This week's technology news headlines highlight new MFA concerns, Twitter data mismanagement, & using encryption to protect data from quantum computers.
Motherboard: Toms Shoes' Mailing List Hacked to Tell Users to Log Off
By: Joseph Cox
"Too often, hackers use their skills to steal cash or make someone's day very difficult. But sometimes, hackers just want to send a message. On Sunday, one hacker used the mailing list of retailer TOMS Shoes to tell users it's time to log off. 'hey you, don't look at a digital screen all day, theres a world out there that you're missing out on,' the hacker, going by the name Nathan, said in an email sent to TOMS subscribers. 'just felt some people need that,' they added."
Wall Street Journal: Criminals Hide Out in Smaller Online Marketplaces
By: Catherine Stupp
"Recent law-enforcement shutdowns of major dark-web marketplaces are pushing criminals onto smaller forums for illegal services, making it difficult for authorities to investigate and stop them. Small marketplaces have experienced an uptick in activity, including some that offer products from only one seller, according to investigators at the European Union law-enforcement agency, Europol. Many criminals use various smaller marketplaces and investigators might struggle to connect their sales on different venues. Authorities also face challenges in closely following activity on such forums, where criminals often communicate in other languages as they turn away from large marketplaces where transactions often occurred in English."
Inverse: You are Not Safe -- Being "Very Online" is Killing Us
By: Thor Benson
"You wake up, and so do your devices. You’re tracking your sleep with a wearable, your phone sleeps next to you, you’re getting the news, private messages, and looking at photos of your friend’s vacation before you even leave your bedroom. Most of us never escape technology. It’s only going to get worse. I was having trouble sleeping the other day. I was on Twitter from the moment I woke up to the moment I crawled into bed, and I realized I was having trouble turning my brain off because it was still on Twitter. I was thinking about the conversations I had had online that day and what certain people thought about me. I had Twitter-induced anxiety. I know many others have dealt with this problem."
Wired: Never Trust a Platform to Put Privacy Ahead of Profit
By: Lily Hay Newman
"At this point, it's painfully unsurprising to hear new examples of tech companies misusing customer data. But a particularly shameful version of the story has become increasingly common: services pulling phone numbers and other data used for two-factor authentication into their marketing databases. On Tuesday, Twitter became the latest tech giant to join those ranks. The company said in a statement that it accidentally ingested phone numbers and email addresses collected for security measures like two-factor into two of its advertising systems, called Tailored Audiences and Partner Audiences. The company didn't give the information directly to marketers, but used it to help them target ads to Twitter users. Twitter stopped the data bleed on September 17, three weeks before coming forward about it. It's not clear for how long the improper sharing had taken place prior, and Twitter says it doesn't know how many users were affected."
ZDNet: Most Americans Can't Recognize 2FA, HTTPS, or Private Browsing
By: Catalin Cimpanu
"Two-factor authentication (2FA), HTTPS, or private browsing, are concepts that are too complex for most Americans, new research published today reveals. Answers from a survey of 4,272 US adults conducted in June by the Pew Research Center found that most Americans aren't as tech-savvy as you'd normally expect from the country that houses most of today's web tech innovation. Users were asked about phishing, 2FA, HTTPS, browser cookies, privacy policies, net neutrality, private browsing, if they knew who owns Instagram or WhatsApp, and if they could identify Jack Dorsey as the Twitter CEO by looking at a photo."
Bloomberg: Amazon Workers May Be Watching Your Cloud Cam Home Footage
By: Natalia Drozdiak, Giles Turner, & Matt Day
"In a promotional video, Amazon.com Inc. says its Cloud Cam home security camera provides 'everything you need to monitor your home, day or night.' In fact, the artificially intelligent device requires help from a squad of invisible employees. Dozens of Amazon workers based in India and Romania review select clips captured by Cloud Cam, according to five people who have worked on the program or have direct knowledge of it. Those video snippets are then used to train the AI algorithms to do a better job distinguishing between a real threat (a home invader) and a false alarm (the cat jumping on the sofa)."
ZDNet: FBI Warns about Attacks that Bypass Multi-Factor Authentication (MFA)
By: Catalin Cimpanu
"The US Federal Bureau of Investigation (FBI) has sent last month a security advisory to private industry partners about the rising threat of attacks against organizations and their employees that can bypass multi-factor authentication (MFA) solutions. 'The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks,' the FBI wrote in a Private Industry Notification (PIN) sent out on September 17. While nowadays there are multiple ways of bypassing MFA protections, the FBI alert specifically warned about SIM swapping, vulnerabilities in online pages handling MFA operations, and the use of transparent proxies like Muraen and NecroBrowser."
Scientific American: New Encryption System Protects Data from Quantum Computers
By: Sophie Bushwick
"Once quantum computers become functional, experts warn, they could perform calculations exponentially faster than classical computers—potentially enabling them to destroy the encryption that currently protects our data, from online banking records to personal documents on hard drives. That’s why the National Institute of Standards and Technology is already pushing researchers to look ahead to this 'postquantum' era. Most recently, IBM successfully demonstrated a quantum-proof encryption method it developed."
CNET: Facebook's New Portal Smart Displays -- Who's Listening and What's Happening to Your Data?
By: Ry Crist
"Facebook introduced three new versions of its Portal smart display on Wednesday -- a 'Mini' version with an 8-inch screen for $129, a $179 version with a 10-inch screen (the same size as the Amazon Echo Show and the Google Nest Hub Max), and a standalone, Kinect-like camera accessory that costs $149 and lets you use your entire TV as a Portal device. Each comes with an AI-powered "Smart Camera" that can track you as you move about in the frame during a call, and each comes with the same microphones for voice-activated controls as the originals. You can say, 'Hey, Portal,' to wake it up and make a video call or any other number of functions, and you can say, 'Alexa,' to access the full capabilities of Amazon's digital assistant, too."
BBC News: Copycat Coders Create 'Vulnerable' Apps
"A team of computer scientists looked at more than 72,000 chunks of code found on the Stack Overflow website. The site is popular with developers seeking advice on the best way to fix broken code. But researchers found many of the most copied snippets lacked basic checks that would stop common attacks. The dangerous code chunks often used obsolete functions, did little to check user responses and did not look for attempts to break the application, said the study. The researchers, also trawled through a website where many developers upload and share the code behind their apps and programmes.
The most widely used insecure code blocks turned up in more than 2,800 separate projects on the Github website, they found."