UCS based appliances with hardware offloading cards added in. The 3504 returns to the heritage of a ‘from the ground up’ design of a purpose built desktop WLC solution and it’s aimed pretty squarely at the aging 2504 and 5508 platforms. As many people are moving forward with 802.11ac deployments, a look at your infrastructure controller may be warranted.

Without going into the details that are readily available on the data-sheet, I’ll instead focus on one or two key items of the platform that I find the most compelling.

1) Feature parity. This WLC marks the first time the entry level boxes have feature parity with the larger WLCs. If you peruse any of the release notes, you’ll see a list of exceptions for various platforms especially on the low end. The 3504 was launched out of the gate expecting to support all of the features of the 5520 & 8540 making the differences between the three platforms strictly speeds, feeds, and capacity. This should be a comfort to those that regularly struggle with the feature gap in the Cisco WLC portfolio.

2) Quiet operation. Let’s be honest, there are more than a few deployments where the equipment is sitting table top or on a cabinet out in the open somewhere. The 3504 supports ‘fan off’ operation at temperatures up to 86 F (30 C). For the overwhelming majority of situations, it’s difficult to get up to 86 degrees and maintain it with any level of comfort. This basically means that for most deployments, you’ll never hear a sound coming out of the WLC – even if it’s in your home lab.

3) mGig support. Multigigabit (or NBASE-T) is becoming more and more prevalent on switching infrastructure and this marks the first time we can break the 1G link speed on the infrastructure side without having to deploy a full on 10G infrastructure. Those of you that read my posts regularly may recall that I’m a fan of being able to deploy solutions that break the 1G barrier on my existing copper runs. This was commonly APs but if you’ve been investing in the latest and greatest and ignoring the FUD about not needing mGig, this is another opportunity to leverage that investment.

All of these coupled together mean that you can get a quite elegant solution for most any environment now that we’re able to breath some life into the low end of the Cisco WLC portfolio. The 3504 is a notable improvement on the hardware and scale of the 2504 but don’t let it’s ‘desktop friendliness’ fool you – if you’re a 5508 customer today, there are going to be tons of places where ‘stepping down’ into a 3504 makes really great sense. With the rack mount kit available for it, you could easily put two 3504s in HA/SSO mode in 1RU and have all of the same features as the 5508 with a bit less capacity. Regardless of your current deployment, you really should make sure you take a peek at the 3504 as you’re considering lifecycle management of your gear.

Disclaimer: I was provided a 3504 from Cisco as part of an early field trial and formed my opinions on my own. This post is my original work and I composed it without an expectation from Cisco.

from
https://sc-wifi.com/2017/09/04/hands-on-the-cisco-3504-wlc/

Why the US Government Shouldn't Ban Kaspersky Security Software

Opinion: The US government's decision to remove a promising security technology from its arsenal could impair free trade.

from
https://www.wired.com/story/why-the-us-government-shouldnt-ban-kaspersky-security-software

What Is DNS Hijacking?

A recent attack on WikiLeaks illustrates a vulnerability deep in the routing system of the internet itself.

from
https://www.wired.com/story/what-is-dns-hijacking

North Korea's Nuke Test Reveals Terrifying Capabilities

The Hermit Kingdom conducted its most powerful underground test yet, stoking tensions in an already very strained situation.

from
https://www.wired.com/story/north-koreas-nuke-test-reveals-terrifying-capabilities

Trump's Cybersecurity Executive Order Gets Off To a Slow Start

After several missed deadlines, Trump's cybersecurity executive order has gotten off to a slow start.

from
https://www.wired.com/story/trump-cybersecurity-executive-order

The Secret History of FEMA

As the federal disaster agency dives into hurricane Harvey cleanup, its weird Cold War legacy remains hidden—and relevant.

from
https://www.wired.com/story/the-secret-history-of-fema

Android Oreo's Security Improvements Will Have a Lasting Impact

The security improvements in Android Oreo will have impacts beyond this one release.

from
https://www.wired.com/story/android-oreo-security-improvements