The Worst Hacks of 2018: Marriott, Atlanta, Quora, and More

From the Marriott and Facebook meltdowns to state-sponsored assaults, 2018 was an eventful year for cybercrime.

from
https://www.wired.com/story/worst-hacks-2018-facebook-marriott-quora

The Most Dangerous People on the Internet in 2018: Trump, Zuck and More

From Donald Trump to Russian hackers, these are the most dangerous characters we've been watching online in 2018.

from
https://www.wired.com/story/most-dangerous-people-on-internet-2018

We’re all Just Starting to Realize the Power of Personal Data

This year revealed consumers have a lot more to learn about what happens to their information online.

from
https://www.wired.com/story/2018-power-of-personal-data

The Most-Read Security Stories of 2018

This year saw the most devastating cyberattack in history, a gang of teen hackers, and so much Mueller news.

from
https://www.wired.com/gallery/the-most-read-security-stories-of-2018

Pan Am Flight 103: Robert Mueller’s 30-Year Search for Justice

In December 1988 a bomb downed a Pan Am jet, leaving 270 dead. It was the first mass killing of Americans by terrorists. As the head of the Justice Department’s criminal division, Robert Mueller oversaw the case. And for him, it was personal.

from
https://www.wired.com/story/robert-muellers-search-for-justice-for-pan-am-103

Privacy Law Showdown Between Congress and Tech Looms in 2019

Lawmakers spend the better part of 2018 talking tough to tech companies. Now the pressure is on for Congress to act.

from
https://www.wired.com/story/privacy-law-showdown-congress-2019

How China Helped Make the Internet Less Free in 2018

Tech companies, democratic governments, and civil society need to work together to fight back against growing surveillance and censorship online.

from
https://www.wired.com/story/internet-freedom-china-2018

Cryptojacking Took Over the Internet in 2018

Move over, ransomware. Cryptojacking is officially the scourge of the internet.

from
https://www.wired.com/story/cryptojacking-took-over-internet

A NASA Hack, a PewDiePie Fan, and More Security News

Amazon sends Echo recordings to the wrong person, Russians tried to get US Treasury dirt on Clinton donors, and more of the week's top security news.

from
https://www.wired.com/story/hackers-hit-nasa-before-the-holidays

In Project Maven's Wake, the Pentagon Seeks AI Tech Talent

The Defense Department wants to use AI in warfare. In the aftermath of Project Maven, it still needs Big Tech’s help.

from
https://www.wired.com/story/inside-the-pentagons-plan-to-win-over-silicon-valleys-ai-experts

How China’s Elite Spies Stole the World’s Secrets

A new Justice Department indictment outlines how Chinese hackers allegedly compromised data from companies in a dozen countries in a single intrusion.

from
https://www.wired.com/story/doj-indictment-chinese-hackers-apt10

Hacking Diplomatic Cables Is Expected. Exposing Them Is Not

Spies try to access government communications all the time. But an incident this week tested the limits of what happens when those compromises get discovered.

from
https://www.wired.com/story/eu-diplomatic-cable-hacks-area-one

A Devious Phishing Scam Targets Apple App Store Customers

Be on the lookout for emails that claim to be from the App Store.

from
https://www.wired.com/story/apple-app-store-phishing-scam

What the US Can Learn from Israel and China's Collaboration

Opinion: What we can learn from Israel's surprising technological ties with with China.

from
https://www.wired.com/story/why-the-us-needs-to-engage-china-on-tech

The Iran Hacks Cybersecurity Experts Feared May Be Here

An uptick in potentially Iran-related hacking since the nuclear deal collapsed spells trouble for the US and allies.

from
https://www.wired.com/story/iran-hacks-nuclear-deal-shamoon-charming-kitten

Amnesty Report: Twitter Abuse Toward Women Is Rampant

Frustrated by Twitter's silence on abuse against women, Amnesty International crowdsourced its own data and found that the platform was especially toxic for black women.

from
https://www.wired.com/story/amnesty-report-twitter-abuse-women

Russia Targeted Black Americans, Exploiting Racial Tensions

A new report documents how the Internet Research Agency had a much more sustained, deliberate focus on black Americans.

from
https://www.wired.com/story/russia-ira-target-black-americans

How Instagram Became the Russian IRA's Go-To Social Network

A Senate report finds that Russia's Internet Research Agency was far more active, and more successful, on Instagram in 2017 than on Facebook or Twitter.

from
https://www.wired.com/story/how-instagram-became-russian-iras-social-network

How Russian Trolls Used Meme Warfare to Divide America

A new report for the Senate exposes how the IRA used every major social media platform to target Americans before and after the 2016 election.

from
https://www.wired.com/story/russia-ira-propaganda-senate-report

Facebook or YouTube Down? What We All Do When Sites Crash

What happens when Instagram glitches or Slack stalls? Spoiler: We don’t log off—we just scurry off to different (sometimes darker) corners of the web.

from
https://www.wired.com/story/what-we-do-when-facebook-youtube-crash

A Complete Guide to All 17 (Known) Trump and Russia Investigations

The investigation in to Russian interference and Donald Trump has sprung so many offshoots, it's hard to keep track. Here's a comprehensive list. It's long.

from
https://www.wired.com/story/mueller-investigation-trump-russia-complete-guide

Taylor Swift's Facial Recognition, the Year's Worst Passwords, and More Security News This Week

Chinese hackers targeting the Navy, charity scammers, and more security news this week.

from
https://www.wired.com/story/taylor-swift-facial-recognition-security-roundup

Facebook Exposed 6.8 Million Users' Photos to Cap Off a Terrible 2018

In the latest in its long string of 2018 incidents, Facebook let developers access the private photos of millions of users.

from
https://www.wired.com/story/facebook-photo-api-bug-millions-users-exposed

At a New York Privacy Pop-Up, Facebook Sells Itself

The one-day pop-up kiosk is meant to show that Facebook takes users’ privacy concerns seriously. It also was an opportunity to gather more data.

from
https://www.wired.com/story/facebook-nyc-privacy-pop-up

Nationwide Bomb Threats Look Like New Spin on an Old Bitcoin Scam

Apparent bitcoin scammers caused chaos across the US Thursday, radically escalating longstanding tactics.

from
https://www.wired.com/story/bomb-threats-bitcoin-scam

Facebook Bug Bounty Makes Biggest Payout Yet

Despite Cambridge Analytica and a damaging hack, Facebook's bug bounty program offers a bright spot.

from
https://www.wired.com/story/facebook-bug-bounty-biggest-payout

9 Trumpworld Figures That Should Fear Mueller the Most

After Michael Cohen's sentencing, plenty more people and entities in Trump's orbit potentially sit in the special counsel's crosshairs.

from
https://www.wired.com/story/mueller-investigation-targets-cohen-sentencing

If China Hacked Marriott, 2014 Marked a Full-on Assault

It increasingly appears that China was behind the Marriott hack, making 2014 a landmark year in cyberattacks against the US.

from
https://www.wired.com/story/marriott-hack-china-2014-opm-anthem

Google+ Exposed Data of 52.5 Million Users and Will Shut Down in April

A month after Google had already decided to shut down Google+, a new bug made its problems much, much worse.

from
https://www.wired.com/story/google-plus-bug-52-million-users-data-exposed

Quora Hacked, Moscow Ransomware, and More Security News This Week

China accusations, Eastern European bank heists, and more of the week's top security news.

from
https://www.wired.com/story/quora-hack-china-marriott-security-news

Manafort and Cohen Sentencing Documents Put Donald Trump in Spotlight

The Mueller investigation has a long way to go, but the worst case scenario seems increasingly likely.

from
https://www.wired.com/story/manafort-cohen-sentencing-trump-mueller-investigation-worst-case-scenario

Australia's Encryption-Busting Law Could Impact the World

Australia has passed a law that would require companies to weaken their encryption, a move that could reverberate globally.

from
https://www.wired.com/story/australia-encryption-law-global-impact

Data Breaches: The Complete WIRED Guide

Everything you ever wanted to know about Equifax, Mariott, and the problem with social security numbers.

from
https://www.wired.com/story/wired-guide-to-data-breaches

This Company Wants to Use the Blockchain to Stop Phishing

MetaCert has classified 10 billion URLs as either safe, a suspected source of phishes, or unknown.

from
https://www.wired.com/story/this-company-wants-blockchain-stop-phishing

14 Questions Robert Mueller Knows the Answer To

The Russia investigation's known unknowns give valuable hints about the special counsel's next moves.

from
https://www.wired.com/story/robert-mueller-trump-russia-unanswered-questions

GOP Email Hack Shows How Bad Midterm Election Meddling Got

Election-related hacking during the midterm season seemed fairly muted, but it turns out that the National Republican Congressional Committee suffered a major breach.

from
https://www.wired.com/story/nrcc-email-hack-midterm-election-meddling

Foreign Trolls Are Targeting Veterans on Facebook

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud.

from
https://www.wired.com/story/trolls-are-targeting-vets-on-facebook

Nonprofits on Facebook Get Hacked—Then They Really Need Help

Facebook is an enormous platform for charitable giving, but some nonprofit leaders say there aren’t enough resources when something goes wrong.

from
https://www.wired.com/story/nonprofits-facebook-get-hacked-need-help

How Would NYC's Anti-AirDrop Dick Pic Law Even Work?

The bill's sponsors want cyber flashers to face the same consequences as their offline counterparts, but there are technical and legal hurdles.

from
https://www.wired.com/story/nyc-anti-airdrop-dick-pic-law

New Scam Apps Take Advantage of iPhone Touch ID

Touch ID is seamless, which makes it great for unlocking your phone—and for App Store scammers.

from
https://www.wired.com/story/iphone-touch-id-scam-apps

iTunes Doesn't Encrypt Downloads—on Purpose

While HTTPS has made the web at large a much safe place, Apple has chosen to forgo it for iTunes and App Store downloads.

from
https://www.wired.com/story/itunes-downloads-https-encryption

A Dunkin' Donuts Hack, a Fake FedEx Site, and More Security News This Week

Scam centers, exposed massage company data, and more of the week's top security news.

from
https://www.wired.com/story/dunkin-donuts-hack-fake-fbi-fedex-site-security-news

Why a Hacker Exploited Printers to Make PewDiePie Propaganda

An anonymous hacker has claimed credit for the prank, which is part of an ongoing YouTube subscriber feud.

from
https://www.wired.com/story/pewdiepie-printers-propaganda-hack-brief

The Marriott Hack: How to Protect Yourself

Up to 500 people's personal information has been stolen in a Marriott hack that lasted four years, one of the biggest breaches yet.

from
https://www.wired.com/story/marriott-hack-protect-yourself

Deputy AG Rod Rosenstein Is Still Calling for an Encryption Backdoor

At a cybercrime conference Thursday, Rod Rosenstein once again decried "going dark."

from
https://www.wired.com/story/rod-rosenstein-encryption-backdoor

Mueller: Cohen Lied About Trump Organization's Moscow Project

Trump's former lawyer has testified that the Trump Organization pursued a real estate deal with Moscow deep into the 2016 presidential campaign.

from
https://www.wired.com/story/michael-cohen-guilty-plea-muller-trump-moscow

The US Leans on Private Firms to Expose Foreign Hackers

Opinion: The government needs to step up in calling out cyber-attackers. Otherwise, we risk playing into their hands.

from
https://www.wired.com/story/private-firms-do-government-dirty-work

DOJ Indicts 2 Iranian Hackers for Harmful SamSam Ransomware

A string of attacks hobbled the city of Atlanta, multiple hospitals, and more. The feds now think they know who did it.

from
https://www.wired.com/story/doj-indicts-hackers-samsam-ransomware

Russian Hackers Haven't Stopped Probing the US Power Grid

Researchers warn that utilities hackers don't need to cause blackouts to do damage.

from
https://www.wired.com/story/russian-hackers-us-power-grid-attacks

Special Counsel Robert Mueller's Endgame May Be in Sight

Recent developments in the special counsel investigation show indicate that things are about to heat up.

from
https://www.wired.com/story/manafort-mueller-russia-investigation-endgame

Amazon Exposes Emails, Insurance Company Surveillance, and More Security News This Week

A USPS data leak, Windows passwords go bye-bye, and more security news this week.

from
https://www.wired.com/story/amazon-wont-say-how-many-customer-emails-it-exposed-security-roundup

Turn Off Siri on Your Lock Screen for Better iOS Security

Every new version of iOS seems to bring with it a fresh lock screen bypass. Head the next one off by shushing Siri on your lock screen.

from
https://www.wired.com/story/turn-off-siri-lock-screen-attacks

Rowhammer Data Hacks Are More Dangerous Than Anyone Feared

Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.

from
https://www.wired.com/story/rowhammer-ecc-memory-data-hack

Russia's Fancy Bear and Cozy Bear Hackers May Have New Phishing Tricks

Two new reports show an uptick in sophisticated phishing attacks originating from—where else—Russia.

from
https://www.wired.com/story/russia-fancy-bear-hackers-phishing

5 New Nonlethal Weapons the Defense Department Is Developing

The US Department of Defense's Joint Non-Lethal Weapons Program is testing a new arsenal powered by lasers, plasma, chemical irritants, and more.

from
https://www.wired.com/story/ingredients-powering-defense-department-new-nonlethal-weapons

Beware Black Friday Scams Lurking Among the Holiday Deals

Cybercriminals are always looking to steal your credit card or even your identity. But it pays to be on extra high alert come Black Friday.

from
https://www.wired.com/story/black-friday-scams

Hackers Hit Make-A-Wish Website With Cryptojacking Scheme

Cryptojacking officially knows no bounds.

from
https://www.wired.com/story/make-a-wish-website-cryptojacking-hack

Using Airport and Hotel Wi-Fi Is Much Safer Than It Used to Be

You were right not to trust hotel and airport Wi-Fi a few years ago. But these days, it's (probably) fine.

from
https://www.wired.com/story/hotel-airport-wifi-safe

Julian Assange Charges, Japan's Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.

from
https://www.wired.com/story/japans-top-cybersecurity-official-has-never-used-a-computer

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.

from
https://www.wired.com/story/deepmasterprints-fake-fingerprints-machine-learning

Surveillance Kills Freedom By Killing Experimentation

When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral.

from
https://www.wired.com/story/mcsweeneys-excerpt-the-right-to-experiment

The Mueller Investigation May Be Safe Despite Matt Whitaker

Robert Mueller's work as special counsel may seem imperiled by the acting attorney general, but there's plenty of reason for optimism.

from
https://www.wired.com/story/mueller-probe-matthew-whitaker-midterms

Mozilla Lists Easy-to-Hack Devices in Annual Gift Idea Guide

In its second annual “Privacy Not Included” guide, the nonprofit highlights internet-connected gifts that value your privacy—and the ones that may not.

from
https://www.wired.com/story/mozilla-privacy-not-included-internet-connected-toys

DARPA's Hail Mary Plan to Restart a Hacked US Electric Grid

On tiny Plum Island, DARPA stages a real-life blackout to put its grid recovery tools to the test.

from
https://www.wired.com/story/black-start-power-grid-darpa-plum-island

Why Google Internet Traffic Rerouted Through China and Russia

For two hours Monday, Google internet traffic rerouted through China, Russia, and elsewhere. Here's why.

from
https://www.wired.com/story/google-internet-traffic-china-russia-rerouted

The US Didn’t Sign the Paris Call for Trust and Security in Cyberspace

Corporations have taken the lead over nations on governing the internet: The initiative might not have counted the US as a signatory, but did include Microsoft, Facebook, Google, and others.

from
https://www.wired.com/story/paris-call-cybersecurity-united-states-microsoft

The US Is the Only Country Where There Are More Guns Than People

The US has worst rate of gun violence among all developed countries, and still we fail to regulate.

from
https://www.wired.com/story/guns-in-america-five-charts

How to Safely and Securely Dispose of Your Old Gadgets

Keep your data private and the environment protected.

from
https://www.wired.com/story/gadget-disposal-safe-secure

A Phony Elon Musk Scam, Foreign Malware Samples, and More Security News This Week

Compromised crypto, flawed SSDs, and more of the week's top security news.

from
https://www.wired.com/story/fake-elon-musk-twitter-scam-security-news

Sue Gordon: Silicon Valley Should Work With the Government

In an expansive on the record interview with WIRED, principle deputy director of national intelligence made her pitch for public-private partnerships.

from
https://www.wired.com/story/sue-gordon-us-intelligence-public-private-google-amazon

A DJI Bug Exposed Drone Photos and User Data

Researchers found that they could compromise DJI's single sign-on tokens, similar to the issue behind Facebook's massive breach this September.

from
https://www.wired.com/story/dji-drones-bugs-exposed-users-data

Midterm Elections 2018: Voting Machine Meltdowns Are Normal—That’s the Problem

Americans watched their voting technology break down right in front of their eyes—or on social media—Tuesday, but it's too soon to tell if the problems reached historic proportions.

from
https://www.wired.com/story/voting-machine-meltdowns-midterm-elections-2018

Midterm Elections 2018: All the Hoaxes and Viral Misinformation

WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day.

from
https://www.wired.com/story/midterm-elections-2018-misinformation-voting-hoaxes

Midterms 2018: The Unprecedented Effort to Secure Election Day

Ninety-four district election officers. Thirteen hundred electoral jurisdictions. Multiple law enforcement agencies. The fight to keep the midterms safe has an unimaginable scope.

from
https://www.wired.com/story/midterms-2018-secure-election-day

Trump’s ‘Racist’ Midterms Ad Backs Facebook Into a Corner

Facebook took down Donald Trump’s ad for violating its policies, but you can still watch the video on his profile.

from
https://www.wired.com/story/trump-anti-immigrant-midterms-ad-facebook

HEY KNOW IT ALLS! Can I Vote Online?

Our in-house experts answer questions about your interactions with technology.

from
https://www.wired.com/story/the-know-it-alls-can-i-vote-online

Georgia Secretary of State Brian Kemp Accuses Georgia Democrats of Hacking

Georgia's secretary of state is also its GOP gubernatorial candidate. And he just claimed that Democrats committed "cyber crimes."

from
https://www.wired.com/story/brian-kemp-georgia-democrats-hacking-claim

How to Control What Websites Can Do on Your Computer

If you're not careful, websites can grab all kinds of permissions you don't realize or intend. Take back control in your browser.

from
https://www.wired.com/story/how-to-lock-down-websites-permissions-access-webcam

A New Privacy Bill, Safer White Hat Hacking, and More Security News This Week

A CIA debacle, a new side channel attack, and more security news this week.

from
https://www.wired.com/story/security-roundup-us-privacy-bill

Hack Brief: Someone Posted Private Facebook Messages From 81,000 Accounts

The data appears to have been stolen with malicious browser extensions, and not by exploiting an issue with Facebook’s platform.

from
https://www.wired.com/story/hackers-posted-private-facebook-messages

Don’t Be Duped by Voting Misinformation Before the Midterms

How to find accurate voting information for the midterm elections

from
https://www.wired.com/story/midterm-elections-2018-voting-misinformation

The Privacy Battle to Save Google From Itself

Interviews with over a dozen current and former Google employees highlight a commitment to privacy—and the inherent tensions that creates.

from
https://www.wired.com/story/google-privacy-data

China's Five Steps for Recruiting Spies in the US

A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

from
https://www.wired.com/story/china-spy-recruitment-us

Apple's T2 Security Chip Makes It Harder to Tap MacBook Mics

By cutting off the microphone at the hardware level, recent MacBook devices minimize the chance that someone can eavesdrop

from
https://www.wired.com/story/apple-t2-security-chip-macbook-microphone

Signal's "Sealed Sender" Is a Clever New Way to Shield Your Identity

"Sealed sender" gives the leading encrypted messaging app an important boost, hiding metadata around who sent a given message.

from
https://www.wired.com/story/signal-sealed-sender-encrypted-messaging

'Fortnite' Scams Are Even Worse Than You Thought

YouTube videos with millions of views. Nearly 5,000 bogus websites. V-Bucks scammers have gotten out of control.

from
https://www.wired.com/story/fortnite-scams-even-worse-than-you-thought

Pittsburgh Synagogue Shooting Suspect's Gab Posts Are Part of a Pattern

It may never be clear why Robert Bowers chose to carry out a violent attack. But his social media activity mirrors an increase in anti-Semitism on the internet.

from
https://www.wired.com/story/pittsburgh-synagogue-shooting-gab-tree-of-life

How Feds Tracked Down Mail Bomb Suspect Cesar Sayoc

At a press conference Friday, officials detailed how they identified and found Cesar Sayoc, who has been arrested in connection with a series of mail bombs targeting prominent liberals and CNN.

from
https://www.wired.com/story/how-feds-tracked-mail-bomb-suspect-cesar-sayoc

Iran's New Facebook Trolls Are Using Russia's Playbook

Facebook took down another Iranian-based network of phony accounts Friday. This new campaign focused on American politics—and it was successful.

from
https://www.wired.com/story/iran-facebook-trolls-using-russia-playbook

The Feds Just Hit Notorious Swatter Tyler Barriss With 46 New Charges. He Intends to Plead Guilty

Prosecutors in California have filed 46 new counts against Tyler Barriss for bomb threats, fraud, and swatting incidents nationwide. He’s angling to get the case transferred to Kansas and intends to plead guilty.

from
https://www.wired.com/story/feds-hit-notorious-swatter-tyler-barriss-with-46-new-charges

Trump's Personal iPhone Would Be a National Security Risk

By using a personal iPhone instead of secured lines, President Trump makes it entirely too easy for China and Russia to spy.

from
https://www.wired.com/story/trump-iphone-security-risk

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice.

from
https://www.wired.com/story/i-bought-used-voting-machines-on-ebay

Democrat Mail Bomb Scares Are a Perfect Misinformation Storm

News of mail bombs targeting prominent Democrats and CNN on Wednesday gave way to a deluge of false reports, partisan finger pointing, and bad faith conspiracy theories online.

from
https://www.wired.com/story/mail-bomb-scares-misinformation-storm

How Mail Bombs Get Intercepted—And What Happens Next

Apparent mail bombs targeting Barack Obama, Hillary Clinton, CNN, and more all got caught before their final destination. Here's how.

from
https://www.wired.com/story/how-mail-bombs-get-intercepted-what-happens-next

Don't Believe Everything You See About the Migrant Caravan

A migrant caravan traveling through Mexico is the latest news event to be weaponized online.

from
https://www.wired.com/story/mexico-migrant-caravan-misinformation-alert

Russia Linked to Triton Industrial Control Malware

Like so many other internet misdeeds, the notorious Triton malware appears to have originated in Moscow.

from
https://www.wired.com/story/triton-malware-russia-industrial-controls

Paper and the Case for Going Low-Tech in the Voting Booth

When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source.

from
https://www.wired.com/story/elections-paper-ballots-low-tech-voting-booth

It Started as an Online Gaming Prank. Then It Turned Deadly

A $1.50 wager on a "Call of Duty" match led to a fake 911 call reporting a violent hostage situation in Wichita. Here’s how it all went horribly awry.

from
https://www.wired.com/story/swatting-deadly-online-gaming-prank

Forging a Relationship With Tyler Barriss, the Internet’s Most Hated Swatter

Journalist Brendan Koerner strikes up a jail-cell correspondence with a man charged with instigating a fatal shooting. “Only by peering into the abyss of human malice can we divine how we can muster the strength to forgive the truly lost," he writes.

from
https://www.wired.com/story/swatting-federal-prison-pen-pal

The Titan M Chip Powers Up Pixel 3 Security

Google's latest flagship smartphone includes the Titan M, a security-focused chip that keeps users safe against sophisticated attacks.

from
https://www.wired.com/story/google-titan-m-security-chip-pixel-3

Apple Data Downloads, A Dating App for Trump Fans, and More Security News This Week

North Korean bitcoin theft, Fake FCC complaints, and more security news this week.

from
https://www.wired.com/story/donald-trump-dating-app-exposed-data

To Curb Terrorist Propaganda Online, Look to YouTube. No, Really.

Opinion: Despite YouTube’s crackdown, extremist groups are still exploiting other Google platforms.

from
https://www.wired.com/story/to-curb-terrorist-propaganda-online-look-to-youtube-no-really

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity.

from
https://www.wired.com/story/russia-indictment-twitter-facebook-play-both-sides

A Trove of Facebook Data Is a Spammer's Dream and Your Nightmare

A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news.

from
https://www.wired.com/story/facebook-hack-data-spammers

The Mysterious Return of Years-Old APT1 Malware

Security researchers have discovered a new instance code associated with APT1, a notorious Chinese hacking group that disappeared in 2013.

from
https://www.wired.com/story/mysterious-return-of-years-old-chinese-malware-apt1

Helm Wants You to Control Your Own Data Again

Helm hopes to make running your own private, encrypted server easy for everyone.

from
https://www.wired.com/story/helm-server-data-privacy

Robert Mueller Has Already Told You Everything You Need To Know

With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff.

from
https://www.wired.com/story/wired25-robert-mueller

Kanye's Password, a WhatsApp Bug, and More Security News This Week

A grey hat hacking hero, bad boat news, and more security news this week.

from
https://www.wired.com/story/kanye-bad-password-security-roundup

Fake Adobe Flash Installers Come With a Little Malware Bonus

A clever new cryptomining scheme downloads the latest version of Adobe for you, but adds malware to the bargain.

from
https://www.wired.com/story/fake-adobe-flash-installers-cryptomining-malware-bonus

How Facebook Hackers Compromised 30 Million Accounts

Facebook has revealed more details about the unprecedented breach of its platform—including how hackers got away with the access tokens of 30 million users.

from
https://www.wired.com/story/how-facebook-hackers-compromised-30-million-accounts

How to Check If Your Facebook Account Got Hacked—And How Badly

Facebook Friday offered more details about its recent breach. Here's how to see if you were affected.

from
https://www.wired.com/story/facebook-hack-check-if-account-affected

No One Can Get Cybersecurity Disclosure Just Right

If Facebook and Google's recent security debacles proved anything, it's that disclosure is tricky business.

from
https://www.wired.com/story/cybersecurity-disclosure-gdpr-facebook-google

How the US Halted China’s Cybertheft—Using a Chinese Spy

For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while.

from
https://www.wired.com/story/us-china-cybertheft-su-bin

Pentagon Weapons Systems Are Easy Cyberattack Targets, New Report Finds

A new report says the Department of Defense "likely has an entire generation of systems that were designed and built without adequately considering cybersecurity."

from
https://www.wired.com/story/us-weapons-systems-easy-cyberattack-targets

Google's Privacy Whiplash Shows Big Tech's Inherent Contradictions

Google got caught hiding a privacy issue affecting 500,000 users on the same day it rolled out privacy protections.

from
https://www.wired.com/story/googles-privacy-whiplash-shows-big-techs-inherent-contradictions

Analyzing analytic offerings

In case you’ve been living under a rock recently, the calm before the 802.11ax storm seems to increasingly be around Wi-Fi Assurance and/or Analytics. In particular, how is your Wi-Fi network performing and how happy are your clients (devices, not users). Most solutions on the market leverage a healthy dose of buzzwords to accomplish answering this question – most notably Machine Learning (ML), Artificial Intelligence (AI), Big Data, and don’t forget Cloud – to make you, the consumer feel like you’re genuinely on the bleeding edge of what a health related system can give you. It struck me during the recent MFD3 event that each of these solutions has a different way to approach the Assurance/Analytics problem, and of course each touts theirs as being ‘the best’ way to get all of the data needed to give you actionable data. Here is my take on the pro’s and con’s of some of the leading/competing solutions:

1) Mist Systems

Mist Systems claims to be the the First & Only AI-Driven WLAN – a bold statement indeed! Their primary source for retrieving statistics about users performance is directly inline from AP. This ‘at the edge’ approach allows them a deep insight into the radio and first hop performance of applications on their network. With a healthy punting of metadata to the Cloud, they claim to achieve “Automation & Insight through AI”.

Pro: A great example of ‘Cloud enabled’ Analytics and they do seem to genuinely seem to be hyper-focused on WLAN performance.

Con: Requiring Mist infrastructure means rip & replace for many organizations. Being hyper-focused on WLAN hardware leaves many organizations splitting their LAN infrastructure between vendors and that certainly diminishes the ‘one throat to choke’ troubleshooting. Visibility is at the AP layer only, ultimately leading to assumptive troubleshooting when issues outside of their visibility arise. Being a nascent company (and one of the last WLAN-only players) makes me wonder how long before they’ll be acquired.

Consumption: Cloud with a premium capex spend as well as ongoing required opex.

Bold claims!

2) Cisco Meraki

Since being acquired by Cisco in November 2012, Meraki has continued to deliver on bringing features to market through their flagship product, the Meraki dashboard. The closest anyone comes to a ‘single pane of glass’ management portal, Meraki continues to shine for those Cloud-friendly organizations that have hyper-value on a single point of administration for their network. Generally, these tend to be the highly distributed organizations as opposed to the campus enterprise. Meraki’s ‘Wireless Health’ feature is in beta now and was ‘automagically’ delivered to existing customers.

Pro: Meraki’s AGILE product development targets the 80/20 rule pretty squarely. It’s ‘good enough’ for a lot of folks, and it’s ‘free’ to existing customers (if you don’t consider opex an expense of course).

Con: Wireless Health is Wi-Fi only – with no end to end correlation of their switches or security appliances, and it fragments the message around full-stack solutions. While focusing on making an ‘okay for most’ product, they certainly lose out on much of the deeper technical data commonly found in some of the larger platforms.

Consumption: Cloud with a premium capex spend as well as ongoing required opex (free to existing paying customers).

Wireless Health from Meraki

3) nyansa

Arguably *the* pioneer in Wi-Fi Assurance and Analytics, they were founded in 2013 and have a head start on most of the players in the market. Interestingly enough, nyansa is the only player in this space that not only doesn’t manufacture hardware to pitch at you, they work with an ever-growing number of existing infrastructure providers (including most of the major ones!). Leveraging an onsite ‘crawler’ to gather the data and to punt metadata to the Cloud, the onsite components are generally lightweight and assuming you’re already a VM friendly organization, no real hardware requirements (including any ripping and replacing of APs) is needed.

Pro: They’ve been at it a longer than anyone else and are clearly ahead of the game. They accept data from a variety of network sources including your LAN infrastructure so their ability to more accurately pinpoint issues is likely to be more accurate than a Wi-Fi only solution. Being able to ‘compare’ your data to peers of your own ilk is an interesting proposition and clearly one of the premier features they hang their hats on.

Con: Having an analytics only platform that’s not tightly coupled with your infrastructure leads me to wonder about the long-term stickiness of the solution. The perceived high-cost of the solution, has lead many to ‘deploy, diagnose, then remove’ – very much defeating the long term goals of Analytics and Assurance platforms. Ongoing success when ‘all is good’ is very hard to demonstrate and the vendor neutral approach leaves them vulnerable.

Consumption: Primarily an opex play since there isn’t really a capex component to speak of (no APs or appliances to install).

nyansa

 

4) 7signal

7signal has been fairly quiet on the Assurance front as of late, but they’re worth a mention. Being the pioneer in sensor driven tests, hanging an ‘eye’ to connect to your network and measure/gather various statistics about how well it’s performing has been their pitch from day 1. Falling more on the ‘stats digestion’ side of the house rather than on the ML/AI side of the spectrum, 7signal is worth noting due to their synthetic testing that closely mimics what a client sees on the network.

Pro: Client first is the best way to view the network and a sensor (or embedded into a client) is the only way to get this data.

Con: Having *only* client data means that correlation has to happen in a guesswork fashion. Coupled with a difficult install and a user interface that could stand a healthy dose of sprucing up and the platform overall is feeling pretty stale.

Consumption: Capex spend for the sensors and ongoing support and maintenance. On premises deployment model with ‘lightweight-at-best’ analytics.

5) Aruba

Aruba acquired Rasa in May of 2016 to become part of the Aruba Clarity team. They’ve since changed gears and are rolling the Rasa features into NetInsight. They’ve been relatively quiet on the productization front here, opting instead to show it off at events like Aruba Atmosphere and Mobility Field Day events. They get some interesting insights out of the education campus use case they show but I’ve not seen any readily actionable insights that don’t require some level of Data Scientist level of queries. They have the potential to move the needle in the industry here, but making it easy to use is clearly something they’re struggling with.

Pro: Buying a ready made analytics company reduces their time to market and clearly Aruba is moving aggressively to get into the analytics game here. If you’re an Aruba Wi-Fi, AirWave, or Clarity/NetInsight customer, they have some big things in store.

Con: Today the data is clearly difficult to get at. Usability leaves a lot to be desired and there is some pretty unclear things about where the platform is going. Between the legacy Clarity offering, the Rasa integration, NetInsight, and don’t forget about the recent Niara acquisition on the security side. There are lots of moving pieces here and Aruba will have to bring some quick clarity (hah!) to their consumption model.

Consumption: NetInsight productization is currently TBD, but I expect it will be Cloud-first, if not Cloud-only by the time you can get your hands on a production ready solution.

Thoughtful people

6) Cisco Enterprise

Cisco has been focused on DNA-Center, the successor to the APIC-EM platform. The platform runs ‘apps’ on top, and one of the flagship applications shipping today is DNA Assurance. This platform is the ‘all-in’ Cisco assurance platform that takes data from everywhere you can think of – netflow feeds from your WLC and/or switch, radio data from the AP, synthetic data from sensors, and feedback from actual clients. In short, they take the best of all worlds and attempt to lump it into one big platform without giving people the heebie-jeebies about their data being in the Cloud.

Pro: Ambitiously Cisco is taking the ‘whatever you can feed me’ approach to Analytics and Assurance. The more feeds you can send to it, the better. This allows organizations to deploy the solution components that make sense to them and add more later if they want improved fidelity. Deploying an Analytics platform that you can actually run onsite in a 1RU appliance is no small feat and will be an undoubted boon for those Cloud adverse.

Cons: All of that horsepower isn’t cheap. Coupled with Cisco’s somewhat tarnished reputation as of late around code quality makes some people nervous about ‘one box to rule them all’, but this should generally be a mitigated concern for out-of-band analytics. Of course, this all works best if you’re Cisco end to end and that could be perceived as a negative to some.

Consumption: On premises hardware appliance fed by Cloud updates for the applications. Your Cisco ONE licensing consumption model and Smart Licenses will be key to getting this off of the ground, but so far there is no ‘break if you don’t pay’ approach.

I hope that the roll-up was a useful overview to the Analytics and Assurance market as it sits today. Did I miss anyone? Let me know and I’ll try and get a summarization up for you ASAP!

from
https://sc-wifi.com/2018/10/07/analyzing-analytic-offerings/

A Good Password Law, Hardware Hacks, and More Security News This Week

Hardware hacks, the government gets two-factor, and more security news this week.

from
https://www.wired.com/story/security-news-this-week-good-news-california-bans-bad-default-passwords

Don't Buy the Trump Administration's China Misdirection

The White House keeps accusing China of election interference—but it's nothing like Russia in 2016.

from
https://www.wired.com/story/dont-buy-trump-administration-china-misdirection

A 'Scarily Simple' Bug Put Millions of Cox Cable Customer Accounts at Risk

The most straightforward insecurities can sometimes be the riskiest.

from
https://www.wired.com/story/cox-communications-vulnerability

The Apollo Breach Included Billions of Data Points

Sales intelligence firm Apollo left a "staggering amount" of exposed online, including 125 million email addresses and nine billion data points.

from
https://www.wired.com/story/apollo-breach-linkedin-salesforce-data

Why Supply Chain Hacks Are a Cybersecurity Worse Case Scenario

A blockbuster report from Bloomberg says that China has compromised servers used by major US companies. It's a problem that experts have long feared, and still don't know how to resolve.

from
https://www.wired.com/story/supply-chain-hacks-cybersecurity-worst-case-scenario

How Russian Spies Infiltrated Hotel Wi-Fi to Hack Their Victims Up Close

A new indictment details how Russian agents camped outside hotels when remote hacking efforts weren't enough.

from
https://www.wired.com/story/russian-spies-indictment-hotel-wi-fi-hacking

Malware Has a New Way to Hide on Your Mac

By only checking a file's code signature when you install it—and never again—macOS gives malware a chance to evade detection indefinitely.

from
https://www.wired.com/story/mac-malware-hide-code-signing

How to 'Turn Off' the Presidential Emergency Text Alert Test

If you really don't want to receive today's emergency test text message, there's one pretty simple workaround.

from
https://www.wired.com/story/how-to-turn-off-presidential-emergency-text-alert-test

The Presidential Text Alert Has a Long, Strange History

While the presidential text that hits your phone Wednesday will be the first of its kind, it's part of a decades-long lineage of official government Doomsday alerts.

from
https://www.wired.com/story/presidential-text-alert-fema-emergency-history

Intra Gives Older Versions of Android Important DNS Protections

Alphabet subsidiary Jigsaw is using a new app to give DNS encryption protections to any Android smartphone from the last seven years.

from
https://www.wired.com/story/jigsaw-intra-app-dns-encryption

Hackers Can Stealthily Avoid Traps Set to Defend Amazon's Cloud

In the cat and mouse game of protecting cloud services, attackers find a sneaky advantage.

from
https://www.wired.com/story/aws-honeytoken-hackers-avoid

The Facebook Hack Is an Internet-Wide Failure

Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse.

from
https://www.wired.com/story/facebook-hack-single-sign-on-data-exposed

How the Kavanaugh Information War Mirrors Real Warzones

Opinion: From using open source intelligence to spreading false reports to brazenly rewriting history, social media warriors on both sides of the controversy are taking a page from Russia.

from
https://www.wired.com/story/how-the-kavanaugh-information-war-mirrors-real-warzones

Why Cops Can Use Face ID to Unlock Your iPhone

For the first publicly documented time, law enforcement has used Face ID to forcibly unlock someone's iPhone. It won't be the last.

from
https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights

Facebook Wins, Facebook Losses, and More Security News This Week

The Facebook breach, 3-D printed guns on Broadway, and more security news this week.

from
https://www.wired.com/story/security-news-feds-cant-force-facebook-to-wiretap-messenger

The Facebook Security Meltdown Exposes Way More Sites Than Facebook

The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.

from
https://www.wired.com/story/facebook-security-breach-third-party-sites

Facebook's Massive Security Breach: Everything We Know

Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.

from
https://www.wired.com/story/facebook-security-breach-50-million-accounts

Voting Machines Are Still Absurdly At Risk

A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use.

from
https://www.wired.com/story/voting-machine-vulnerabilities-defcon-voting-village

Russia’s Elite Fancy Bear Hackers Have a Clever New Trick

For the first time, a so-called UEFI rootkit has been spotted in the wild. And it appears to come from Russia.

from
https://www.wired.com/story/fancy-bear-hackers-uefi-rootkit

Mobile Websites Can Tap Into Your Phone's Sensors Without Asking

Apps need your explicit permission to access your smartphone's motion and light sensors. Mobile websites? Not so much.

from
https://www.wired.com/story/mobile-websites-can-tap-into-your-phones-sensors-without-asking

Cody Wilson Leaves Defense Distributed, But 3-D Printed Guns Roll On

Even after the DIY gunsmith's arrest on sexual assault charges, the fight for and against 3-D printed guns still rages.

from
https://www.wired.com/story/cody-wilson-3d-printed-guns-resigns-defense-distributed

Even If Rod Rosenstein Stays, the Mueller Investigation Status Quo Won't Last

Much of the speculation around deputy attorney general Rod Rosenstein's fate misses how disruptive a post-midterms shake-up could be.

from
https://www.wired.com/story/rod-rosenstein-mueller-investigation-midterms

A Small Google Chrome Change Stirs a Big Privacy Controversy

The latest update to Google's browser has riled privacy advocates by appearing to log people in without their explicit permission.

from
https://www.wired.com/story/google-chrome-login-privacy

The Series 5 YubiKey Will Help Kill the Password

The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether.

from
https://www.wired.com/story/yubikey-series-5-fido2-passwordless

A Twitter DM Fail, Free Credit Freezes, and More Security News This Week

Free credit freezes, a better private browser, and more security news this week.

from
https://www.wired.com/story/twitter-sent-user-dms-to-developers-by-mistake

AirCheck G2 gets a v3

You may recall my blog post year lauding the version 2 firmware for the Netscout G2. I’m very pleased that Netscout has continued product development, taking feedback from users (including myself) on ways to further improve the already-awesome AirCheck G2. I’ve been working with the v3 firmware for the AirCheck for a bit over a month now and I’m happy to report in with my new favorite improvements – all delivered via a software update under a current support contract!

1) Improved packet captures

One of the things I didn’t write about last time was the ability to do packet captures that was introduced in v2. Admittedly, it felt somewhat half-baked and there are two very important enhancements that make this the tool I always hoped it would be. Firstly, we get the ability to slice packets. Those of you familiar with packet captures will know that in the vast majority of cases, we’re interested with the beginning of the 802.11 frames (since the payload is commonly encrypted). The ability to slice packets means that we can get very valuable packet-level analysis without capturing the entire frame!

Packet slicing

Secondly (and leading directly into my next favorite thing) is a *much* easier way to get the actual packet captures off of the AirCheck. In the past (and in addition to dealing with file sizes that were needlessly cumbersome), you’d have to grab the AirCheck G2 Desktop software and hook your AirCheck up to a computer to copy the capture off. Now you can just plug in an ethernet cable and the upload the tests right into the Link-Live service that comes included with your AirCheck! From there, you can download the raw .pcap file for use in your favorite packet capture analysis tool (Omnipeek, CloudShark, WireShark, Wi-Fi Analyzer, etc).

.pcap files in Link-Live

2. Cloud (Link-Live all the things)

You may have guessed from my above comments that the Cloud enablement is right up there on my list of awesome things that this update brings. With a notable decrease in reliance on the Windows-only desktop application, the improved Link-Live integration now supports a whole slew of AirCheck uploads including:

• Full AutoTest results
• Session files
• Screenshots
• Packet captures (mentioned above)
• Job, location, comments

Further reliance on the Link-Live portal is clearly a huge focus for the AirCheck team and they’ve delivered on many key integrations to help our field teams get data off of the AirCheck G2s in a timely fashion. In addition to being able to pull files off of the AirChecks enabled by Link-Live, the ability to push profiles lands squarely in the ‘awesome to have’ column. Being able to upload pre-configured profiles to your fleet units removes much of the inconsistencies that large teams can sometimes run across. 

3. Over the network firmware updates

Last, but certainly not least of the new features, the ability to do over-the-network firmware updates means that you no longer have to have access to a USB cable and Windows machine just to get all of the future improvements that Netscout is clearly on track to deliver. For an awesome product that continues to get software based improvements that genuinely move the needle, this feature changes the game for getting current software onto our AirChecks. Simply plug the unit into a working network connect and click the ‘Check for Software Updates’ and you’re good to go!

Software Update

Way to go Netscout team for bring a truck load of features to an already indispensable tool. Making new features that people will actually use (as opposed to the bloat we commonly see) is not only a refreshing take from the Netscout team, but continues to make the AirCheck G2 the best in Wi-Fi handheld triage tools. If you’ve not gotten your hands on an AirCheck G2 by now, you’re missing out.

from
https://sc-wifi.com/2018/09/21/aircheck-g2-gets-a-v3/

Cloudflare Embraces Google Roughtime, Giving Internet Security a Boost

Syncing clocks online is vital to web security.

from
https://www.wired.com/story/clouldflare-google-roughtime-sync-clocks-security

How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency

HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year.

from
https://www.wired.com/story/htc-exodus-blockchain-phone-secure-cryptocurrency

DIY Gun Activist Cody Wilson Accused of Child Sexual Assault

A Texas court issued a warrant for the Defense Distributed founder's arrest on Wednesday.

from
https://www.wired.com/story/cody-wilson-accused-child-sexual-assault

John Deere Just Cost Farmers Their Right to Repair

The California Farm Bureau has given away the right of farmers to fix their equipment without going through a dealer.

from
https://www.wired.com/story/john-deere-farmers-right-to-repair

The Collateral Damage of Trump's Extreme Declassifications

Trump has the legal right to make public whatever documents he chooses. But he's going to cause untold damage in the process.

from
https://www.wired.com/story/trump-declassify-documents-national-security

The Mirai Botnet Masterminds Have Been Fighting Crime With the FBI

In 2016, three friends created a botnet that nearly broke the internet. Now, they're helping the feds catch cybercriminals of all stripes.

from
https://www.wired.com/story/mirai-botnet-creators-fbi-sentencing

Edward Snowden on Protecting Activists Against Surveillance

“Turnkey tyranny” has never been closer. For some communities, it feels like it’s already here.

from
https://www.wired.com/story/wired25-edward-snowden-malkia-cyril-activist-surveillance

Palmer Luckey Is Just Getting Started

The Oculus founder on virtual reality, defense tech, biohacking an injured toe.

from
https://www.wired.com/story/wired25-peter-thiel-palmer-luckey-virtual-reality-defense-tech

Facebook Broadens Its Bug Bounty to Include Third-Party Apps

Starting Monday, Facebook will pay at least $600 to researchers who spot third-party apps behaving badly on its platform.

from
https://www.wired.com/story/facebook-bug-bounty-third-party-apps

Kid-Focused Apps Track Location, UK Spying, and More Security News This Week

In security news this week, some apps for children may violate privacy laws, State Department devices might be less secure than your Instagram account, and more.

from
https://www.wired.com/story/location-tracking-apps-target-kids

A Decade-Old Attack Can Break the Encryption of Most PCs

The computer industry thought cold boot hacks were solved 10 years ago. Researchers have proven that's not the case.

from
https://www.wired.com/story/cold-boot-break-pc-encryption

Why Big Tech and the Government Need to Work Together

Opinion: Former Secretary of Defense Ash Carter argues for cooperation between tech workers and the DoD

from
https://www.wired.com/story/why-big-tech-and-the-government-need-to-work-together

Trump's New Executive Order Slaps a Bandaid on Election Interference Problems

Trump’s order creates a framework to sanction foreign meddling in elections, but experts say it’s not enough.

from
https://www.wired.com/story/trump-executive-order-election-interference-sanctions

How Hackers Slipped by British Airways' Data Defenses

Security researchers have detailed how a criminal hacking gang used just 22 lines of code to steal credit card info from hundreds of thousands of British Airways customers.

from
https://www.wired.com/story/british-airways-hack-detaeils

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

Weak encryption in the cars' key fobs allows all-too-easy theft, but you can set a PIN code on your Tesla to protect it.

from
https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob

Everything You Should Do Before You Lose Your Phone

Misplacing your smartphone—or worse, having it stolen—is awful. But you can at least minimize the damage with a few easy steps.

from
https://www.wired.com/story/lost-stolen-phone-what-to-do

Facial Recognition, a British Airways Hack, and More Security News This Week

A British Airways breach, a fake Army site, and more of the week's top security news.

from
https://www.wired.com/story/ibm-made-cops-a-tool-to-search-surveillance-video-by-skin-color

Fake Beto O'Rourke Texts Expose New Playground for Trolls

Someone hijacked a volunteer tool to make it look like Beto O'Rourke encouraged voter fraud—and that could just be the beginning.

from
https://www.wired.com/story/fake-beto-orourke-texts-expose-new-playground-for-trolls

Popular Mac App Adware Doctor Actually Acts Like Spyware

Adware Doctor has long been one of the top-selling apps in the Mac App Store. But researchers say it harvested browsing data, and sent it to China.

from
https://www.wired.com/story/adware-doctor-mac-app-store-spyware

Twitter Finally Bans Alex Jones—Over a Publicity Stunt

After years of abuse and spreading conspiracy theories, Alex Jones finally went too far for Twitter with a relatively tame rant.

from
https://www.wired.com/story/twitter-bans-alex-jones-infowars

DoJ Charges North Korean Hacker for Sony, WannaCry, and More

The Department of Justice has taken its first legal action against North Korea's cybercrimes, in a massive complaint made public Thursday.

from
https://www.wired.com/story/doj-north-korea-hacker-sony-wannacry-complaint

Facebook and Twitter's Biggest Problems Follow Them to Congress

As Jack Dorsey and Sheryl Sandberg testified before Congress, some of Twitter and Facebook's most notorious trolls and misinformation artists watched on.

from
https://www.wired.com/story/facebook-twitter-congress-testimony-dorsey-sandberg

How Trump Could Trigger Armageddon With a Tweet

Times have changed. The president is being held in check by terrified aides who are trying to keep his worst impulses in check. But disaster may only be a tweet away. Here's how it could happen.

from
https://www.wired.com/story/how-trump-could-trigger-armageddon-with-a-tweet

How to Watch Twitter and Facebook Testify Before Congress Wednesday

Twitter CEO Jack Dorsey and Facebook COO Sheryl Sandberg will field questions about foreign interference, perceived bias, and more.

from
https://www.wired.com/story/watch-jack-dorsey-twitter-sheryl-sandberg-facebook-testify-congress

Jon Kyl Will Take McCain's Senate Seat

The governor of Arizona announced Tuesday that Jon Kyl will replace the Senate seat vacated by the late John McCain. He may now further push to regulate tech giants like Facebook.

from
https://www.wired.com/story/jon-kyl-senate-facebook-tech-regulation

How Chrome Spent a Decade Making the Web More Secure

Ten years after Chrome debuted, a look back at how the browser redefined security online.

from
https://www.wired.com/story/chrome-decade-making-the-web-more-secure

Google Wants to Kill the URL

"Whatever we propose is going to be controversial. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck."

from
https://www.wired.com/story/google-wants-to-kill-the-url

Senator Mark Warner Is Not Happy With Google

The vice chairman of the Senate Intelligence Committee talks about the search giant's glaring absence at this week's committee hearings, and the White House's #stopthebias campaign.

from
https://www.wired.com/story/mark-warner-senate-committee-hearing-google-facebook-twitter

Hackers Hit Comic Site The Oatmeal, and It Wasn't Funny

This week, a comics site goes offline, more security clearance intrigue, lucrative email spying, and more.

from
https://www.wired.com/story/security-news-the-oatmeal-hacked

Management Frame Detection?

Nope! But MFD does stand for something even more exciting! Mobility Field Day (3!) is just around the corner! As a long time delegate with a few minutes to burn on the family PTO trip, I thought I’d take a moment to reflect on the upcoming event. As you can see from the Tech Field Day page there are tons of great sponsors lined up. Here is my take on the coming week, the sponsors strengths, weaknesses, and what I’d like to see. In order of presentation:

Arista (http://techfieldday.com/companies/arista-networks/, @AristaNetworks)

Arista has made a splash in the Wi-Fi space with their recent acquisition of Mojo Networks (nee: AirTight). I’m happy to see Mojo get scooped up, especially in the ever diminishing landscape of infrastructure providers especially since they have a strong story about ‘hardware agnostic’ solutions. Their story since the AirTight days has been one of open platforms and this strength has carried them to the success they’ve had so far. Arista has not. Admittedly I’m not a strong Data Center switch guy, but I don’t see a similar story of how the open, commodity hardware platforms with custom ‘better than you’ software on top meshes well with their corporate messaging. I’d love to see some reconciliation on that front, and a clear vision for the Mojo team moving forward. Please spare me the ‘HP acquired Aruba’, ‘Cisco acquired Meraki’, and those companies are fine story. Paint me a genuine story of market leadership backed by strong technical chops that promise to survive the acquisition.

Aruba (http://www.arubanetworks.com/, @ArubaNetworks)

Aruba (a Hewlett Packard Enterprise company) has been touting ‘industry leadership’ on several fronts recently. They have clearly claimed leadership on several fronts including WPA3 and some intriguing messaging around 802.11ax. Their strength is messaging. They do it well, but I fail to see how Aruba single handedly ‘landed’ WPA3 and how their messaging around 802.11ax (buy when *we’re* ready, but not anyone else) is anything more than corporate marketing fluff. I’d love to see how they are helping the industry move forward *as a whole* on more than just ‘standards stuff coming down the road’. Help me understand why Aruba’s implementation of QCA radios is better than someone else’s. Help me understand why their switches brings more value to an enterprise other than an ABC play. Help me understand why end to end networking with the Aruba logo on it is better.

Cisco (http://www.cisco.com/, @Cisco)

Cisco, the 800 lb. gorilla that everyone loves to hate. Cisco is a machine unlike any other. They have critical mass despite themselves and are painting some intriguing messaging around Assurance products that seem to resonate well with the on-premises enterprises. All other networking aside (routing, switching, security, Data Center, etc), Cisco Wi-Fi has seemingly lost its way as of late. Their adoption of QCA radios (CleanAir is awesome, unless they sell an AP without it!), their continued duality around the Meraki acquisition (it’s right when it will land a sale), and the feature gaps as new platforms come online has always stuck in my craw. The 802.11ac wave 2 APCOS change (the OS on the APs) debacle has left many with souring appetites for a monolithic beast of an assurance platform. I’d love to see how Cisco is involved in driving standards (WPA3, 802.11ax) while allowing their ecosystem around CCX fall to the wayside despite not having a standards based equivalent to 100% of those components (DTPC anyone?).

Fortinet (http://fortinet.com/, @Fortinet)

Fortinet (nee: Meru) has always been intriguing to me. If there is a dark horse in the Wi-Fi space, this is it. Out of left field, some strange security company acquired ‘those SCA guys’ which raised more than a few eyebrows in the industry. I’m not super passionate about firewalls so when someone touts that their strong suit is plopping some security stuff onto an already delicate Wi-Fi ecosystem, I get nervous. I’d love to see what Fortinet is doing on the SCA front (other than the occasional corner case deployment). How are you fostering the technology that made Meru, Meru? If you’re going to be the one exception in the CWNP curriculum, own that. Embrace it, get the delegates to see what makes it special. Get into the nuts and bolts of how it works, what makes it tick. Get your radio firmware developer into the room and nerd out with us for a bit. Don’t be afraid to put that unpolished guy on stage that only knows protocol. We love that kind of stuff.

Mist (http://mist.com, @MistSystems)

Mist is on the short list of Wi-Fi only players that I suspect will be acquired soon. Between them and AeroHive, there aren’t many players left and to be fair, Mist came out of nowhere when Cisco ‘spun out’ (my speculation) the previous owners of the AireOS legacy. They claimed virtual BLE was the next big thing, now it’s AI driven Wi-Fi – what’s next? Do they realize that the ‘heritage’ that they claim ownership of has turned off more people than it’s attracted? When someone claims to be at the helm of Cisco Wi-Fi during the Meraki acquisition, or to have the father of controllers (and RRM) in the drivers seat, how is that a compelling story when so many of todays woes are centered around those two topics? I’d like to hear how Mist has those people at the helm, but how they’re not destined to repeat the past. Mist claims to have an AI driven interface but fails to answer some pretty plain english queries. Tell me how Mist is better. How the AI is not just a bunch of if statements. Burning Man Wi-Fi, I hope not!

NETSCOUT (http://www.netscout.com, @NETSCOUT)

NETSCOUT (or is it netscout or NetScout?) has long held the mantle of go to wired insight products and only recently entered into the Wi-Fi foray with the Fluke (nee: AirMagnet) acquisition. They inherited an impressive product in the AirCheck G2, but also a legacy of tools that are, quite frankly, stale. What is next for the G2? Many of us in the industry love our hulk green Wi-Fi diagnostics tool and the G2 v2 additions were welcome. Is there enough left in the AirCheck to hope for a v3? I’d love to see a cleaner picture about link-live and how it plays a role in the beloved AirCheck G2. I’d love to hear a definitive story on the likes of AirMagnet Survey Pro, Wi-Fi Analyzer, Spectrum XT – all of which are *very* stale. Let’s put these to bed or make something of them that the industry can use.

nyansa (http://www.nyansa.com, @Nyansa)

nyansa has been that strange analytics company with the funny name that promises to fix all of our ails through machine learning and comparative analytics. They’re doing some neat things with ‘just a bunch of flows’, but is it enough? It seems like everyone is jumping on the analytics bandwagon now a days, but with the hefty price tag for a point-in-time resolution product, it feels somewhat estranged. Do you know what happens when your help desk has 9 dashboards all with different data in it, and you try to aggregate and correlate it into a meaningful dashboard? Your help desk now has 10 dashboards. I’d love to see why your data is better (of course), but tell me how it gets rid of data I don’t use today, and tell me how it does it at a price point that makes it a no brainer.

Dear reader, what do you want to see? Feel free to reach out to me by comment, or privately, or on twitter before or during the event and I’ll make sure you get a response. Till then, see you at MFD3 on September 12 through the 14th – make sure to tune in at: http://techfieldday.com/event/mfd3/

from
https://sc-wifi.com/2018/08/30/management-frame-detection/

3-D Printed Gun Blueprints Are Back, and Only New Laws Can Stop Them

Despite an injunction against sharing the plans online, Cody Wilson is now selling the blueprints directly.

from
https://www.wired.com/story/3-d-printed-gun-blueprints-return-laws-injunction

The Fight Over California's Privacy Bill Has Only Just Begun

The tech industry lobby has made it clear that they want changes to California's sweeping privacy protections—and they've got plenty of time left to get them made.

from
https://www.wired.com/story/california-privacy-bill-tech-lobbying

Android Devices Can Be Exploited With Decades Old-Telephone Tech

So-called Attention commands date back to the 80s, but they can enable some very modern-day smartphone hacks.

from
https://www.wired.com/story/at-commands-android-vulnerability

Reality Winner, Insider Trading, and More Security News This Week

In security news this week, Apple and Facebook beef, Reality Winner gets sentenced, facial recognition at the airport, and more.

from
https://www.wired.com/story/delete-onavo-facebook-vpn-app-security-roundup

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Your phone number was never meant to be your identity. Now that it effectively is, we're all at risk.

from
https://www.wired.com/story/phone-numbers-indentification-authentication

What We Now Know About Iran's Global Propaganda Campaign

For years, Iran has run its own secret infowar—running a remarkably similar playbook as Russia.

from
https://www.wired.com/story/iran-global-propaganda-fireeye

An Undiscovered Facebook Bug Made Me Think I Was Hacked

The social network erroneously turned extra security protections off—after I had *strengthened* my privacy settings.

from
https://www.wired.com/story/facebook-bug-two-factor-hack

Why the DNC Thought a Phishing Test Was a Real Attack

The Democratic National Committee now says a fraudulent voter data website it found was evidence of an unauthorized test organized by Michigan Democrats.

from
https://www.wired.com/story/dnc-phishing-test-votebuilder

A Monitor’s Ultrasonic Sounds Can Reveal What’s on the Screen

Researchers have demonstrated that they can discern individual letters on a display based only on the ultrasonic whine it emits.

from
https://www.wired.com/story/monitor-ultrasonic-sounds-reveal-content-side-channel

Tech Giants Are Becoming Defenders of Democracy. Now What?

Microsoft, Facebook, and others are ramping up efforts to thwart attacks on elections—making the US government look woefully underprepared in the process.

from
https://www.wired.com/story/microsoft-facebook-tech-giants-defending-democracy

Six Big Questions After the Cohen and Manafort Bombshells

Two close advisers to the president are now convicted felons. Here are six big questions about where this all goes next.

from
https://www.wired.com/story/manafort-cohen-guilty-trump-mueller-investigation

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.

from
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world

Facebook and Twitter Eye Iran in Latest Fake Account Crackdown

The social media companies removed hundreds of fake accounts with links to Iran and Russia that were engaged in "coordinated inauthentic behavior."

from
https://www.wired.com/story/facebook-twitter-eye-iran-fake-account-crackdown

How Microsoft Tackles Russia's Fancy Bear Hackers—And Why It's Never Enough

Microsoft has once again taken down Russian phishing sites, but that won't deter them for long.

from
https://www.wired.com/story/microsoft-russia-fancy-bear-hackers-sinkhole-phishing

How to Protect Your Phone Against a SIM Swap Attack

Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.

from
https://www.wired.com/story/sim-swap-attack-defend-phone

A Costly CIA Mistake, a Campaign Hack, and More Security News This Week

New cyberwar policy, body scanners in Los Angeles, and more of the week's top security news.

from
https://www.wired.com/story/devastating-report-cias-deadly-mistakes-china

Taking Away John Brennan's Clearance Threatens National Security

When Trump strips a former CIA director's security clearance, the impact is more than just symbolic.

from
https://www.wired.com/story/john-brennan-security-clearance-trump

A Bot Panic Hits Amazon Mechanical Turk

Concerned social scientists turned their analytical skills onto one of their most widely used research tools this week: Amazon's Mechanical Turk.

from
https://www.wired.com/story/amazon-mechanical-turk-bot-panic

Imposter 'Fortnite' Android Apps Are Already Spreading Malware

New analysis from mobile security firm Lookout shows that malware authors are taking full advantage of 'Fortnite' ditching the Google Play Store.

from
https://www.wired.com/story/imposter-fortnite-android-apps-already-spreading-malware

Saving Lives With Tech Amid Syria’s Endless Civil War

A band of activist-entrepreneurs is building a sensor network to warn when and where air strikes will hit—a constant threat under Bashar al-Assad's regime.

from
https://www.wired.com/story/syria-civil-war-hala-sentry

Why Facebook Enlisted This Research Lab to Track Its Trolls

What can the 14-person Digital Forensics Research Lab discover about fake news on Facebook that the billion-dollar company doesn't already know?

from
https://www.wired.com/story/facebook-enlists-dfrlab-track-trolls

'Foreshadow' Flaw Undermines the Intel CPU Secure Enclave

In the spirit of Meltdown and Spectre, a new vulnerability called Foreshadow could expose Intel's secure enclave to attack.

from
https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability

How to Stop Google From Tracking Your Location

A new report shows that Google still tracks your location even if you thought you opted out.

from
https://www.wired.com/story/google-location-tracking-turn-off

Hacked Water Heaters Could Trigger Mass Blackouts Someday

A new study found that just 42,000 of those hacked home devices could be enough to leave a country of 38 million people in the dark.

from
https://www.wired.com/story/water-heaters-power-grid-hack-blackout

Fax Machines Are Still Everywhere, and Wildly Insecure

Researchers have demonstrated that sending a single malicious fax is all it takes to break into a network.

from
https://www.wired.com/story/fax-machine-vulnerabilities

To Identify a Hacker, Treat Them Like a Burglar

A preliminary study shows that hackers penetrate systems in unique, documentable ways—just like criminals in the physical world.

from
https://www.wired.com/story/case-linkage-hacker-attribution-cybersecurity

A Clever Android Hack Takes Advantage of Sloppy Storage

The so-called man in the disk attack uses Android's permissive external storage to wreak havoc on devices.

from
https://www.wired.com/story/android-hack-external-storage-man-in-the-disk

Hackers Turned an Amazon Echo Into a Spy Bug

Researchers found they could turn the smart speakers into surveillance devices—if they could get their own attack tool on the same Wi-Fi.

from
https://www.wired.com/story/hackers-turn-amazon-echo-into-spy-bug

Invisible Mouse Clicks Let Hackers Burrow Deep into MacOS

A former NSA hacker finds a new way malware can take control of a Mac's mouse for a powerful intrusion technique.

from
https://www.wired.com/story/invisible-mouse-clicks-hack-macos

Police Departments Need to Stop Posting Mugshots on Twitter

Opinion: When police departments post photos of protestors on social media, it puts them at risk of harassment, or worse.

from
https://www.wired.com/story/opinion-police-should-stop-doxxing-protestors

Police Bodycams Can Be Hacked to Doctor Footage

Analysis of five body camera models marketed to police departments details vulnerabilities could let a hacker manipulate footage.

from
https://www.wired.com/story/police-body-camera-vulnerabilities

The FCC's Fake DDoS Attack, WannaCry Hits an Apple Supplier, and More Security News This Week

The PGA Tour gets hit with ransomware, Wikileaks says the US Senate wants a word, and more.

from
https://www.wired.com/story/fcc-lied-about-ddos-attack-wannacry-apple

At DefCon, the Biggest Election Threat Is Lack of Funding

While hackers at the DefCon security conference dismantle voting machines, officials stress the need for means to act on the results.

from
https://www.wired.com/story/defcon-election-threat-funding

A Tweet About Hacking During Defcon Gets a Google Engineer in Trouble

Matt Linton says he was asked to leave Caesars Palace Thursday night after a tweet about an “attack” was reported to the police.

from
https://www.wired.com/story/defcon-tweet-about-hacking-gets-engineer-trouble

Millions of Android Devices Are Vulnerable Out of the Box

Android smartphones from Asus, LG, Essential, and ZTE are the focus of a new analysis about risks from firmware bugs introduced by manufacturers and carriers.

from
https://www.wired.com/story/android-smartphones-vulnerable-out-of-the-box

Crestron Touchscreens Could Spy on Hotel Rooms and Meetings

The technology company Crestron makes touchscreen panels and other equipment for places like conference rooms, which a researcher found can be turned into hidden microphones and webcams.

from
https://www.wired.com/story/crestron-touchscreens-could-spy-on-hotel-rooms-and-meetings

Machine Learning Can Identify the Authors of Anonymous Code

Researchers have repeatedly shown that writing samples, even those in artificial languages, contain a unique fingerprint that's hard to hide.

from
https://www.wired.com/story/machine-learning-identify-anonymous-code

Bugs in Mobile Credit Card Readers Could Expose Buyers

Card readers used by popular companies like Square and PayPal have several security flaws that could result in customers getting majorly ripped off.

from
https://www.wired.com/story/bugs-in-mobile-credit-card-readers-could-leave-buyers-exposed

Hacking a Brand New Mac Remotely, Right Out of the Box

Researchers found a way to compromise a Mac the first time it connects to Wi-Fi, potentially putting scores of enterprise customers at risk.

from
https://www.wired.com/story/mac-remote-hack-wifi-enterprise

Smartphone Voting Is Happening, But No One Knows If It's Safe

Online voting has major security flaws, and experts are concerned that Voatz, the platform West Virginia will use this midterm election, doesn't solve them.

from
https://www.wired.com/story/smartphone-voting-is-happening-west-virginia

A New Pacemaker Hack Puts Malware Directly On the Device

Researchers at the Black Hat security conference will demonstrate a new pacemaker-hacking technique that can add or withhold shocks at will.

from
https://www.wired.com/story/pacemaker-hack-malware-black-hat

The Sensors That Power Smart Cities Are a Hacker's Dream

The IoT security crisis is playing out on a macro scale too, putting critical infrastructure at risk.

from
https://www.wired.com/story/sensor-hubs-smart-cities-vulnerabilities-hacks

Online Stock Trading Has Serious Security Holes

An analysis of dozens of trading platforms reveals a range of cybersecurity concerns across mobile, desktop, and the web.

from
https://www.wired.com/story/online-stock-trading-serious-security-holes

How to Stay Safe on Public Wi-Fi

Connecting to a public Wi-Fi network can put you at risk. Here's how to minimize the damage.

from
https://www.wired.com/story/public-wifi-safety-tips

The Explosive-Carrying Drones in Venezuela Won’t Be the Last

There's still no good defense against drones attacks like the one that targeted Venezuelan president Nicolas Maduro Saturday.

from
https://www.wired.com/story/venezuela-drones-explosives-maduro-threat

Airport Surveillance, FBI Brain Drain, and More Security News This Week

A Chipotle scam, FBI brain drain, and more of the week's top security news.

from
https://www.wired.com/story/air-marshals-have-been-surveilling-civilians-security-roundup

Electronic Monitoring Isn’t a More Humane Form of Prison. Here’s Why.

Opinion: Electronic monitors violate people’s civil rights and carry unfair financial penalties.

from
https://www.wired.com/story/opinion-ankle-monitors-are-another-kind-of-jail