Facebook Wins, Facebook Losses, and More Security News This Week

The Facebook breach, 3-D printed guns on Broadway, and more security news this week.

from
https://www.wired.com/story/security-news-feds-cant-force-facebook-to-wiretap-messenger

The Facebook Security Meltdown Exposes Way More Sites Than Facebook

The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.

from
https://www.wired.com/story/facebook-security-breach-third-party-sites

Facebook's Massive Security Breach: Everything We Know

Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.

from
https://www.wired.com/story/facebook-security-breach-50-million-accounts

Voting Machines Are Still Absurdly At Risk

A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use.

from
https://www.wired.com/story/voting-machine-vulnerabilities-defcon-voting-village

Russia’s Elite Fancy Bear Hackers Have a Clever New Trick

For the first time, a so-called UEFI rootkit has been spotted in the wild. And it appears to come from Russia.

from
https://www.wired.com/story/fancy-bear-hackers-uefi-rootkit

Mobile Websites Can Tap Into Your Phone's Sensors Without Asking

Apps need your explicit permission to access your smartphone's motion and light sensors. Mobile websites? Not so much.

from
https://www.wired.com/story/mobile-websites-can-tap-into-your-phones-sensors-without-asking

Cody Wilson Leaves Defense Distributed, But 3-D Printed Guns Roll On

Even after the DIY gunsmith's arrest on sexual assault charges, the fight for and against 3-D printed guns still rages.

from
https://www.wired.com/story/cody-wilson-3d-printed-guns-resigns-defense-distributed

Even If Rod Rosenstein Stays, the Mueller Investigation Status Quo Won't Last

Much of the speculation around deputy attorney general Rod Rosenstein's fate misses how disruptive a post-midterms shake-up could be.

from
https://www.wired.com/story/rod-rosenstein-mueller-investigation-midterms

A Small Google Chrome Change Stirs a Big Privacy Controversy

The latest update to Google's browser has riled privacy advocates by appearing to log people in without their explicit permission.

from
https://www.wired.com/story/google-chrome-login-privacy

The Series 5 YubiKey Will Help Kill the Password

The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether.

from
https://www.wired.com/story/yubikey-series-5-fido2-passwordless

A Twitter DM Fail, Free Credit Freezes, and More Security News This Week

Free credit freezes, a better private browser, and more security news this week.

from
https://www.wired.com/story/twitter-sent-user-dms-to-developers-by-mistake

AirCheck G2 gets a v3

You may recall my blog post year lauding the version 2 firmware for the Netscout G2. I’m very pleased that Netscout has continued product development, taking feedback from users (including myself) on ways to further improve the already-awesome AirCheck G2. I’ve been working with the v3 firmware for the AirCheck for a bit over a month now and I’m happy to report in with my new favorite improvements – all delivered via a software update under a current support contract!

1) Improved packet captures

One of the things I didn’t write about last time was the ability to do packet captures that was introduced in v2. Admittedly, it felt somewhat half-baked and there are two very important enhancements that make this the tool I always hoped it would be. Firstly, we get the ability to slice packets. Those of you familiar with packet captures will know that in the vast majority of cases, we’re interested with the beginning of the 802.11 frames (since the payload is commonly encrypted). The ability to slice packets means that we can get very valuable packet-level analysis without capturing the entire frame!

Packet slicing

Secondly (and leading directly into my next favorite thing) is a *much* easier way to get the actual packet captures off of the AirCheck. In the past (and in addition to dealing with file sizes that were needlessly cumbersome), you’d have to grab the AirCheck G2 Desktop software and hook your AirCheck up to a computer to copy the capture off. Now you can just plug in an ethernet cable and the upload the tests right into the Link-Live service that comes included with your AirCheck! From there, you can download the raw .pcap file for use in your favorite packet capture analysis tool (Omnipeek, CloudShark, WireShark, Wi-Fi Analyzer, etc).

.pcap files in Link-Live

2. Cloud (Link-Live all the things)

You may have guessed from my above comments that the Cloud enablement is right up there on my list of awesome things that this update brings. With a notable decrease in reliance on the Windows-only desktop application, the improved Link-Live integration now supports a whole slew of AirCheck uploads including:

• Full AutoTest results
• Session files
• Screenshots
• Packet captures (mentioned above)
• Job, location, comments

Further reliance on the Link-Live portal is clearly a huge focus for the AirCheck team and they’ve delivered on many key integrations to help our field teams get data off of the AirCheck G2s in a timely fashion. In addition to being able to pull files off of the AirChecks enabled by Link-Live, the ability to push profiles lands squarely in the ‘awesome to have’ column. Being able to upload pre-configured profiles to your fleet units removes much of the inconsistencies that large teams can sometimes run across. 

3. Over the network firmware updates

Last, but certainly not least of the new features, the ability to do over-the-network firmware updates means that you no longer have to have access to a USB cable and Windows machine just to get all of the future improvements that Netscout is clearly on track to deliver. For an awesome product that continues to get software based improvements that genuinely move the needle, this feature changes the game for getting current software onto our AirChecks. Simply plug the unit into a working network connect and click the ‘Check for Software Updates’ and you’re good to go!

Software Update

Way to go Netscout team for bring a truck load of features to an already indispensable tool. Making new features that people will actually use (as opposed to the bloat we commonly see) is not only a refreshing take from the Netscout team, but continues to make the AirCheck G2 the best in Wi-Fi handheld triage tools. If you’ve not gotten your hands on an AirCheck G2 by now, you’re missing out.

from
https://sc-wifi.com/2018/09/21/aircheck-g2-gets-a-v3/

Cloudflare Embraces Google Roughtime, Giving Internet Security a Boost

Syncing clocks online is vital to web security.

from
https://www.wired.com/story/clouldflare-google-roughtime-sync-clocks-security

How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency

HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year.

from
https://www.wired.com/story/htc-exodus-blockchain-phone-secure-cryptocurrency

DIY Gun Activist Cody Wilson Accused of Child Sexual Assault

A Texas court issued a warrant for the Defense Distributed founder's arrest on Wednesday.

from
https://www.wired.com/story/cody-wilson-accused-child-sexual-assault

John Deere Just Cost Farmers Their Right to Repair

The California Farm Bureau has given away the right of farmers to fix their equipment without going through a dealer.

from
https://www.wired.com/story/john-deere-farmers-right-to-repair

The Collateral Damage of Trump's Extreme Declassifications

Trump has the legal right to make public whatever documents he chooses. But he's going to cause untold damage in the process.

from
https://www.wired.com/story/trump-declassify-documents-national-security

The Mirai Botnet Masterminds Have Been Fighting Crime With the FBI

In 2016, three friends created a botnet that nearly broke the internet. Now, they're helping the feds catch cybercriminals of all stripes.

from
https://www.wired.com/story/mirai-botnet-creators-fbi-sentencing

Edward Snowden on Protecting Activists Against Surveillance

“Turnkey tyranny” has never been closer. For some communities, it feels like it’s already here.

from
https://www.wired.com/story/wired25-edward-snowden-malkia-cyril-activist-surveillance

Palmer Luckey Is Just Getting Started

The Oculus founder on virtual reality, defense tech, biohacking an injured toe.

from
https://www.wired.com/story/wired25-peter-thiel-palmer-luckey-virtual-reality-defense-tech

Facebook Broadens Its Bug Bounty to Include Third-Party Apps

Starting Monday, Facebook will pay at least $600 to researchers who spot third-party apps behaving badly on its platform.

from
https://www.wired.com/story/facebook-bug-bounty-third-party-apps

Kid-Focused Apps Track Location, UK Spying, and More Security News This Week

In security news this week, some apps for children may violate privacy laws, State Department devices might be less secure than your Instagram account, and more.

from
https://www.wired.com/story/location-tracking-apps-target-kids

A Decade-Old Attack Can Break the Encryption of Most PCs

The computer industry thought cold boot hacks were solved 10 years ago. Researchers have proven that's not the case.

from
https://www.wired.com/story/cold-boot-break-pc-encryption

Why Big Tech and the Government Need to Work Together

Opinion: Former Secretary of Defense Ash Carter argues for cooperation between tech workers and the DoD

from
https://www.wired.com/story/why-big-tech-and-the-government-need-to-work-together

Trump's New Executive Order Slaps a Bandaid on Election Interference Problems

Trump’s order creates a framework to sanction foreign meddling in elections, but experts say it’s not enough.

from
https://www.wired.com/story/trump-executive-order-election-interference-sanctions

How Hackers Slipped by British Airways' Data Defenses

Security researchers have detailed how a criminal hacking gang used just 22 lines of code to steal credit card info from hundreds of thousands of British Airways customers.

from
https://www.wired.com/story/british-airways-hack-detaeils

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

Weak encryption in the cars' key fobs allows all-too-easy theft, but you can set a PIN code on your Tesla to protect it.

from
https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob

Everything You Should Do Before You Lose Your Phone

Misplacing your smartphone—or worse, having it stolen—is awful. But you can at least minimize the damage with a few easy steps.

from
https://www.wired.com/story/lost-stolen-phone-what-to-do

Facial Recognition, a British Airways Hack, and More Security News This Week

A British Airways breach, a fake Army site, and more of the week's top security news.

from
https://www.wired.com/story/ibm-made-cops-a-tool-to-search-surveillance-video-by-skin-color

Fake Beto O'Rourke Texts Expose New Playground for Trolls

Someone hijacked a volunteer tool to make it look like Beto O'Rourke encouraged voter fraud—and that could just be the beginning.

from
https://www.wired.com/story/fake-beto-orourke-texts-expose-new-playground-for-trolls

Popular Mac App Adware Doctor Actually Acts Like Spyware

Adware Doctor has long been one of the top-selling apps in the Mac App Store. But researchers say it harvested browsing data, and sent it to China.

from
https://www.wired.com/story/adware-doctor-mac-app-store-spyware

Twitter Finally Bans Alex Jones—Over a Publicity Stunt

After years of abuse and spreading conspiracy theories, Alex Jones finally went too far for Twitter with a relatively tame rant.

from
https://www.wired.com/story/twitter-bans-alex-jones-infowars

DoJ Charges North Korean Hacker for Sony, WannaCry, and More

The Department of Justice has taken its first legal action against North Korea's cybercrimes, in a massive complaint made public Thursday.

from
https://www.wired.com/story/doj-north-korea-hacker-sony-wannacry-complaint

Facebook and Twitter's Biggest Problems Follow Them to Congress

As Jack Dorsey and Sheryl Sandberg testified before Congress, some of Twitter and Facebook's most notorious trolls and misinformation artists watched on.

from
https://www.wired.com/story/facebook-twitter-congress-testimony-dorsey-sandberg

How Trump Could Trigger Armageddon With a Tweet

Times have changed. The president is being held in check by terrified aides who are trying to keep his worst impulses in check. But disaster may only be a tweet away. Here's how it could happen.

from
https://www.wired.com/story/how-trump-could-trigger-armageddon-with-a-tweet

How to Watch Twitter and Facebook Testify Before Congress Wednesday

Twitter CEO Jack Dorsey and Facebook COO Sheryl Sandberg will field questions about foreign interference, perceived bias, and more.

from
https://www.wired.com/story/watch-jack-dorsey-twitter-sheryl-sandberg-facebook-testify-congress

Jon Kyl Will Take McCain's Senate Seat

The governor of Arizona announced Tuesday that Jon Kyl will replace the Senate seat vacated by the late John McCain. He may now further push to regulate tech giants like Facebook.

from
https://www.wired.com/story/jon-kyl-senate-facebook-tech-regulation

How Chrome Spent a Decade Making the Web More Secure

Ten years after Chrome debuted, a look back at how the browser redefined security online.

from
https://www.wired.com/story/chrome-decade-making-the-web-more-secure

Google Wants to Kill the URL

"Whatever we propose is going to be controversial. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck."

from
https://www.wired.com/story/google-wants-to-kill-the-url

Senator Mark Warner Is Not Happy With Google

The vice chairman of the Senate Intelligence Committee talks about the search giant's glaring absence at this week's committee hearings, and the White House's #stopthebias campaign.

from
https://www.wired.com/story/mark-warner-senate-committee-hearing-google-facebook-twitter

Hackers Hit Comic Site The Oatmeal, and It Wasn't Funny

This week, a comics site goes offline, more security clearance intrigue, lucrative email spying, and more.

from
https://www.wired.com/story/security-news-the-oatmeal-hacked