The past few days haven’t been great for the internet’s broader security. Iran’s Communication and Information Technology Ministry has reportedthat it was a victim in a global cyberattack that compromised about 200,000 Cisco switches that hadn’t yet received patches for exploits in the company’s legacy Smart Install protocol. The attackers displayed a US flag on at least some screens, complete with a “don’t mess with our elections” warning, but the attack wasn’t focused on Iran — only 3,500 switches fell to the exploit in the country. About 55,000 of the victim devices were in the US, IT Minister Mohammad Javad Azari Jahromi said, while 14,000 were in China. Other victims were located in Europe and India.
Taking a page from Kevin McCallister’s playbook in Home Alone, a landlord in Tokyo has developed a novel way for residents who live alone to feel safer. A tiny projector makes it appear as if there’s another person in the apartment from the outside by faking a moving, shadowed silhouette on a window curtain.
The Guardian reports today that Cambridge University researcher Aleksandr Kogan’s relationship with Facebook wasn’t limited to his now infamous “thisisyourdigitallife” app. He had actually also received an additional sizable chunk of data from Facebook that he used for a research paper published in 2015. This dataset, however, differs quite a bit from that collected through Kogan’s personality app. While large in volume, this other set was anonymized and aggregated with no personally identifiable information included. As the 2015 research paper states, the data included “every friendship made on Facebook in 2011 in every country in the world at the national aggregate level,” which summed up to over 57 billion friendships.
The travel fare website Orbitz said on Tuesday that as many as 880,000 payment cards were impacted by a security breach, warning that hackers may have also accessed the personal information of its customers. Continue reading Orbitz Says Hackers Accessed 880,000 Payment Cards
Apple has already bent over backwards in a bid to keep doing business in China, but it’ll have to bend a little further. As of the end of February, the company will host mainland Chinese users’ iCloud keys on servers located within the country — and they’ll be jointly run by a state-backed company, Guizhou Cloud Big Data Industry. The company has no choice if it wants to keep offering iCloud to Chinese users, as the law now requires that any cloud services have domestic ownership and store their data within China’s borders.
This morning in a press release, Intel announced that it has “issued firmware updates for 90 percent of Intel CPUs introduced in the past five years.” But it’s possible the flurry of patches is just beginning.
You don’t need an elaborate crime ring (or a government agency) to write malware that spies on others — sometimes, just one person can be responsible. The US Department of Justice has charged Ohio resident Philip Durachinsky with 16 crimes for allegedly writing malware, nicknamed “Fruitfly,” that gave him unfettered access to the PCs of “thousands” of individuals and institutions between 2003 and January 2017. Reportedly, he not only stole sensitive data to use for fraud and blackmail (such as logins, embarrassing chats and medical records) but took screenshots, logged keystrokes and spied on people through their webcams.