Security News This Week: The Latest Netflix Release Is a Personal Security Check-Up
Credit to Author: Lily Hay Newman| Date: Sat, 25 Feb 2017 12:00:14 +0000
It wouldn’t be 2017 without regular internet-shaking security bugs fueling our nightmares. The crisis >du jour? a flaw in the internet infrastructure company Cloudflare that caused random data leakage from some of the company’s six million customer sites. Brush your teeth and change your passwords, folks. Meanwhile, researchers have figured out how to steal data by watching a hard drive’s blinking LED indicator. And it’s finally possible to attack an old cryptographic hash function that’s still used for encryption more than it should be.
There was good news this week, too, though. Google offshoot Jigsaw and Google’s Counter Abuse Technology Team publicly released code for anti-harassment tools they’ve been honing for more than a year so they can hopefully be implemented around the web. Military bases could use smart city technology to improve their safety and security. And former Secretary of Defense Ashton Carter gave WIRED a glimpse of the future of warfare.
Then again, an arms dealer who sells military tech like tanks, missiles, and weapons told WIRED that doing business in the age of President Trump is a “win-win.” So, there’s that.
If you’re sick of all of this and want to crawl under a digital rock, prominent hacker Kevin Mitnick details how to be invisible online.
But wait, there’s plenty more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Netflix Develops a Cybersecurity App
Usually you go to Netflix for advice on what movies to watch, not tips on securing your devices. But on Tuesday, Netflix released the source code for a web app called Stethoscope that evaluates the security of desktop and mobile devices and generates tailored defense recommendations. The app evaluates things like firewall configuration, whether screen lock is enabled, update status, and disk encryption. The idea is to help corporate employees strengthen the security of their personal devices, improving their company’s security at the same time. Many recent high-profile hacks and data breaches like the Democratic National Committee hack have stemmed from social engineering campaigns that manipulated an institution member to inadvertently give attackers a way in to their organization.
Trump Appoints H.R. McMaster as National Security Adviser
After confusion and drama over replacing Michael Flynn as national security adviser, Trump convinced General H.R. McMaster to accept the position this week. McMaster, who is well-respected across the political spectrum and had a long military career, is known for his strategic work to salvage the Iraq war. He is seen as less of an ideologue than Flynn and is known for fierce independence. He was not involved in the Trump campaign or transition—but he did write a book about what can go wrong when politics intrudes on national security.
Palantir’s Cozy Partnership With the NSA
It’s no surprise that Planatir works with the US government, but The Intercept published videos and documents that show how the data-collection company pitches itself to the intelligence community. It’s a rare inside look at the business side of the spy business, and well worth a look.
Federal Judge Rules Against Compelling People to Give Fingerprints to Unlock Devices
Last week Magistrate Judge M. David Weisman of Chicago rejected a government request for a search warrant that would allow law enforcement to compel people relevant to their child pornography investigation to provide their fingers to unlock their iPhone and iPads (which are guarded by Apple’s TouchID biometric sensor). The judge argues that this would violate the Fifth Amendment, but past precedent on the issue has generally found that requiring a fingerprint is not testimonial in the way that asking someone to state their numeric passcode is. But Judge Weisman writes, “By using a finger to unlock a phone’s contents, a suspect is producing the contents on the phone. With a touch of a finger, a suspect is testifying that he or she has accessed the phone before, at a minimum, to set up the fingerprint password capabilities, and that he or she currently has some level of control over or relatively significant connection to the phone and its contents.” This decision by itself may not change the larger tide, but controversy over law enforcements’ ability to access the content of computing devices is just beginning.