The Internet Avoided a Minor Disaster Last Week

The Internet Avoided a Minor Disaster Last Week

An arm of the nonprofit Internet Security Research Group, Let’s Encrypt is a so-called certificate authority that lets websites implement encrypted connections at no cost.Let's Encrypt uses software called Boulder to make sure that it's allowed to issue a certificate to a site.

The Long Path out of the Vulnerability Disclosure Dark Ages

The Long Path out of the Vulnerability Disclosure Dark Ages

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake —which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from Lexar.

Pro-Trump Trolls Flooded the Iowa Caucus Phone Lines

Pro-Trump Trolls Flooded the Iowa Caucus Phone Lines

And flaws in a widely used Cisco protocol have put millions of workplace phones, routers, and network switches at risk .On the lighter side of hacking—well, it's all relative—artist Simon Weckert fooled Google Maps into thinking there was a traffic jam in Berlin by carting around 99 smartphones in little red wagon .

Facebook's Bug Bounty Caught a Data-Stealing Spree

Facebook's Bug Bounty Caught a Data-Stealing Spree

Facebook and Twitter also collaborated with Google and Apple on remediation efforts, and the Indiana University researchers won an additional bug bounty award from Google for their findings.

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

In fact, Neuberger said that disclosing the code verification bug to Microsoft and the public is part of a new NSA initiative in which the agency will share its vulnerability findings more quickly and more often.

A Facebook Bug Exposed Anonymous Admins of Pages

A Facebook Bug Exposed Anonymous Admins of Pages

All software has flaws, and Facebook quickly pushed a fix for this one—but not before word got around on message boards like 4chan, where people posted screenshots that doxed the accounts behind prominent pages.

Why the iPhone 11 Tracks Your Location Even When You Tell It Not To

Why the iPhone 11 Tracks Your Location Even When You Tell It Not To

For alleged Evil Corp leader Maksim Yakubets, it came this week, as US and UK authorities charged him and an associate with hacking thefts that totaled over $100 million.Security journalist Brian Krebs noted that the iPhone 11 and 11 Plus check in on your location even when you turn off all location-related settings.

A Mind-Boggling Uber Oversight, a Firefox Scam, and More News

A Mind-Boggling Uber Oversight, a Firefox Scam, and More News

Firefox users are gettin' scammed and Uber is gettin' slammed—but first, a cartoon about not liking what you see in the mirror .Here's the news you need to know, in two minutes or less.

Facebook Sweetens Deal for Hackers to Catch Security Bugs

Facebook Sweetens Deal for Hackers to Catch Security Bugs

Last year, the company began paying bounties for certain bugs researchers might find in third-party services that integrate with Facebook.“Reports submitted to us thanks to security researchers allow us to learn from their insights," says Dan Gurfinkel, who heads Facebook's bug bounty program.

An iTunes Bug Let Hackers Spread Ransomware

An iTunes Bug Let Hackers Spread Ransomware

The hacker apparently got in through a bug in forum software vBulletin; the Dutch Broadcast Foundation reports that the hacker has attempted to sell the data online.But he also took the time to comb through the malware's code, and stole a database full of decryption keys from the hacking group's server.

Ancient Sippy Cups, A Full-Control Android Hack, and More News

Ancient Sippy Cups, A Full-Control Android Hack, and More News

It turns out ancient babies drank animal milk out of teeny cups, a bug in some Android phones gives hackers complete control, and the film Joker broke a box office record.

A Field Guide to Elk Bugling

A Field Guide to Elk Bugling

On cold mornings, you’ll also see steam leave a bull’s mouth and nose while it’s bugling, which leads Clarke to believe smaller air passages of nostrils or front pouch of the lips may have something to do with the whistle that’s too high pitched to normally be coming out of an animal so large.

A Massive GM Strike, a LastPass Vulnerability, and More News

A Massive GM Strike, a LastPass Vulnerability, and More News

Thousands of GM workers are on strike, a bug exposed the popular password manager LastPass, and the Air Force is daring hackers to take down an orbiting satellite.You can sign up right here to make sure you get the news delivered fresh to your inbox every weekday!

How Safari and iMessage Have Made iPhones Less Secure

How Safari and iMessage Have Made iPhones Less Secure

"If you want to compromise an iPhone, these are the best ways to do it," says independent security researcher Linus Henze of the two apps.

Bugatti's Chiron Clocks 305 MPH Thanks to Top Notch Tires

Bugatti's Chiron Clocks 305 MPH Thanks to Top Notch Tires

BugattiBugatti’s new champion is a pre-production prototype of a special edition of the $3 million Chiron , which in its base form is electronically limited to 261 mph and goes from 0 to 60 mph in under three seconds.

A Tesla Security Bug, Levandowski Indicted, and More Car News

A Tesla Security Bug, Levandowski Indicted, and More Car News

But that is exactly what happened this week , when a father of this era of automated vehicle technology, the former Uber and Waymo engineer Anthony Levandowski, was indicted on federal charges of trade secret theft.

VW's ID Buggy Is an Electric Dune Dominator

VW's ID Buggy Is an Electric Dune Dominator

The idea is to that, like the old Beetles enthusiasts turned into dune buggies, today’s electrics can become just about anything.“In the 1960s people took the Beetle and built onto it, including most famously dune buggies like the Meyers Manx.”.

A Voracious Vineyard-Killer, Apple's Siri Snoopers, and More News

A Voracious Vineyard-Killer, Apple's Siri Snoopers, and More News

A Voracious Vineyard-Killer, Apple's Siri Snoopers, and More News. An invasive bug is destroying vineyards at an alarming rate, Apple contractors are listening to your Siri conver­sations, and we've got the earbuds for your next workout.

This Voracious, Unstoppable Bug Is Killing Off Vineyards

This Voracious, Unstoppable Bug Is Killing Off Vineyards

The effects have been devastating for the Pennsylvania wine industry , where some growers have reported a 90 percent grape loss due to lanternfly damage.

A Critical Device Hack, China's Social Credit, and More News

A Critical Device Hack, China's Social Credit, and More News

A Critical Device Hack, China's Social Credit, and More News. A bug is allowing hackers remote access to medical devices, China's social credit score is not actually that dystopian, and we've got a fun robot for kids.

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

According to Cavallarin, Apple said it would fix the problem by mid-May. When the company still hadn’t done so by the time a standard 90-day disclosure deadline had passed, Cavallarin went public, publishing a full description and proof-of-concept code on May 24.

Hackers Used Two Firefox Zero Days to Hit a Crypto Exchange

Hackers Used Two Firefox Zero Days to Hit a Crypto Exchange

Security News This Week: Hackers Used Two Firefox Zero Days to Hit a Crypto Exchange. The first zero-day made headlines midweek when Mozilla confirmed that it had patched a bug which would allowed hackers to gain remote access to a Firefox browser and execute code.

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

But 12-year-old Joshua Hill didn't have an iMac. To take advantage of all the new connectivity from his parents' mid-'90s Mac Performa, he needed a modem that would plug into the computer through one of its chunky "serial" ports.

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

In early February, an 18-year-old German security researcher named Linus Henze demonstrated a macOS attack that would allow a malicious application to grab passwords from Apple's protected keychain.

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

When security researcher Rob Graham scanned the entire public internet for BlueKeep-vulnerable machines on Monday, using a tool he built, he found that 923,671 machines hadn't been patched, and were thus still exposed to any potential worm.

Google Has Stored Some Passwords in Plaintext Since 2005

Google Has Stored Some Passwords in Plaintext Since 2005

It happened again: Google announced today that it's the latest tech giant to have accidentally stored user passwords unprotected in plaintext. But a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of a control panel, called the admin console.

Your Facebook Password Isn’t Safe. Neither Is Your Android Phone

Your Facebook Password Isn’t Safe. Neither Is Your Android Phone

Change your Facebook password. Facebook acknowledged a bug that caused hundreds of millions of user passwords (dating back to 2012) for both Facebook and Instagram to be stored as readable text internally.

Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

It just got even harder: On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite , and Instagram to be stored as plaintext in an internal platform.

An Android Vulnerability Went Unfixed for Over Five Years

An Android Vulnerability Went Unfixed for Over Five Years

But Toshin points out that attackers could also use the bug to gain inappropriate device access by tricking users into clicking a malicious link that would then open through Android's Instant App feature.

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

So like clockwork, 94 days after Google alerted Apple to a bug in its MacOS operating system that could allow malware to inject data into the most privileged code running on its computers, Mountain View's hackers are revealing that fresh zero-day vulnerability to the world.