Violet Blue
Journalist- Engadget
Security fails we’re kinda thankful for
As we gather 'round the fire, warming our facepalm-weary hands, the blaze burning bright with the shreds of our privacy and security, it's important to reflect on what we're grateful for: Companies that did the infosec version of stepping on a rake, forcing them to secure us better. Idiots who tried to "hack" the FCC comment system while leaving their OPSEC cake out in the rain. Whatever geniuses left road signs eminently hackable, and the ones who made ATMs susceptible to malware that literally spits out cash. Here are the "winners" of utter and complete security failures we're almost grateful for. Let's hope the next time these clowns fall off a stack of servers, they don't fail to miss the ground.
- Engadget
How did Google get Pixel 4 face unlock this wrong?
Like many tech writers, I've been struggling to wrap my head around the brand-new Pixel 4's face unlock security #fail. Before the phone was even released, BBC technology reporter Chris Fox discovered that his review unit had a deeply disturbing security flaw: The phone's only biometric security option, facial recognition, worked just fine if the subject's eyes were closed.
- Engadget
Even the tech expert from 'Mr. Robot' can’t figure out this iPhone hack
<p>If your dad were <a href="https://www.wired.com/2016/07/real-hackers-behind-mr-robot-get-right/">the technical advisor</a> for the <a href="https://www.engadget.com/gallery/the-many-surprisingly-realistic-hacks-of-mr-robot/">realistic hacks on <em>Mr. Robot</em></a> and he lovingly micromanaged your gadgets, you'd probably feel pretty badass about the security of your personal devices. So when one of <a href="https://www.okta.com/blog/author/marc-rogers/">Marc Rogers</a>' kids had their iPhone pickpocketed at San Francisco Pride this year, things took an unexpected turn when tech-savvy thieves pulled off hacking tricks that had Rogers beside himself with curiosity and fascination. And concern. Lots of concern.</p>
- Engadget
That Apple Card may not be as private as you think
<p>When it came time to pay for dinner with my friend and his wife the other night, he said, "No, let us get this."</p> <p>It was a kind gesture. When you don't have to pay for a meal out in San Francisco, the feeling of relief is similar to narrowly avoiding getting hit by a self-driving car in the crosswalk. My friend is generous. He used to work in Apple security and now does security for a different Big Tech entity.</p>
- Engadget
Spies, lies and data thieves: It's time to get a VPN
<p>If we've learned anything in the past few years, it's that the internet is full of creeps trying to spy on us. And I don't just mean malicious hackers, scammers, wi-fi snoopers, account hijackers and wankers in trench coats. Often the creeps in question are companies snatching our private data. And advertisers following us around like mouth-breathing Peeping Toms.</p>
- Engadget
You need a password manager -- right now
<p>Who loves dealing with passwords? No one, that's who. Making them, remembering them, having to create a new one when they <a href="https://www.engadget.com/2019/04/24/microsoft-password-expiration-security/">expire</a> and all you want to do is log in. Then there's the dreaded breach-of-the-week, whern we find out about the latest major <a href="https://www.engadget.com/2019/02/14/620-million-accounts-on-sale-dark-web-myfitnesspal-dubsmash/">hack attack</a> or big-data snafu, meaning we have to <a href="https://www.engadget.com/2017/04/24/hipchat-resets-all-passwords-after-hackers-break-in/">reset</a> our passwords again.</p>
- Engadget
Here’s how AG Barr is going to get encryption 'backdoors'
<p>If you heard the reverberation of a few thousand heads exploding last week, it was the sound of information security professionals <a href="https://twitter.com/matthew_d_green/status/1153684919434055680">reacting</a> to US Attorney General Barr saying that Big Tech "can and must" put backdoors into encryption.</p> <p>In his <a href="https://www.youtube.com/watch?v=c-QQwv1U2aY">speech</a> for a cybersecurity conference at Fordham University, Barr warned tech companies that time was running out for them to develop ways for the government to break encryption. FBI Director Christopher Wray <a href="https://www.cnbc.com/2019/07/25/fbi-director-wray-i-strongly-share-barrs-concerns-about-encryption.html">agreed</a> with him.</p>
- Engadget
How a trivial cell phone hack is ruining lives
<p>On a Tuesday night in May, Sean Coonce was reading the news in bed when his phone dropped service. He chalked it up to tech being tech and went to sleep. When he woke up, his Gmail account had been stolen and by Wednesday evening he was out $100,000.</p>
- Engadget
Sex, lies, and surveillance: Something's wrong with the war on sex trafficking
<p>Silicon Valley's biggest companies have partnered with a single organization to fight sex trafficking -- one that maintains a <a href="https://www.thorn.org/careers/application/?gh_jid=4270478002">data collection pipeline</a>, is <a href="https://www.thorn.org/partnerships/">partnered</a> with Palantir, and helps law enforcement <a href="https://assets.htspotlight.com/portal/Spotlight-Handout.pdf">profile and track</a> sex workers without their consent. Major websites like Facebook, Twitter, Snapchat and others <a href="https://www.thorn.org/partnerships/">are working</a> with a nonprofit called <a href="https://www.thorn.org/">Thorn</a> ("digital defenders of children") and, perhaps predictably, its methods are dubious.</p>
- Engadget
Hey Alexa: How can we escape surveillance capitalism?
<p>Where do you go when you want to escape surveillance? When you want to stop feeling like you might be being listened to by microphones, or watched through surveillance cameras, or tracked by invisible tech gremlins burrowed within devices.</p> <p>Certainly nowhere in public. Perhaps it's your car. Maybe it's your home. Or even your bedroom? For some readers, that perimeter of personal freedom likely shrunk in February when <a href="https://www.engadget.com/2019/02/20/google-nest-secure-mic-forgot/">news broke</a> that Google "forgot" to tell consumers its Nest Secure came with a built-in microphone.</p>
- Engadget
After Christchurch, we need more than digital-security theater
<p>Just after <a href="https://www.engadget.com/search/?search-terms=christchurch">the Christchurch shooting</a> I came across <a href="https://lifehacker.com/how-to-block-violent-videos-on-facebook-twitter-and-y-1833320168">an article</a> explaining how to make your Twitter, Facebook and YouTube accounts block violent videos.</p> <p>How-tos like this are depressingly necessary, because while Facebook removes an illustrated nipple for "community safety" at lightning speed with real consequences, the company isn't equally interested in policing content that's indisputably harmful. After the Christchurch attack, Facebook <a href="https://www.cnn.com/asia/live-news/live-updates-new-zealand-shooting-christchurch-terror-attack-intl/h_1074486ec04fb8f5fa93b92bf1ebd327">said</a> it took down 1.5 million postings of the terrorist's mass-murder livestream within 24 hours, but only 1.2 million of those videos were blocked at upload.</p>
- Engadget
Russia is going to test an internet ‘kill switch,’ and its citizens will suffer
<p>Russia is <a href="https://www.newscientist.com/article/2194009-russias-plan-to-unplug-from-the-internet-shows-cyberwar-is-escalating/">planning</a> to disconnect itself from the global internet in a test sometime between now and April. The country <a href="http://duma.gov.ru/news/29748/">says</a> it is implementing an internal internet (intranet) and an internet "kill switch" to protect itself against cyberwar. The question is, would this actually work?</p> <p>"This, as a single tactic, would not be sufficient," explained Bill Woodcock, executive director of <a href="https://www.pch.net/">Packet Clearing House</a>, via email. "But it hugely reduces their attack surface. So in combination with many other tactics, it's a component of a reasonable strategy."</p>
- Engadget
How sex censorship killed the internet we love
<h3><i>When was the last time you thought of the internet as a weird and wonderful place?</i></h3> <p>I can feel my anxiety climbing as I try to find current news stories about sex. Google News shows one lonely result for "porn," an article that is 26 days old. I log out of everything and try different browsers because this can't be right.</p>
- Engadget
So, you got an IoT device for the holidays
<p>IoT devices are at once a grotesquerie for the security- and privacy-conscious, and a delicious, convenient poison. And chances are pretty good you got one as a holiday gift.</p> <p>You might say we're in the heyday of IoT — though a significant number of infosec professionals might be more inclined to call it the apex of the <a href="https://twitter.com/internetofshit?lang=en">Internet of Shit</a>. They have a point. Even just a glance at recent headlines is enough to convince anyone that the so-called smartness of these products is a bit lacking.</p>
- Engadget
2018 in cybersecurity: Regrets, we have a few
<p>This was the year security slips, privacy fails and outright stupidity went from bad to surreal. It was a year in which warnings went unheeded and companies lost whatever trust we gave them. It was a nesting doll of security disasters. A clown car of willful negligence. A long 12 months of totally unsexy, nonconsensual edge-play with our data.</p>
- Engadget
Maria Butina: Cybersecurity charlatan, spy
<p>Russian spy Maria Butina's cover story was her <a href="https://www.propublica.org/article/why-russian-spies-really-like-american-universities">academic interest</a> and <a href="https://www.linkedin.com/in/maria-butina-113a7911b">expertise</a> in cybersecurity. As cover stories go, this unfortunately wasn't a hard one to pull off.</p> <p>Except anyone holding even the barest minimum of cybersecurity knowledge could've figured out in minutes that Butina's interest in cybersecurity was minimal.</p>
- Engadget
The internet war on sex is here
<p>During the Great Internet Sex War, that began in the United States during its Facebook Era, people were forced to stockpile their porn. Lube was bought by the drum and hidden in bunkers, alongside vibrators and air-gapped computers holding valuable troves of accurate, non judgemental sex information. Gimp suits were stored upright, oiled, and ready for doomsday's call. Explicit gifs became a black market commodity, and there were rumors of a Thunderdome ruled by cam girls. Every sexual identity, except the singular one deemed safe by the corporations, went into hiding. Fear prevented even the mere mention of sexual pleasure on the networks and in communications.</p>
- Engadget
Google’s China search engine drama
<p>The first time many of us <a href="https://www.telegraph.co.uk/technology/2018/11/25/chinese-businesswoman-accused-jaywalking-ai-camera-spots-face/">heard</a> about China's use of facial recognition on jaywalkers was just this week when a prominent Chinese businesswoman was publicly "named and shamed" for improper street crossing. Turns out, she wasn't even there: China's terrifyingly over-the-top use of tech for citizen surveillance made a mistake. The AI system identified Dong Mingzhu's face from a bus advertisement for her company's products.</p>
- Engadget
Holiday gift ideas for paranoids
<p>In so many ways, Black Friday is an inescapable evil of cosmic proportions. It is a creeping cloud of <a href="https://www.engadget.com/holiday-gift-guide-2018/#/all/all">want</a>, pulling us resentfully toward deals that we know tempt us at our peril. The advertising boogeymen who have stalked, harassed and victimized us all year rub their fetid little hands and lure us toward pleasure (cool new gadgets) and pain (security threats, privacy demons, pocketbook hangovers).</p>
- Engadget
More companies are chipping their workers like pets
<p>The trend of blundering into the void of adopting new tech, damn the consequences, full speed ahead, continues this week. <i>The Telegraph</i> <a href="https://www.telegraph.co.uk/technology/2018/11/10/major-uk-companies-preparing-microchip-employees/">tells us about</a> "a number of UK legal and financial firms" are in talks with a chip company to implant their employees with RFID microchips for security purposes.</p>
- Engadget
How Brian Kemp hacked Georgia’s election
<p>"[Brian] Kemp on Thursday said he had resigned as Georgia's secretary of state," <a href="https://www.reuters.com/article/us-usa-election/recounts-runoffs-loom-over-high-profile-elections-in-florida-georgia-idUSKBN1ND28E?feedType=RSS&feedName=topNews">reported</a> Reuters yesterday. No one watching Kemp's malfeasant, multi-year election security trash fire could understand why that sentence didn't stop at "resigned."</p>
- Engadget
Dear tech: Stop doing business with Nazis
<p>Kicking Nazis off tech companies' services is so easy, and such a simple thing to do. It is such a basic act of human decency, a trivial task that would stop PayPal, Stripe, Instagram, Facebook, Twitter, GoDaddy and many more from being unquestionably complicit in the deadly rise of American Naziism. Stakes climb as we approach next week's elections. And yet.</p>
- Engadget
With Khashoggi, tech confronts its blood money
<p>In 2015 we <a href="https://www.engadget.com/2015/07/09/how-spyware-peddler-hacking-team-was-publicly-dismantled/">laughed</a> at Hacking Team for getting hacked. Their <a href="https://www.engadget.com/2015/07/17/the-human-cost-of-global-spyware-sales/">profit-driven facilitation of human rights abuses</a> around the world was somehow barely competent, but notorious. They sold illegal hackware and surveillance tech to brutal regimes and trained them in attacking citizens and journalists. We knew they were evil clowns. We just didn't expect what happened next.</p> <p></p>
- Engadget
Uber, Google, Facebook: Your experiments have gone too far
<p>It was 2014, around the time when Travis Kalanick <a href="https://www.gq.com/story/uber-cab-confessions?currentPage=1">referred</a> to Uber as his chick-magnet "Boober" in a GQ article, that I'd realized congestion in San Francisco had gone insane. Before there was Uber, getting across town took about ten minutes by car and there was nowhere to park, ever. With Boober in play, there was parking in places there never were spaces, but the streets were so jammed with empty, one-person "gig economy" cars circling, sitting in bus zones, mowing down bicyclists whilst fussing with their phones, still endlessly going nowhere, alone, that walking across the city was faster.</p>
- Engadget
Goodbye Google+, you beautiful, squandered opportunity
<p>When Google+ launched in 2011, people were already fed up with Facebook -- and Google was still cool. After Plus' closed invite garnered significant consumer desire, everyone's hopeful "Facebook killer" nabbed a sweet <a href="https://www.usatoday.com/story/tech/2013/10/29/google-plus/3296017/">300 million active monthly users</a> by 2013 (by comparison, Twitter had 230 million).</p> <p>No one could have predicted that on a random Monday seven years later, the tech giant would hang its head, <a href="https://www.engadget.com/2018/10/08/google-reportedly-exposed-data-for-hundreds-of-thousands-of-user/">admit</a> a <a href="https://www.theverge.com/2018/10/9/17957312/google-plus-vulnerability-privacy-breach-law">middling</a> API-access privacy hole and the existence of tumbleweeds on the service, and <i>then</i> <a href="https://www.engadget.com/2018/10/08/google-shutting-down-google-plus/">announce</a> it was shuttering Plus to the public.</p>
