And if you thought your Thanksgiving debates were bad, know that the IoT encryption community is going through it, too .
And there's more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.DHS Updates Its Most Dangerous Vulnerabilities List After 8 YearsFor the first time in nearly a decade, the Department of Homeland Security has updated its Common Weakness Enumeration list of the 25 mosts dangerous software errors. In other words, the most common and critical vulnerabilities in tech today, based on a combination of prevalence and severity. You can read the list in full at the link above, but top honors to go CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. It knocks “Improper Neutralization of Special Elements used in an SQL Command” out of the top spot. Better luck next time, SQL injection; remember that it’s an honor just to be nominated.
California DMV Makes $50 Million a Year Selling Driver InfoInsert your own joke about yet another reason to hate the DMV here. Motherboard reports that California’s Department of Motor Vehicle’s has made anywhere from $41 million to $52 million each year by selling names, addresses, and car registration info of drivers. The customers include insurance companies and car companies. California’s not the only state to do this, but the number alone is eye-popping, as is the fact that most people don’t realize that the simple act of registering their car or getting their license puts their personal info in a third-party’s hands.
The secure messaging app Telegram was hit with a massive DDoS attack as protests erupted in Hong Kong this week. As protests erupted in the streets of Hong Kong this week, over a proposed law that would allow criminal suspects to be extradited to mainland China, the secure messaging app Telegram was hit with a massive DDoS attack.
Court Rules Suspect Doesn’t Have to Turn Over 64-Character PasswordThe Pennsylvania Supreme Court ruled this week that a suspect in a child pornography case did not have to turn over the password to his computer, overturning a lower court’s decision. In its decision, the court wrote that disclosing a password is a verbal communication, rather than a physical act like handing over a key, and therefore the “foregone conclusion exception” that prosecutors had argued does not apply. Digital rights advocates applauded the decision.
Vistaprint Leaves Customer Calls and Chats Exposed OnlineAnother week, another unsecured database. This time its online printing company Vistaprint’s turn. Security researcher Oliver Hough found a database with information related to 51,000 customer service interactions, which included some personally identifiable information and full online chats. As is often the case, it’s unclear if anyone other than Hough accessed the database before it was secured, but either way, it’s an inexcusable lapse.
WeWork's Wi-Fi Is Woefully Insecure
- The strange life and mysterious death of a virtuoso coder
- Alphabet's dream of an “Everyday Robot” is just out of reach
- An origami artist shows how to fold ultra-realistic creatures
- Wish List 2019: 52 amazing gifts you'll want to keep for yourself
- How to lock down your health and fitness data
- 👁 A safer way to protect your data ; plus, the latest news on AI
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers , running gear (including shoes and socks ), and best headphones .