White House Staffers Can’t Use Personal Smartphones Anymore, and More Security News This Week

Credit to Author: Brian Barrett| Date: Sat, 06 Jan 2018 14:00:00 +0000

It’s not every week that you have a once-in-a-generation security disaster. You know, definitionally. So let’s lead off with Meltdown and Spectre, a pair of attacks that impacts the processors inside most computers today. It’s quite a mess!

While technically complicated, Meltdown and Spectre are best understood in terms of scale. Every Intel processor since 1995 is impacted, along with AMD and ARM-based chips. Fixes have started rolling out slowly, so keep updating that software, but it’ll be years before these hardware vulnerabilities are fully addressed—if ever.

Speaking of things a long time coming, if you haven’t started using a password manager yet, the fact that adtech companies are pulling info from browser autofill fields should absolutely be the last straw. Logan Paul’s video of a suicide victim in Japan should have been a last straw for YouTube, but almost certainly won’t be. And if you’re antsy about Russian submarines hanging around undersea internet cables, relax! Or, you know, don’t relax, there’s plenty to worry about generally. Just not that.

Ever wonder what a sinkhole is? (The digital kind, not the ones that open up in Florida suburbs.) We’ve got you covered. Ever wonder if being good at Call of Duty translates to real-world battlefield skills? It doesn’t. Ever wonder when pro-Russia trolls would get around to trying to discredit special counsel Robert Mueller? Right about now!

But, wait, there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Thursday, White House press secretary Sarah Huckabee confirmed that White House staff will no longer be allowed to bring their smartphones into the West Wing, Bloomberg reports. The move, instituted by chief of staff John Kelly is presumably intended to tamp down on leaks—though it’s unclear if it also applies to the president himself. And while hardened government-issued smartphones are certainly more secure than whatever Huawei phablet a White House staffer might be toting, those affected are reportedly (and understandably) concerned about being able to get in touch with loved ones in an emergency.

If you were waiting for recommended charges related to the Senate investigation of Russia's influence on the 2016 presidential campaign, congrats! They're here. They're also targeted not at any member of the Trump organization, but at Christopher Steele, the former spy who assembled a jaw-dropping dossier on Trump's alleged ties to Russia. Senators Chuck Grassley and Lindsey Graham have informed the Justice Department that they believe Steele lied to the feds over his interactions with reporters concerning the dossier's contents. Among other oddities inherent in the move: The politicians appear to be telling the FBI something it would presumably already know about its own interviews with Steele.

Amazon's latest transparency report shows an uptick in subpoenas, ZDNet reports. The company received 1,618 in all, of which it complied with 42 percent. That's in addition to 229 search warrants, 44 percent of which it honored, and 89 other court orders, of which it complied with 52 percent. All of the requests relate to Amazon Web Services, which makes it hard to infer what exactly may have been requested, given that Amazon's cloud is by far the dominant player in a crowded field.

It looks like the Uber app, and (almost) acts like the Uber app, but it's really just malware. That's the story behind malware discovered by Symantec, an app that spoofs Uber's UI in an attempt to fool users into coughing up their user names and passwords. It takes its deceit one step further, though, using deep linking to next show an actual Uber app screen that shows the user's location. Tricky! The good news, rare as it is these days, is that the fake app never made it into the Google Play store, and has only so far targeted a small number of Russian-language users. Still, the technique should set off alarms—and give you something else to look out for.

https://www.wired.com/category/security/feed/