Windows 7 Gets One Last Update For the Road
Credit to Author: Brian Barrett| Date: Sat, 01 Feb 2020 14:01:05 +0000
A Silk Road guilty plea, a UN hack, and more of the week's top security news.
Have you heard about this little thing called Space Force? If so, it's probably through ridicule; the latest branch of the US military has received no shortage of it since it launched at the end of last year. Still, at least it had a better week than Intel, which had to release a patch for a patch for its patch of its ZombieLoad problem. Say that five times fast.
This week we also took a look at the most common Mac malware, at least by antivirus firm Kaspersky's reckoning. What makes Shlayer impressive is how widespread it is despite being relatively plain. And we profiled senator Mark Warner, an uncommonly sophisticated critic of Big Tech and voice of reason on the Senate Intelligence Committee. His colleague Elizabeth Warren is running for president, and released an ambitious plan to fight disinformation in the 2020 election.
Every browser is moving to embrace more privacy, but they all disagree on how to do it. Well, mostly Chrome disagrees. We took a look at just how easy it would be to stop Stingray surveillance, and why it's still so unlikely to happen. And while your smartphone has encryption built in, you could always do more to make sure it's working overtime for you. Here's how.
And that's not all! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
Microsoft officially pulled support for Windows 7 almost two weeks ago, meaning no more updates forever. OK, well, maybe just one; this week the company pushed out a fix for a bug that was turning people's desktop wallpapers into a black void. You might read this as a reflexive metaphor from Windows 7 given its recent end of life, but it was actually caused the the last round of security updates the operating system got before Microsoft shoved it out to see on a flaming pyre. It truly is so hard to say goodbye.
Kudos this week to Motherboard and PC Mag, who jointly further exposed the shady practices of security company Avast. The antivirus provider was collecting user data—if they'd opted in, although the process to do so seems murky—and turning around to sell it through a subsidiary called Jumpshot. Forbes had previously reported on the connection in December, but Motherboard and PC Mag obtained insider documents that deeply detailed the operation. (WIRED parent company Condé Nast was apparently a customer.) By the end of the week, Avast had decided to stop collecting and selling user data, and to wind down Jumpshot altogether.
The Silk Road story isn't yet over. After arresting "Variety Jones," mentor to the dark web's operator Ross Ulbricht, a little over four years ago, the Department of Justice has finally closed the case with a guilty plea. Jones, whose real name is Roger Thomas Clark, pleaded guilty to one count of conspiracy to distribute narcotics. He'll face a maximum of 20 years in prison when he's sentenced in May; Ulbricht is currently serving out a life sentence.
Look, we get it. Being hacked can be embarrassing, especially if you have reputational interests to maintain. But that doesn't excuse the United Nations, which according to a new report from The New Humanitarian had "dozens" of its servers hacked, compromising staff records, health insurance, and commercial contract data. The attacks began last summer; the UN told no one, not even affected employees. That puts those victims at further risk, and also speaks poorly of the UN's crisis management skills. Which, you know, it's the UN.
Not long after a report that Saudi Arabia appears to have hacked the iPhone of Jeff Bezos—which the kingdom denies—comes a new investigation from Citizen Lab that indicates a similar attempt may have targeted a New York Times reporter. NYT Beirut bureau chief Ben Hubbard, who also wrote a forthcoming book about Saudi crown prince Mohammad bin Salman's rise to power, received a suspicious text in June 2018. It contained a link that led to a site associated previous Saudi Arabian hacking efforts.