This week started with a bang and kept going. In the early hours of Saturday night, Tiktok reduced access to users in the United States ahead of a Sunday deadline that forced Apple and Google to remove the video-sharing app from their app stores. While Tiktok was dark, American users rushed to get around the Tiktok ban, while several other unexpected apps also saw their access to Americans. By midday Sunday, however, Tiktok Access was already returning to the United States. By Monday night, newly inaugurated US President Donald Trump had signed an executive order delaying the Tiktok ban by 75 days.
On Tuesday, Trump made good on his promise to free Ross Ulbricht, the imprisoned creator of the Silk Road Wark-Web marketplace, where users sold drugs, weapons and worse. Ulbricht had spent more than 11 years behind bars after being arrested by the FBI in 2013 and later sentenced to life in prison. Trump’s decision to pardon Ulbricht is largely seen as tied to the support he received from the libertarian cryptocurrency community, which has long regarded the Silk Road creator as a martyr.
As the world enters the second Trump era, Wired sat down with Jen Easterly, who recently left her first spot as director of the Cybersecurity and Infrastructure Security Agency, to discuss the cyber threats facing the United States’ uncertain future. and CISA as the frontline watchdog. State hackers and other digital security threats facing the US
Finally, we detailed new investigation that revealed how trivial errors had exposed Subaru’s system for tracking the locations of its customers’ vehicles. Investigators discovered they could access a web portal for Subaru employees that allowed them to pinpoint down to the years of a car’s location, down to the parking spots they use. The flaws are now patched, but Subaru employees still have access to sensitive driver location data.
That’s not all. Each week, we round up security and privacy news that we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe outside.
A US judge in New York this week found that the FBI’s practice of seeking data on US persons under Section 702 of the Foreign Intelligence Surveillance Act without obtaining a warrant is unconstitutional. FISA gives the United States government the authority to collect communications from foreign entities through Internet providers and companies like Apple and Google. Once this data was collected, the FBI could conduct “backdoor searches” to obtain information about American citizens or residents who communicated with foreigners, and did so without first obtaining a warrant. Judge Dearcy Hall found that these searches require a warrant. “To hold otherwise would effectively allow law enforcement to amass a repository of communications under section 702, including ours, which can later be searched upon request without limitation,” the judge wrote.
A “problem” with the basic functionality of the Internet infrastructure company’s content delivery network, or CDN, can reveal the coarse location of people using apps, including those intended to protect privacy, according to findings from an independent security researcher. Cloudflare has servers in hundreds of cities and more than 100 countries around the world. Their CDN works by storing people’s Internet traffic on their servers and then delivering that data from the server closest to a person’s location. The security researcher, who goes by Daniel, found a way to send an image to a target, collect the URL, and then use a custom tool to query CloudFlare to find out which data center delivered the image, and therefore the status or possibly The city in which the target is located. Fortunately, Cloudflare tells 404 Media that it fixed the issue after Daniel reported it.
In one of its first moves after Trump took office on Monday, the Department of Homeland Security let go of all of the agency’s advisory committees. This includes the Cybersecurity Review Board, which was investigating widespread attacks against the United States Telecommunications System by the Chinese-backed hacking group Saltphoon. US authorities revealed in mid-November that Salt Typhoon had been embedded in at least nine US telecommunications for spying purposes, potentially exposing anyone using unencrypted calls and text messages to Beijing’s surveillance. While the future of the CSRB remains uncertain, Sources say Journalist Eric Geller that his investigation into the Salt Typhoon attacks is effectively “dead.”
(Tagstotranslate) Security network