AI Can Help Cybersecurity—If It Can Fight Through the Hype

There are a ton of claims around AI and cybersecurity that don't quite add up. Here's what's really going on.

from
https://www.wired.com/story/ai-machine-learning-cybersecurity

DDoS For Hire, a CIA Card Game, and More Security News This Week

A major DDoS for hire site gets taken down, the CIA has a card game that you can play soon too, and more security news this week.

from
https://www.wired.com/story/biggest-ddos-for-hire-site-goes-down

The House Intelligence Committee's Russia Report Doesn't Exonerate Donald Trump

Republicans concluded that Trump's campaign didn't collude with Russia, but the president is far from off the hook.

from
https://www.wired.com/story/house-intel-committee-russia-report-doesnt-let-trump-off-the-hook

Joy Reid Blames Hackers, Just Like Everyone Else

Joy Reid may have very well been the target of a malicious breach. Or she's just the latest person to blame hackers for her past mistakes.

from
https://www.wired.com/story/short-history-blaming-hackers-joy-reid

Turning an Amazon Echo Into a Spy Device Only Took Some Clever Coding

Researchers didn't have to hack Amazon's Alexa voice assistant to use it for eavesdropping. They just took advantage of the system in place.

from
https://www.wired.com/story/amazon-echo-alexa-skill-spying

A One-Minute Attack Let Hackers Spoof Hotel Master Keys

Researchers found—and helped fix—a flaw in Vingcard RFID locks that would let hackers break into any room in hotels around the world.

from
https://www.wired.com/story/one-minute-attack-let-hackers-spoof-hotel-master-keys

Can This System of Unlocking Phones Crack the Crypto War?

Ray Ozzie thinks his Clear method for unlocking encrypted devices can attain the impossible: It satisfies both law enforcement and privacy purists.

from
https://www.wired.com/story/crypto-war-clear-encryption

Why So Many People Make Their Password 'Dragon'

The mythical creature's popularity says a lot about the psychology of password creation.

from
https://www.wired.com/story/why-so-many-people-make-their-password-dragon

Xbox Hacking, LinkedIn Bugs, and More Security News This Week

Xbox hacking, LinkedIn bugs, and more security news this week.

from
https://www.wired.com/story/security-news-this-week-a-google-fix-breaks-anti-censorships-tools

DNC Lawsuit Against Russia Reveals New Details About 2016 Hack

In suing Russia, the Trump campaign, and others over the hack of its systems in 2016, the Democratic National Committee has also filled in important timeline details.

from
https://www.wired.com/story/dnc-lawsuit-reveals-key-details-2016-hack

Why Police Should Monitor Social Media to Prevent Crime

Opinion: Citizens may object to their social media posts being mined by law enforcement, but the practice can keep the public safe.

from
https://www.wired.com/story/why-police-should-monitor-social-media-to-prevent-crime

The 'Do Not Disturb' App Protects Your Mac From 'Evil Maid' Attacks

Detecting an insidious physical attack on your MacBook may often be as simple as alerting you when its lid opens.

from
https://www.wired.com/story/do-not-disturb-app-macbook-evil-maid-attacks

How DNA Transfer Nearly Convicted an Innocent Man of Murder

We leave traces of our genetic material everywhere, even on things we’ve never touched. That got Lukis Anderson charged with a brutal crime he didn’t commit.

from
https://www.wired.com/story/dna-transfer-framed-murder

The OURSA Security Conference Calls Out Lack of Inclusion

The OURSA security conference offered a place for diverse voices in security, a counterpoint to the corporate hegemony of RSA.

from
https://www.wired.com/story/oursa-security-conference-calls-out-lack-of-inclusion

'Trustjacking' Could Expose iPhones to Attack

Think twice before you tell your iPhone to trust that laptop when you charge it.

from
https://www.wired.com/story/trustjacking-ios-itunes-wi-fi-sync-attack

Inside the Unnerving CCleaner Supply Chain Attack

CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.

from
https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner

Ultrasonic Signals Are the Wild West of Wireless Tech

Inaudible signals that your phone can hear—but you can't—are often based on ad hoc tech, which makes for risky security.

from
https://www.wired.com/story/ultrasonic-signals-wild-west-of-wireless-tech

Pornhub Will Now Accept Verge Cryptocurrency

By accepting Verge, Pornhub could help make cryptocurrency transactions in general more mainstream.

from
https://www.wired.com/story/pornhub-verge-cryptocurrency

The Teens Who Hacked Microsoft's Videogame Empire—And Went Too Far

Among those involved in David Pokora's so-called Xbox Underground, one would become an informant, one would become a fugitive, and one would end up dead.

from
https://www.wired.com/story/xbox-underground-videogame-hackers

The White House Warns on Russian Router Hacking, But Muddles the Message

By scolding Russia for what looks like typical espionage, the US and UK are blurring red lines in cybersecurity.

from
https://www.wired.com/story/white-house-warns-russian-router-hacking-muddles-message

The White House Loses Rob Joyce and Tom Bossert, Its Cybersecurity Brain Trust

White House cybersecurity coordinator Rob Joyce will follow homeland security advisor Tom Bossert out the door, leaving the Trump administration adrift on cybersecurity policy.

from
https://www.wired.com/story/rob-joyce-tom-bossert-white-house-cybersecurity-policy

An Elaborate Hack Shows How Much Damage IoT Bugs Can Do

Rube-Goldbergesque IoT hacks are surprisingly simple to pull off—and can do a ton of damage.

from
https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do

How Russian Facebook Ads Divided and Targeted US Voters Before the 2016 Election

New research shows just how prevalent political advertising was from suspicious groups in 2016—including Russian trolls.

from
https://www.wired.com/story/russian-facebook-ads-targeted-us-voters-before-2016-election

Russia Bans Telegram, China's Facial Recognition, and More Security News This Week

Russia bans popular encrypted chat app Telegram, China's facial recognition system flexes, and more security news this week.

from
https://www.wired.com/story/russia-bans-encrypted-chat-app-telegram

Cloudflare's Plan to Protect the Whole Internet Comes Into Focus

One of the internet's biggest infrastructure companies is expanding its protections beyond the web.

from
https://www.wired.com/story/cloudflare-spectrum-iot-protection

How Android Phones Hide Missed Security Updates From You

A study finds that Android phones aren't just slow to get patched; sometimes they lie about being patched when they're not.

from
https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you

The 'Despacito' YouTube Hack Was Probably Pretty Simple to Pull Off

The removal of YouTube's most popular video this week was likely the result of a low-cost phishing scam rather than sophisticated hacking.

from
https://www.wired.com/story/despacito-hack-vevo-youtube

Cambridge Analytica Could Also Access Private Facebook Messages

A Facebook permission allowed an app to read messages between 1,500 Facebook users and their friends until October 2015—data that Cambridge Analytica could have accessed.

from
https://www.wired.com/story/cambridge-analytica-private-facebook-messages

This Radio Hacker Could Hijack Emergency Sirens to Play Any Sound

Balint Seeber found that cities around the US are leaving their emergency siren radio communication systems unencrypted, and vulnerable to spoofing.

from
https://www.wired.com/story/this-radio-hacker-could-hijack-emergency-sirens-to-play-any-sound

Mozilla's Internet Health Report Diagnoses Life Online

The foundation released a broad, sweeping report Tuesday about the state of our lives online.

from
https://www.wired.com/story/mozilla-internet-health-report

A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

Some network communication protocol vulnerabilities have been known for more than a decade and still aren't fixed. Now they're being exploited.

from
https://www.wired.com/story/upnp-router-game-console-vulnerabilities-exploited

How to Check If Cambridge Analytica Could Access Your Facebook Data

Facebook has released a tool that lets you see if you were caught up in the Cambridge Analytica fiasco—and what other apps know about you know.

from
https://www.wired.com/story/did-cambridge-analytica-access-your-facebook-data

Twitter Bots Post Two-Thirds of Links to Popular Sites on the Platform

A new study from Pew Research shows that the bulk of links on Twitter don't come from actual humans.

from
https://www.wired.com/story/twitter-bots-links

Meraki gets smart

I’m a fan of antennas. They’re pretty awesome components of Wi-Fi networks and I think they’re one of the most under-appreciated and oft-overlooked components, so when someone introduces a new antenna related technology, I tend to sit up and take notice!

 Recently, Meraki released their new external antenna model APs, the MR42E and MR53E. In the past, if you needed antenna flexibility in a Meraki solution, you had to use their outdoor rated AP. This introduction, in addition to rounding out their AP portfolio, snuck a new innovation into the market that Meraki has dubbed ‘Smart Antennas’. With the promise of auto-identifying an antenna to the AP, I couldn’t not know more about it! One of the more notable aspects of using external antennas is the potential risk to exceed regulatory compliance. While not terribly complex, the risks for getting it wrong could see the Feds breathing down your back – and nobody wants that! In addition to self-identification for compliance reasons, the new models of APs include more connectors than one might otherwise expect – 5 connectors for the MR42E, and 6 for the MR53E! This breaks down to 3 Wi-Fi antennas, 1 security/scan antenna, and 1 BLE/IoT antennas for the MR42E, and the same compliment on the MR53E with one more Wi-Fi antenna to support that 4th spatial stream. Without delving into each individual component, I really wanted to get a feel for if this thing did what it promised it would do, so I hooked them all up to their respective ports:

That’s a lot of cables!

Fired up the AP, claimed the hardware in my dashboard account and went poking on the antenna settings! Sure enough, where you would normally define an antenna, the exact model number of the antenna array I had was shown!

The cloud got it right!

Hoping it wasn’t fluke of some sort, I powered off the AP, disconnected them all, and tried again. Sure enough, this time, the dashboard presented me with the expected drop down list of available antennas.

The cloud still wants to help out.

I was impressed, it was magic, it worked automatically and wonderfully – and I had to know how. One screwdriver later (the tool, not the drink), I had done the unthinkable, and performed the ill-advised dissection of the shiny new antenna looking for something out of place:

No stranger to the inside of an antenna, the culprit jumped out at me pretty readily:

What appears to be a Maxim Integrated DS2431 1-wire EEPROM was sitting inline just before an antenna element. I traced it back to the connector and found it belonged to the externally-labeled IoT connector:

So, I dutifully connected just the IoT port to the AP, fired it up and viola! The dashboard indicated that the antenna was identified properly despite the fact that only 1 of the 6 connections was attached. This seems to reinforce that Meraki has indeed found a pretty intuitive way to integrate a digital component onto an analog line (as opposed to Cisco that has actual digital connectors in the DART) for a one-time polling of the antenna ID. This was further reinforced by booting the AP without the IoT port connected (so it did not identify the antenna correctly) and then re-attaching it without powering down the AP. After a day of uptime, the AP never properly re-identified it’s antenna. This means that, if you’re using the Meraki smart antenna solution:

1. Make sure that the antenna cables are attached to the proper port using the silkscreen indicator on the RP-TNC connectors
2. Make sure that if you change any antenna ports (especially the IoT port), you should reboot the AP so it can properly identify itself to the AP, and subsequently the cloud

It remains to be seen what kind of ecosystem Meraki intends to develop with 3rd party antenna developers, but rest assured, if you want to use a 3rd party antenna today on these new Meraki APs, you certainly can – you just need to log into the dashboard and make sure you pick the equivalent Meraki antenna that closest matches the gain of your 3rd party antenna.

from
https://sc-wifi.com/2018/04/06/meraki-gets-smart/

Facebook Messenger's 'Unsend' Feature Is What Happens When You Scramble

It's good that Facebook is addressing its many privacy woes, but reacting rather than planning leaves some fixes feeling half-baked.

from
https://www.wired.com/story/facebook-messenger-unsend

DC's Stingray Mess Won't Get Cleaned Up

DHS this week confirmed that Washington, DC is littered with fake cell tower surveillance devices, but nothing will likely be done to fix it.

from
https://www.wired.com/story/dcs-stingray-dhs-surveillance

Cyberinsurance Tries to Tackle the Unpredictable World of Hacks

Insuring against hacks and breaches can be a lucrative business—but also presents unique challenges.

from
https://www.wired.com/story/cyberinsurance-tackles-the-wildly-unpredictable-world-of-hacks

A 200-Year-Old Idea Offers a New Way to Trace Stolen Bitcoins

Cambridge researchers point to an 1816 precedent that could fundamentally change how "dirty" Bitcoins are tracked.

from
https://www.wired.com/story/bitcoin-blockchain-fifo-dirty-coins

Fin7: The Billion-Dollar Hacking Group Behind a String of Big Breaches

Fin7, also known as JokerStash, Carbanak, and other names, is one of the most successful criminal hacking groups in the world.

from
https://www.wired.com/story/fin7-carbanak-hacking-group-behind-a-string-of-big-breaches

Paul Nakasone Will Have to Balance NSA Needs With US Cyber Command Background

The appointment of Paul Nakasone raises the question again: Should the NSA and Cyber Command be controlled by one man?

from
https://www.wired.com/story/paul-nakasone-nsa-cyber-command

Google Bans All Cryptomining Extensions From the Chrome Store

As cryptojacking takes over the web, Google will put a stop to cryptomining extensions that prey on unsuspecting installers.

from
https://www.wired.com/story/google-bans-all-cryptomining-extensions-from-the-chrome-store