Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
The United States doesn’t need your stinkin’ approval to ask for encryption back-doors. That’s right, the United States government does not need the approval of the secret surveillance court to ask tech companies to build encryption back-doors for them.
But it’s okay because the U.S. government would also not say if it’s ever asked a company to do so. Which means we’re safe, right? Ugh. Call someone in your state government and complain about something like this and maybe we can enjoy our privacy again. Or, like me, don’t do that and be glued to privacy-stealing technology all day :). .
A new bill wants jail time for execs who hide data breaches. (But probably not for the government who ask for those back-doors, right? Eh, eh?). We didn’t report on the macOS High Sierra hack because we think this is far more interesting. If a company suffers a data-hack and don’t really tell anyone, then this bill wants them to be jailed for keeping it a “secret.”
This is great if anything about it ever happens. Companies like Equifax, Uber, and Yahoo have been hacked this past year and have used some shoddy disclosure practices to “tell” us. We should hold them responsible for that and hopefully this new bill will. For more information, read this great article about it on Wired.
Online mattress company, Casper, has been wiretapping you. But not in the cool “we’re hiding a wire in the mattress you just bought from us” way. Because that would be funny. Instead, they’ve been collecting information from visitors to their website to try and learn their identities and sell that data.
Because apparently they aren’t making enough money from selling their mattresses. The company, with the help of software company NaviStone, has been gleaning information like name, postal address, etc, without the website visitor’s consent. A big no-no. They are now under a federal lawsuit where I presume their defense will be to provide the jury with a soft place to sleep in order to slip some legal jargon past their sleepy dispositions.
There’s a flaw in Intel processors that allows malware to slip right in. Intel’s Management Engine, a process inside most recently manufactured Intel processors can be easily hijacked by hackers who, in turn, have unlimited access to everything on the device. Neat. The only way to stop this hack is to completely unplug the machine from power.
This is great, except some computer manufacturers have been shipping their machines with Intel’s Management Engine disabled by default, so this is all one giant mess. Watch the video above or read this awesome article for more information.
Facebook may be trying a new form of captcha that uses a “clear photo of your face.” Yeah, so every time you want to log into Facebook you have to send them a current view of your face. I’m sure they aren’t using that for any sort of facial recognition AI. Don’t worry about it.
Facebook claims this is to prove you’re not a bot. I’ll claim that this will lead to a string of beheading incidents across the country as spurned lovers hack into their spouses account to see if they’ve been chatting with Jessica or not.
That’s it for this week. Stay safe out there and remember to change your password!