Clearview AI’s Massive Client List Got Hacked
Credit to Author: WIRED Staff| Date: Sat, 29 Feb 2020 14:00:00 +0000
Clever malware, student surveillance, and more of the week’s top security news.
Read moreSecurity
The Long Path out of the Vulnerability Disclosure Dark Ages
Credit to Author: Lily Hay Newman| Date: Fri, 28 Feb 2020 21:04:52 +0000
Letting a company know about flaws in their products has gotten easier since 2003—but not by much.
Read moreDangerzone Lets You Open Email Attachments Safely
Credit to Author: Andy Greenberg| Date: Fri, 28 Feb 2020 17:12:00 +0000
Dangerzone takes potentially malicious files and safely sanitizes them for you.
Read moreA Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data
Credit to Author: Dan Goodin, Ars Technica| Date: Thu, 27 Feb 2020 15:00:00 +0000
Affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and various Wi-Fi routers.
Read moreHow a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer
Credit to Author: Lily Hay Newman| Date: Wed, 26 Feb 2020 21:59:20 +0000
Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother.
Read moreHow and why you need HomeKit-secured smart homes
Credit to Author: Jonny Evans| Date: Thu, 27 Feb 2020 04:40:00 -0800
Once upon a time the Internet was amazing, enabling niche interests and connecting people. Apple’s iMac was the epitome of the era, while the iPhone became the prophet of change.
What is HomeKit-secured and why should you use it?
These days hackers break into home networks using our routers and smart home devices, which is why everyone must learn how to use HomeKit-secured routers to keep their connected homes safe.
Apple announced HomeKit-secured routers at WWDC 2019. The first few devices to support the tech recently began to reach market, including options from Linksys and (now) Amazon’s Eero routers.
Firefox starts switching on DNS-over-HTTPS to encrypt lookups, stymie tracking
Credit to Author: Gregg Keizer| Date: Wed, 26 Feb 2020 11:11:00 -0800
Mozilla has started to turn on DNS-over-HTTPS, or DoH, as part of its overall strategy of stressing user privacy.
“We know that unencrypted DNS is not only vulnerable to spying but is being exploited,” wrote Selena Deckelmann, Mozilla’s new vice president of desktop Firefox, in a Feb. 25 post to a company blog. “We are helping…to make the shift to more secure alternatives [and] do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.”
Microsoft Patch Alert: February 2020 patches bring fire and ice but seem to have settled – finally.
Credit to Author: Woody Leonhard| Date: Wed, 26 Feb 2020 09:44:00 -0800
The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it – leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month’s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn’t been officially acknowledged by Microsoft outside of a blog post. But at least it’s well known and understood.
Folks running SQL Server and Exchange Server networks need to get patched right away.
Win10 UEFI update KB 4524244 blockages
Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I talked about it last week.
Gmail Is Catching More Malicious Attachments With Deep Learning
Credit to Author: Lily Hay Newman| Date: Tue, 25 Feb 2020 20:18:02 +0000
Users of Gmail get 300 billion attachments each week. To separate legitimate documents from harmful ones, Google turned to AI—and it’s working.
Read more10 steps to smarter Google account security
Credit to Author: JR Raphael| Date: Wed, 26 Feb 2020 03:00:00 -0800
There are important accounts to secure, and then there are important accounts to secure. Your Google account falls into that second category, maybe even with a couple of asterisks and some neon orange highlighting added in for good measure.
I mean, really: When you stop and think about how much stuff is associated with that single sign-in — your email, your documents, your photos, your files, your search history, maybe even your contacts, text messages, and location history, if you use Android — saying it’s a “sensitive account” seems like an understatement. Whether you’re using Google for business, personal purposes, or some combination of the two, you want to do everything you possibly can to keep all of that information locked down and completely under your control.