A Twitter DM Fail, Free Credit Freezes, and More Security News This Week

  • 时间: 2018-09-23 07:03:38

This week, PresidentDonald Trump threatened to declassify swaths of information related to the ongoing Russian interference investigation, with seemingly little regard for the potential fallout. Well,it'd be bad.

But otherwise, this week had surprisingly good news in the world of security! Cloudflare is embracing Google's "Roughtime" protocolto help keep the internet's clocks ticking in sync, and the Mirai botnet architects have been helping the FBItake down cybercriminals as part of a plea agreement. Facebook's bug bounty now includes third-party appsbehaving badly. HTC explained how it'll secure its Exodus blockchain phone. And former defense secretary Ash Carter encouraged government and techto work together.

And yes, OK, there was less rosy news as well. DIY gun advocate Cody Wilson was arrestedfor alleged sexual assault of a minor. And the California Farm Bureau gave up the right of farmers to repair equipment they own.

Twitter Sent User DMs to Developers by Mistake

Direct messages are wonderful in that unlike the rest of the Twitter experience, you don't have to broadcast your thoughts to the known universe. They're private! Just for you and the recipients. Unless, as Twitter revealed Friday, you're one of the 1 percent of users who had those direct messages sent to unauthorized third-party developers instead. (Remember, Twitter has over well 300 million users, so that's a lot of errantly sent DMs.) The bug was also in effect since May 2017, and only patched recently. A fun cocktail party debate: Which was worse, this or the time Twitter stored passwords in plaintext?

Ghostery's New Browser Has Even More Privacy Cred

Ghostery already had a great ad-blocking extension. But this week the privacy-minded company launched an updated mobile browser as well for Android and iOS, adding anti-phishing protections, a password manager that lets you use Face ID or Touch ID, and other features intended to keep your time online as protected as possible.

State Department Personal Info Exposed in Breach

It's been a bad week for federal government cybersecurity. (Which, no surprise.) Not only did senator Ron Wyden call for better cybersecurityprotections for his colleagues, who have been under steady attack, but the State Department confirmed that the personally identifiable information of a small percentage of employees may have been exposed in a breach of its unclassified email system. This of course doesn't hold a candle to the infamous Office of Management and Personnel hack, in which Chinese hackers stole the personal information of 22 million government employees, but it does at least confirm that things are still bad.

Google Still Lets Apps Scan Data From Gmail Accounts

Remember that big kerfuffle, back when it turned out that Google let third-party apps snoop on your Gmail? One might have thought that was fixed! One would be wrong, sort of. Google confirmed to senators this week that it still some developers scan and share data it finds in accounts, although it requires opt-in from Gmail users. Which is to say, read your permissions carefully, friends! Or hold out hope that Google will start putting your privacy first.

Free Credit Freezes Are Here, So Get On It

As part of an ongoing effort to help people protect themselves from the very bad, no good Equifax hack that exposedprivate info of nearly 150 million people, the major credit bureaus will now offer free "credit freezes," which means no one can access your credit file. That, in turn, makes it harder for identity thieves to open bogus accounts. The most common use case here: kids, who have no need for credit, but who provide an easy target for bad guys looking to run up bills in someone else's name. To put a freeze into effect, contact Equifax, Experian, and TransUnion, and they'll do it within a business day. When you'd like to unfreeze, call them back, and they'll have to do it within an hour.

More Great WIRED Stories

Related Video


What is a DDoS Hack and How Do You Avoid Them?

DDoS! It stands for distributed denial of service, a kind of attack that turns insecure, internet-connected devices into a sort of zombie army. So here's how you can avoid being part of that zombie army.