Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
Are you using Incognito Mode on your browser, or employing other privacy-hiding protocols to anonymize your actions on the Internet? Turns out, it might not be so private or anonymous. A study shows that even if you go full “anonymous”, sites and services like Google and Facebook are already tracking your actions, even if you set your privacy settings to the max and use anonymous browsers. My favorite part of that article is the author’s use of “de-anonymizationer”, which sounds like a sci-fi weapon designed to shrink you or something.
Speaking of privacy, there’s going to be a new battle in the war of staying out of my sh*t with “always on” devices like Amazon Echo, Google Home, and more.
Who is that data being sent to? When is it being recorded? Who has access to it? How can we be assured that the microphone isn’t recording at all times, despite the companies saying it isn’t? What happens with this data if law enforcement ever gets involved?
Donald Trump’s pick for Attorney General, Jeff Sessions, wants to allow cops to have encryption backdoors for devices and platforms. That’s not cool, especially since the federal government can’t even keep their own stuff from getting hacked. By granting agencies a backdoor, you’re opening your customers up to other threats, because now there IS a way in. Asked whether encryption is important to national security and the security and privacy of the American people, Sessions responded:
“Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations.”
Speaking of “ways in”, the open door that is Yahoo is under investigation from the SEC for taking so long to report the massive data breaches that left over a billion users’ info right out in the open. This new investigation doesn’t bode well for the sale of Yahoo to Verizon, who are already looking to renegotiate the $4.8 billion they originally agreed to pay for the former search engine.
That hacker who leaked nude photos of Jennifer Lawrence and other celebrities has been sentenced to jail for nine months. The hacker, Edward Majerczyk of Illinois, had his lawyer argue that while he illegally hacked into their accounts, he was initially doing it for his own personal portfolio and private viewing.
Ahh, he’s like the pervert’s Robin Hood.
Symantec has revoked a boatload of security certificates that were mis-issued after a being exposed by Andrew Ayer, a certificate vendor. Symantec responded:
“The listed Symantec certificates were issued by one of our WebTrust audited partners. We have reduced this partner’s privileges to restrict further issuance while we review this matter. We revoked all reported certificates which were still valid that had not previously been revoked within the 24 hour CA/B Forum guideline – these certificates each had “O=test”. Our investigation is continuing.”
Security: it’s almost always unsecure!
See you next week!