A Twitter DM Fail, Free Credit Freezes, and More Security News This Week

Credit to Author: Brian Barrett| Date: Sat, 22 Sep 2018 13:00:00 +0000

This week, President Donald Trump threatened to declassify swaths of information related to the ongoing Russian interference investigation, with seemingly little regard for the potential fallout. Well, it'd be bad.

But otherwise, this week had surprisingly good news in the world of security! Cloudflare is embracing Google's "Roughtime" protocol to help keep the internet's clocks ticking in sync, and the Mirai botnet architects have been helping the FBI take down cybercriminals as part of a plea agreement. Facebook's bug bounty now includes third-party apps behaving badly. HTC explained how it'll secure its Exodus blockchain phone. And former defense secretary Ash Carter encouraged government and tech to work together.

And yes, OK, there was less rosy news as well. DIY gun advocate Cody Wilson was arrested for alleged sexual assault of a minor. And the California Farm Bureau gave up the right of farmers to repair equipment they own.

Direct messages are wonderful in that unlike the rest of the Twitter experience, you don't have to broadcast your thoughts to the known universe. They're private! Just for you and the recipients. Unless, as Twitter revealed Friday, you're one of the 1 percent of users who had those direct messages sent to unauthorized third-party developers instead. (Remember, Twitter has over well 300 million users, so that's a lot of errantly sent DMs.) The bug was also in effect since May 2017, and only patched recently. A fun cocktail party debate: Which was worse, this or the time Twitter stored passwords in plaintext?

Ghostery already had a great ad-blocking extension. But this week the privacy-minded company launched an updated mobile browser as well for Android and iOS, adding anti-phishing protections, a password manager that lets you use Face ID or Touch ID, and other features intended to keep your time online as protected as possible.

It's been a bad week for federal government cybersecurity. (Which, no surprise.) Not only did senator Ron Wyden call for better cybersecurity protections for his colleagues, who have been under steady attack, but the State Department confirmed that the personally identifiable information of a small percentage of employees may have been exposed in a breach of its unclassified email system. This of course doesn't hold a candle to the infamous Office of Management and Personnel hack, in which Chinese hackers stole the personal information of 22 million government employees, but it does at least confirm that things are still bad.

Remember that big kerfuffle, back when it turned out that Google let third-party apps snoop on your Gmail? One might have thought that was fixed! One would be wrong, sort of. Google confirmed to senators this week that it still some developers scan and share data it finds in accounts, although it requires opt-in from Gmail users. Which is to say, read your permissions carefully, friends! Or hold out hope that Google will start putting your privacy first.

As part of an ongoing effort to help people protect themselves from the very bad, no good Equifax hack that exposed private info of nearly 150 million people, the major credit bureaus will now offer free "credit freezes," which means no one can access your credit file. That, in turn, makes it harder for identity thieves to open bogus accounts. The most common use case here: kids, who have no need for credit, but who provide an easy target for bad guys looking to run up bills in someone else's name. To put a freeze into effect, contact Equifax, Experian, and TransUnion, and they'll do it within a business day. When you'd like to unfreeze, call them back, and they'll have to do it within an hour.

https://www.wired.com/category/security/feed/