If nothing else, it was a week of provocative questions and few clear answer. Will you get your Equifax settlement money? Yes, but it might take years. Why did the alleged Capital One hacker fail to cover her tracks? And more importantly, why are major corporations still not taking cybersecurity seriously enough? And that’s just for starters.
We looked at a series of vulnerabilities in VxWorks, an operating system you may not have heard of but that powers billions of devices in critical infrastructure and beyond. We took the Guardian Firewall app for a spin and found it a pleasant way to block unwanted trackers on iOS. And we’re sorry to report that while 5G is finally upon us, it has a few security issues that still need ironing out.
Speaking of security issues, senator Mark Warner enlightened us about Russia’s designs on the 2020 elections. The former White House cybersecurity czar took the lid off his next act with Trinity, a startup that wants to frustrate hackers into submission. And Donald Trump’s pick as Director of National Intelligence, John Ratcliffe, gives WIRED contributor Garrett Graff an uneasy feeling: “That the administration is so predictable in its terrible choices should not make those terrible choices any less troubling,” Graff writes. On Friday, Ratcliffe withdrew his nomination.
And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
After a report in The Guardian detailed Apple’s use of contractors to “grade” the recordings of Siri users, the company has said it will suspend the program. Apple’s not alone in the practice; Google and Amazon use humans as well. But Apple’s self-professed roll as a privacy protector has made the revelation that much more cutting. As with Google and Amazon, the company says it will let people opt out of the grading system in a future software update—or hopefully, make it opt-in.
Club Penguin is a popular online kids’ game operated by Disney. Club Penguin Rewritten is the Grucci version of that game, an “independent recreation,” as BleepingComputer calls it. It still has millions of users, though, who were left exposed when hackers found a backdoor apparently put in place by a disgruntled administrator. The intruders got away with info for over 4 million accounts, and 2.9 million IP address logs. The admin in question denies the allegations, and honestly it’s just a lot of drama for not even being the real Club Penguin.
Surprising no one, Facebook has found yet another ring of coordinated inauthentic accounts pushing a likely state-sponsored narrative. This time it’s in the United Arab Emirates and Egypt, where two marketing firms operated hundreds of bogus accounts and Pages pushing various political stances. Facebook also axed hundreds of inauthentic pages originating from Saudi Arabia that promoted crown prince Mohammad bin Salman’s agenda, while smearing Saudi neighbors as well as Al-Jazeera and Amnesty International.
The New York Times reports that the New York Police Department’s facial recognition database includes teenagers and children as young as 11. It’s yet another example of facial recognition’s rampant expansion with little oversight; several NYC city council members were unaware of the practice. Experts criticized the practice on a technological level as well, given that facial recognition algorithms are already unreliable at best, and even more so when applied to young faces that can change substantially over the course of a few years.