Valve Squashes Decade-Old Steam Security Bug, and More Security News This Week
Credit to Author: Brian Barrett| Date: Sat, 02 Jun 2018 14:00:00 +0000
This week we looked inward for change; if you ever wondered what it’s like to be a national technology and culture magazine that loses $100,000 in Bitcoin, have we got a story for you. If you'd rather an even wilder tale from around the globe, please read about how Russian journalist Arkady Babchenko faked his own death, and why some of his colleagues have cried foul.
In other international news, Papua New Guinea threatened to ban Facebook for a month for seemingly spurious reasons, concerning locals who rely on the service. Closer to home, inmates in San Quentin built their own search engine, for use exclusively in a prison-approved coding program.
Government agencies are even less prepared for cyberattacks than you thought. Garrett Graff reviewed former director of national intelligence James Clapper's new book, and charted his path to becoming one of President Donald Trump's most vocal critics. And please enjoy these very good pups getting brain scans to see if they'd be good bomb-sniffers. No, really!
But wait, there's more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Vulnerabilities happen. But not many of them persist unnoticed as long as a remote code execution flaw that was recently discovered in online gaming platform Steam. For 10 years, all it would take to run malicious code on one a Steam-connected device was sending some bad packets. Security researcher Tom Court, who identified the issue, notes that a security upgrade Valve implemented in July of last year softened the potential impact, and Valve released a full fix almost two months ago. But still! Ten years! That’s not quite Meltdown and Spectre territory, but plenty impressive in its own right—especially given the much lower degree of difficulty.
For anyone worried that society had fully moved past the whole V for Vendetta hacker schtick, the person or persons who breached Ticketfly this week beg to differ. On Thursday, the ticket-seller’s site homepage was replaced by a message that read “Ticketfly HacKedBy IsHaKdZ” and “Your Security Down im Not Sorry” and some Guy-Fawkes-holding-daggers-action. Motherboard confirmed that the vandals also accessed “personal details of Ticketfly customers and employees,” apparently numbering in the thousands.
According to some poking by security researcher Sabri Haddouche, Apple has stored email metadata ever since it transitioned its Mail app to iCloud. Haddouche says he was able to find email addresses, names, and timestamps for messages sent dating all the way back to 2012. It seems to relate to the feature that helps autocomplete some email entry fields. This is still happening, by the way; if you'd rather it not happen to you, either log out of iCloud or don't use Apple's Mail app.
Security software giant Kaspersky has been banned from US government use since last year, due to unspecified national security concerns related to, well, the fact that it's Russian. This week, a federal judge dismissed the company's bid to overturn the ban, meaning it remains verboten. Kaspersky has said it will appeal the decision.