For the first time in too long, a week went by without any major international security incidents (unless you count the US withdraw from the Paris Climate Agreement, which you probably should). Perhaps unsurprisingly, that meant there was also time to look at defensive measures for a change.
For instance! The US successfully tested its very expensive, not entirely reliable missile defense system, but that doesn’t mean we’d be safe from a real-world attack. Pokémon Go switched its tactics to defend against cheaters, sending them to a Pidgey purgatory rather than outright banning them. And we got an inside look at how Google’s worldwide security teams keep the web safe from phishing. Well, safer, anyway. And a group of researchers have found a novel way to figure out where cellphone-snooping stingray devices hide, with an assist from rideshare service drivers.
The first official day of summer is June 21, meaning you’ve still got time to do some digital spring cleaning that should make you more secure. There’s also still time to ignore anything Vladimir Putin says about election hacking, since it’s all just misdirection anyway. And time ran out for Silk Road creator Ross Ulbricht, whose life sentence an appellate court upheld this week.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Many, many mega-corporations use OneLogin for password and single sign-on management. Many, many of them might wish they hadn’t right about now. In a blog post, the company acknowledged that not only had hackers breached its US data center, getting access to “database tables that contain information about users, apps, and various types of keys.” Not good! And worse still, OneLogin added that the intruders could maybe possibly have decrypted sensitive data during the seven hours they were in OneLogin’s systems. The company has detailed some steps affected customers can take to mitigate the damage, but time will tell how much has already been done.
Documents obtained by The Intercept detail how a private security group called TigerSwan treated Dakota Access Pipeline protestors as an “insurgency” group. Coordinating with government authorities across five states, the organization surveilled the group in depth, even infiltrating activist camps using false identities. It’s an in-depth look at how a private security group viewed lawful domestic protestors as “terrorists,” and how public agencies relied on that group for intel.
Want to visit the US? Get ready to hand over all of your social media handles and accounts from the last five years. It’s not a new policy, per se; the Obama administration had been combing people’s social media histories already. But the Trump administration has codified the search process for “flagged” visa applicants. It’s unclear how effective the screening would be, given that many social media accounts offer anonymity, but the enhanced measures are nonetheless in place.
As promised, WikiLeaks continues to trot out Vault 7 CIA hacking methods. This week the group detailed Pandemic, a tool that leverages Windows file servers to infect other computers in the same network. Despite a killer name, Pandemic has some serious limitations, indicating it may have existed for very specific use cases only. And as Ars Technica notes, the documentation in the release was incomplete; a hacker wouldn’t be able to pull off the attack based on what WikiLeaks provided.