Posts Tagged: security

How to turn your old phone into a security camera

Have an old phone sitting around unused? These apps can turn your old smartphone into a home security device.
Digital Trends

Security experts just found two giant smartphone privacy issues

Advertisements and notifications are a common part of the whole smartphone experience. But according to two new reports, they present troubling privacy issues.
Digital Trends

Check your iPhone right now for an important security update

iOS 17.3 is rolling out to iPhones right now, and it has an important new security feature that you’ll want ASAP.
Digital Trends

Mint Mobile says hackers accessed customer information during a security breach

Mint Mobile, the prepaid mobile carrier backed by Ryan Reynolds, notified customers via email this weekend that their information may have been stolen in a security breach, according to BleepingComputer. That information includes names, phone numbers, email addresses, plan descriptions, and SIM and IMEI numbers — which could be used for SIM swap attacks.

After a Reddit user posted a screenshot of the email and questioned if it was a scam, the Mint account responded to confirm its validity and said a customer support number has been set up to handle questions about the breach. Hackers did not access customers’ credit card information, which Mint says is not stored, nor were passwords compromised, BleepingComputer reports. The company also said it has since resolved the breach and customers do not need to take any action.

This article originally appeared on Engadget at https://www.engadget.com/mint-mobile-says-hackers-accessed-customer-information-during-a-security-breach-185215800.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

iOS 17.3 will give your iPhone a much-needed security upgrade

Having your iPhone get stolen can be an enormous (and costly) headache. Thankfully, Apple has added a new feature in iOS 17.3 to address this head-on.
Digital Trends

Windows 10 will receive its final security update in October 2028

Even though Windows 10 is still getting the Copilot AI love, the fact remains that it will no longer receive updates as of its end-of-support date, October 14, 2025, as noted in Microsoft’s IT Pro Blog post. Still, to ensure companies — and potentially individual consumers later — have ample time to prepare for the eventual upgrade, Microsoft will soon offer an Extended Security Update (ESU) program for Windows 10.

Much like the similar program made for Windows 7, organizations can buy Extended Security Updates for Windows 10 — now locked at version 22H2 — by way of a yearly subscription, with the maximum extended life being three years, i.e. up to October 14, 2028. Note that the program only covers critical and important security updates, and that there will be no technical support beyond these patches.

An alternative solution to the above is to migrate the Windows 10 PCs to Windows 11 in the cloud, by way of Windows 365 subscription. That way, the actual Windows 10 system in these machines will benefit from the Extended Security Updates at no extra cost, but still only for three years maximum.

Of course, Microsoft would much rather you just upgrade to Windows 11 one way or another, but as pointed out by Ars Technica, this time the tech giant plans on extending the ESU program to individuals. This wasn’t the case with Windows 7’s ESU program, which goes to show that Microsoft is well aware of Windows 10’s dominance even today — as much as 68.02 percent, versus just 26.63 percent for Windows 11, according to Statcounter (as of November 2023). Stay tuned for further details and pricing later.

This article originally appeared on Engadget at https://www.engadget.com/windows-10-will-receive-its-final-security-update-in-october-2028-084902439.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Google’s updated Titan security key can store up to 250 passkeys

Google has been trying to make it easier for people to secure their accounts for years now. The company is one of several that are pushing a transition to passkeys from passwords, and they have also sold physical keys for unlocking accounts that support FIDO standards. Today, Google has updated its lineup of Titan security keys with some features that’ll make them work better with passkeys as well as passwords.

As before, Google is offering two Titan keys, one with USB-C and another with USB-A. Both keys still support NFC so they can be used to unlock accounts on compatible smartphones as well as through the physical port. The new key supports FIDO2 specifications for password-free sign-ins and can store up to 250 passkeys. 

Google is using this as an opportunity to push people towards using passkeys to protect their Google account — as part of the set-up process, you’ll be encouraged to create a passkey and store it on the Titan key rather than continue using your password. At that point, you’ll also set up a PIN that can be used in conjunction with the security key to unlock your Google account. But the Titan key can work with any supported account, not just Google. And, of course, you can use it as a two-factor authentication device alongside traditional passwords, as well.

These new Titan keys are on sale today on the Google Store and cost the same as the ones they’re replacing. The USB-A model is $ 30, while the USB-C key costs $ 35. 

This article originally appeared on Engadget at https://www.engadget.com/googles-updated-titan-security-key-can-store-up-to-250-passkeys-180035899.html?src=rss

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

The Morning After: The NSA announces new artificial intelligence security center

The National Security Agency (NSA) has launched a dedicated artificial intelligence security center. This apparently follows the increased government use of algorithms and AI systems, related to defense and intelligent systems. The security center aims to protect these systems from theft and sabotage, as well as safeguard the country from external AI-based threats.

The NSA’s outgoing director, General Paul Nakasone, says the division will operate within the existing Cybersecurity Collaboration Center. This entity works with private industry and international partners to protect the US from cyberattacks from China, Russia and other countries with active malware and hacking campaigns.

One reason we might hear more on defensive measures is the incoming US presidential election, although Nakasone said he’s not seen evidence of that just yet.

— Mat Smith

The biggest stories you might have missed

Watch The Morning After Episode 5 on YouTube

The Supreme Court will hear social media cases with immense free speech implications

Hitting the Books: We are the frogs in the boiling pot, it’s time we started governing like it

The Creator review: A visually stunning, yet shallow, AI epic

The best smart light bulbs for 2023

Your phone will blare a national emergency alert test on October 4 at 2:20 PM ET

It’ll still probably make you jump.

The US government will conduct a nationwide alert test on Wednesday, October 4. The Federal Emergency Management Agency (FEMA) and the Federal Communications Commission (FCC) will send notifications to your phones (and radios and TVs) to test the National Wireless Emergency Alert System. If you live near a decent-sized metro area, there’s a solid chance you’ve received AMBER alerts through this system before. But you’re still going to be surprised.

Continue reading.

Analogue’s limited edition Pockets are delightful and frustrating

Its dedication to retro authenticity goes far beyond creating desirable gaming hardware.

TMA
Engadget

No one appears to understand the tug of retro game collectors’ emotions better than the team at Analogue, makers of some of the most desirable modern retro consoles. According to Engadget’s James Trew, it’s perfected the art of inducing both ends of that emotional spectrum. Almost two years after the release of the (delightful) Pocket handheld, many are (still) waiting for key accessories and even consoles to be in stock reliably. Meanwhile, the company just unveiled some seriously alluring limited editions. Good luck snatching one of those.

Continue reading.

Cocoon is a near-perfect puzzle game

The lead gameplay designer of Limbo and Inside has brought us a new classic.

TMA
Cocoon

With Cocoon, there’s no preamble, no text overlays and no overt hints. So, you walk around interacting with things that look like you can interact with them, scratching away at the game within. You’ll soon find an orb, which you can initially use to open doors, before discovering inside every orb is a new world of puzzles. I could oversimplify it and call it bug puzzle Inception, but it’s more satisfying than that. 

Read the full review.

Engadget Podcast: Meta’s Quest 3, AI and Ray-Ban smart glasses

Zuckerberg tries to make the metaverse and AR happen.

TMA
Engadget

This week, it’s Meta’s turn to highlight AI during its device event. In this episode, Devindra and Cherlynn dive into all of the news from Meta’s Connect 2023 event, where it unveiled Meta AI and accompanying celebrity-powered chatbots, a new VR headset and even new smart glasses, or should we say, smart sunglasses.

Listen here.

This article originally appeared on Engadget at https://www.engadget.com/the-morning-after-the-nsa-announces-new-artificial-intelligence-security-center-111537538.html?src=rss

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

An NYPD security robot will be patrolling the Times Square subway station

The New York Police Department (NYPD) is implementing a new security measure at the Times Square subway station. It's deploying a security robot to patrol the premises, which authorities say is meant to "keep you safe." We're not talking about a RoboCop-like machine or any human-like biped robot — the K5, which was made by California-based company Knightscope, looks like a massive version of R2-D2. Albert Fox Cahn, the executive director of privacy rights group Surveillance Technology Oversight Project, has a less flattering description for it, though, and told The New York Times that it's like a "trash can on wheels."

K5 weighs 420 pounds and is equipped with four cameras that can record video but not audio. As you can guess from the image above, the machine also doesn't come with arms — it didn't quite ignore Mayor Eric Adams' attempt at making a heart. The robot will patrol the station from midnight until 6 AM throughout its trial run that's running over the next two months. But K5 won't be doing full patrols for a while, since it's spending its first two weeks mapping out the station and roaming only the main areas and not the platforms. 

It's not quite clear if NYPD's machine will be livestreaming its camera footage, and if law enforcement will be keeping an eye on what it captures. Adams said during the event introducing the robot that it will "record video that can be reviewed in case of an emergency or a crime." It apparently won't be using facial recognition, though Cahn is concerned that the technology could eventually be incorporated into the machine. Obviously, K5 doesn't have the capability to respond to actual emergencies in the station and can't physically or verbally apprehend suspects. The only real-time help it can provide people is to connect them to a live person to report an incident or to ask questions, provided they're able to press a button on the robot. 

NYC is leasing K5 for around $ 9 an hour for the next two months. The mayor sounds convinced that's worth what the robot can do even though, as The Times notes, he recently ordered several agencies to reduce spending by 15 percent. "This is below minimum wage," he said. "No bathroom breaks, no meal breaks." Adams has a history of supporting the use of machines as police tools. Earlier this year, the mayor also announced that the NYPD will acquire two Digidog robots for $ 750,000 each for use in hostage and other critical situations. That's quite a reversal from the NYPD's decision in 2021 to cancel its lease on what was then known as Boston Dynamics' Spot after facing backlash for its use.

This article originally appeared on Engadget at https://www.engadget.com/an-nypd-security-robot-will-be-patrolling-the-times-square-subway-station-130029937.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

America’s original hacking supergroup creates a free framework to improve app security

Cult of the Dead Cow (cDc), a hacking group known for its activist endeavors, built an open source tool for developers to build secure apps. Veilid, launched at DEF CON on Friday, has options like letting users opt out of data collection and online tracking as a part of the group’s mission to fight against the commercialization of the internet.

“We feel that at some point, the internet became less of a landscape of knowledge and idea sharing, and more of a monetized corporate machine,” cDc leader Katelyn “medus4” Bowden said. “Our idea of what the internet should be looks more like the open landscape it once was, before our data became a commodity.”

Similar to other privacy products like Tor, cDc said there’s no profit motive behind the product, which was created “to promote ideals without the compromise of capitalism.” The group emphasized the focus on building for good, not profit, by throwing slight shade at a competing conference for industry professionals, Black Hat, held in Las Vegas at the same time as DEF CON. “If you wanted to go make a bunch of money, you’d be over at Black Hat right now,” Bowden said to the audience of hackers.

The design standards behind Veilid are “like Tor and IPFS had sex and produced this thing,” cDc hacker Christien “DilDog” Rioux said at DEF CON. Tor is the privacy-focused web browser best known for its connections to the “dark web,” or unlisted websites. Run as a non-profit, the developers behind Tor run a system that routes web traffic through various “tunnels” to obscure who you are and what you’re browsing on the web. IPFS, or the InterPlanetary File System, is an open-source set of protocols behind the internet, mainly used for file sharing or publishing data on a decentralized network.

The bigger Veilid gets, the more secure it will be as well, according to Rioux. The strength doesn’t come from the number of apps made on the framework, but by how many people use the apps to further the routing of nodes that make up the network. “The network gains strength by a single popular app,” Rioux said. “The big Veilid network is supported by the entire ecosystem not just your app.” In the presentation, cDc likened the nodes to mutual aid in the sense that they work to strengthen and support each other to make the entire network more secure.

Rious explained that VLD0 will be the cryptography — the protocols that keep information secure — behind Veilid. It’s a mix of existing cryptography frameworks, like Ed25519 to support authentication efforts and xChaCha20-Poy1305 as its 192-bit encryption support. But, recognizing that advancing technology will change cryptography needs over time, cDc already has a plan to handle updates. “Every new version of our crypto system is supported alongside the old ones” so that there are no gaps in security, Rioux said. cDc also put other measures in place like anti-spoofing, end-to-end encryption even at rest and data protection even if you lose your device.

Veiled and cDc aim to build an approachable internet with fewer ads and more privacy, according to Bowden. Veilid Chat, a messaging app similar to Signal, will be the first app built on the framework. You’ll be able to sign up without using a phone number, to decrease personal identifiers, Bowden told Engadget in an email.

cDc is currently in the process of putting together a community and foundation to support the project. “There are a lot of folks who can’t see past web3 as far as privacy (we are more like the web2 we should have had), and really can’t process the idea that we’re doing this without a profit motive,” Bowden said.

Known as the “original hacking supergroup,” cDc’s most noted accomplishments include inventing hacktivism, helping to develop Tor and pushing top companies to take privacy seriously. Notable members include former US representative from Texas, Beto O'Rourke.

This article originally appeared on Engadget at https://www.engadget.com/americas-original-hacking-supergroup-creates-a-free-framework-to-improve-app-security-190043865.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Twitter says a ‘security incident’ led to private Circle tweets becoming public

Back in April, users found a bug with Twitter’s Circle feature that saw the platform expose private tweets to strangers. Now, nearly a month later, the company has finally commented on the issue. In an email seen by The Guardian, Twitter told affected users the exposure was the result of “a security incident that occured earlier this year.”

The company claims the issue was “immediately fixed.” It also shared an apology. “Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened,” the company said. When news of the exposure first started circulating online, some, including creator Theo Brown, speculated the issue was the result of Twitter failing to filter Circle tweets out of its recommendation algorithm. Twitter has not operated a communications department since Elon Musk's first round of layoffs, and the company did not initially acknowledge the issue.

More broadly, Twitter has dealt with a growing number of technical issues since Musk’s takeover of the company in October. The billionaire has reduced the company’s workforce by at least 60 percent, gutting many of its technical teams of senior leadership. Over that time, Twitter has suffered multiple outages and otherwise created confusion over feature rollouts and removals.

This article originally appeared on Engadget at https://www.engadget.com/twitter-says-a-security-incident-led-to-private-circle-tweets-becoming-public-164954799.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Your iPhone just got a first-of-its-kind security update

Apple just launched a new security feature that changes the game in terms of iOS updates, making iPhones more secure than ever.
Digital Trends

Google and ADT team up for new Nest-integrated security tools

It’s been three years since Google and security firm ADT announced a partnership to develop Nest-integrated products, and we’re finally seeing the fruits of this team-up. ADT just announced a DIY-friendly suite of security tools under the ADT Self Setup umbrella, and each of these products boasts deep integration with the Google Nest platform.

The ADT Self Setup system includes components from both companies. On the ADT side, they just announced a slew of compatible products like door and window sensors, standalone motion sensors, smoke detectors, temperature sensors, flooding sensors and a keypad to make adjustments. Additionally, ADT will soon offer a keychain remote for even more control options.

All of these products connect via a centralized hub with a built-in keyboard, a siren, and full battery backup in the case of a power outage. Each of the above components offers full integration with nearly every Google Nest device, including the battery-powered Nest Doorbell, the Nest Learning Thermostat, the Nest WiFi Router and various indoor and outdoor cameras. Smart displays like the Nest Hub Max are also supported.

ADT's new suite of products integrates with Google Nest.
ADT

What does this mean exactly? You can make adjustments to the Nest devices via the ADT+ app, simplifying your setup, and you will receive specialized notifications from Nest cameras and doorbells whenever they detect activity. These notifications will even alert you to the type of activity, such as a person rooting around or a neighborhood dog giving your porch a good sniff.

Customers can also use the app to create unique routines and automations that combine the features of both Nest and ADT security products. ADT says these routines will be useful for setting doors to lock on a schedule and lights to turn on or off, among other functions.

Users can receive more benefits by opting into ADT’s smart monitoring system, which is priced at $ 25 each month. The subscription gets you video verification, in which ADT representatives analyze footage when an alarm is tripped, and 24/7 monitoring. We reached out to ADT and they said the products can be used without a paid monitoring plan, though not all features will be available. As such, the company "strongly recommends customers subscribe in order to get the best protection and experience from their system."

In the meantime, the system is available for purchase starting today. A bare-bones pack including just the control hub costs $ 180, while a starter package that includes the hub, a Nest Doorbell, and several related sensors clocks in at $ 480. Finally, an ultra-premium package at $ 580 ships with everything mentioned above, plus a second-generation Nest Hub.

This article originally appeared on Engadget at https://www.engadget.com/google-and-adt-team-up-for-new-nest-integrated-security-tools-185037191.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Blink security cameras and video doorbells are up to 43 percent off

You might not have to pay much to bolster your smart home’s security. Amazon is selling Blink devices for up to 43 percent off, including a Video Doorbell plus Sync Module for $ 60 (normally $ 85) — that’s near an all-time low, You can also get the doorbell by itself for just $ 40 if you already have sync hardware. Most camera kits are also on sale, starting at $ 70 (normally $ 100) for the weather-ready Blink Outdoor.

Blink is effectively the budget counterpart to Amazon’s Ring brand, but that’s not necessarily a bad thing — you’re getting a lot of functionality at a lower price. The Video Doorbell supports both wired and wireless connections, offers two-way audio, captures infrared footage at night and gives you the choice of either storing clips locally (on a USB drive) or in the cloud with a subscription plan. It ties into Alexa devices, too, so it may be your ideal doorbell you have an Echo Show.

The Blink Indoor and Outdoor models, meanwhile, remain our top picks for wireless security cameras. You get much of the same flexibility as with the doorbell, including a peak two years of battery life. Again, you’ll have to invest in the Alexa ecosystem to make the most of these products. If you can live with that, though, you might not have many complaints.

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Okta had another security incident, this time involving stolen source code

Okta is responding to a major security incident for the second time this year. As first reported by BleepingComputer, Okta began notifying customers earlier today via email of an event that saw an unnamed party steal the company’s source code. In early December, Okta was notified by GitHub of possible suspicious access to its online code repositories. Following an investigation, Okta determined someone had used that access to copy over its source code but that they had subsequently not gained unauthorized access to its identity and access management systems.

In a statement Okta shared with Engadget, the company confirmed it was notifying customers of a recent security incident, and pointed to a blog post it published moments ago. "In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories. We have confirmed no customer data was impacted, nor was there any other customer impact. No customer action is required and the Okta service remains fully operational and secure," an Okta spokesperson told Engadget. "Okta does not rely on the confidentiality of its source code for the security of its services. This event does not impact any other Okta products, and we have been in communication with our customers."

While the damage from the GitHub incident appears minimal, the event was still a significant test of Okta. Following the Lapsus$ breach that saw hackers from the ransomware gang access two active customer accounts, the company admitted it “made a mistake” in handling the disclosure of that data breach. You may recall it took Okta two months to notify customers of what had happened, and one of the things it promised to do in the aftermath of the incident was “communicate more rapidly with customers.” That pledge was put to the test.

Update 4:27PM ET: Added confirmation and comment from Okta. 

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

December 2022’s Android Security Update is rolling out to Pixels today

Google has already announced its latest Pixel Feature Drop (more here) which is rolling out as part of the greater Android Security Update for December, which brings a ton of bug fixes and optimizations to the new Pixel 7 and 7 Pro, as well as other eligible handsets in the Pixel lineup. We’ve got the […]

Come comment on this article: December 2022’s Android Security Update is rolling out to Pixels today

Visit TalkAndroid

TalkAndroid

Security flaw in Florida tax website exposed filers’ sensitive data

Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida’s Department of Revenue website had a flaw that exposed hundreds of filers’ bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer’s application number — you just needed to change the digits in the link.

There were over 713,000 applications in the Department’s pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was “no sign” attackers abused the flaw, but didn’t say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

[Deal] Save $20 on Eufy’s Smart Garage Control Security Cam on Amazon

You know the feeling when you finally relax and then you hear something go bump in the garage. There’s no need to get up and physically check the area though thanks to the Smart Garage Control Cam from Eufy which detects whether the door is open or closed and can even sense the presence of […]

Come comment on this article: [Deal] Save $ 20 on Eufy’s Smart Garage Control Security Cam on Amazon

Visit TalkAndroid

TalkAndroid

PSA: Everything you need to know about Samsung’s Security Breach in July 2022

The latest big brand to suffer a security breach is Samsung which determined on August 4th that an unauthorized third party accessed its systems in the US towards the end of July 2022. Naturally, Samsung has taken actions to secure the affected systems in an effort to rebuff any further attempts at customer information, as […]

Come comment on this article: PSA: Everything you need to know about Samsung’s Security Breach in July 2022

Visit TalkAndroid

TalkAndroid

Still have an iPhone 6 or 5s? Update it now to fix a big security vulnerability

Apple released a new version of iOS 12 that seeks to fix a serious security issue in the iPhone 6 and iPhone 5S.
Mobile | Digital Trends

Whistleblower accuses Twitter of being ‘grossly negligent’ towards security

Peiter "Mudge" Zatko, Twitter's former head of security, says the company has misled regulators about its security measures in his whistleblower complaint that was obtained by The Washington Post. In his complaint filed with the Securities and Exchange Commission, the Department of Justice and the Federal Trade Commission, he accuses the company of violating the terms it had agreed to when it settled a privacy dispute with the FTC back in 2011. Twitter, he says, has "extreme, egregious deficiencies" when it comes to defending the website against attackers.

As part of that FTC settlement, Twitter had agreed to implement and monitor security safeguards to protect its users. However, Zatko says half of Twitter's servers are running out-of-date and vulnerable software and that thousands of employees still have wide-ranging internal access to core company software, which had previously led to huge breaches. If you'll recall, bad actors were able to commandeer the accounts of some of the most high-profile users on the website in 2020, including Barack Obama's and Elon Musk's, by targeting employees for their internal systems and tools using a social engineering attack. 

It was after that incident that the company hired Zatko, who used to lead a program on detecting cyber espionage for DARPA, as head of security. He argues that security should be a bigger concern for the company, seeing as it has access to the email addresses and phone numbers of numerous public figures, including dissidents and activists whose lives may be in danger if they are doxxed.

The former security head wrote:

"Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.

In addition, Zatko has accused Twitter of prioritizing user growth over reducing spam by distributing bonuses tied to increasing the number of daily users. The company isn't giving out any bonuses directly tied to reducing spam on the website, the complaint said. Zatko also claims that he could not get a direct answer from Twitter regarding the true number of bots on the platform. Twitter has only been counting the bots that can view and click on ads since 2019, and in its SEC reports since then, its bot estimates has always been less than 5 percent. 

Zatko wanted to know the actual number of bots across the platform, not just the monetizable ones. He cites a source who allegedly said that Twitter was wary of determining the real number of bots on the website, because it "would harm the image and valuation of the company." Indeed his revelation could factor into Twitter's legal battle against Elon Musk after the executive started taking steps to back out of his $ 44 billion takeover. Musk accused Twitter of fraud for hiding the real number of fake accounts on the website and revealed that his analysts found a much higher bot count than Twitter claimed. As The Post notes, though, Zatko provided limited hard documentary evidence regarding spam and bots, so it remains unclear if it would help Musk's case.

When asked why he filed a whistleblower complaint — he's being represented by the nonprofit law firm Whistleblower Aid — Zatko replied that he "felt ethically bound" to do so as someone who works in cybersecurity. Twitter spokesperson Rebecca Hahn, however, denied that the company doesn't make security a priority. "Security and privacy have long been top companywide priorities at Twitter," she said, adding that Zatko's allegations are "riddled with inaccuracies." She also said that Twitter fired Zatko after 15 months "for poor performance and leadership" and that he now "appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders."

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

FTC kicks off efforts to regulate data security and surveillance tech

The Federal Trade Commission is officially starting its efforts to broadly regulate data security. The agency has published an early notice of proposed rulemaking that asks the public to comment on commercial surveillance and data gathering practices, such as camera monitoring or protections for sensitive info. Officials not only want to understand the harms and benefits of technologies, but gauge interest in rules that could require stricter safeguards (such as tougher encryption) and bans on deceptive security claims.

The FTC's request for input also touches on specific issues, such as biased surveillance systems and algorithmic errors. Similarly, regulators are interested in whether or not existing data security practices hurt children.

In explaining the proposal, the FTC was concerned that enforcement by itself wasn't enough to protect consumers. The Commission can't seek civil penalties for first-time violators, for instance. In theory, new rules would encourage stronger security policies, provide more relief to hack victims and ensure a more consistent approach to cases.

On top of the comments, you'll have a chance for more direct feedback. The FTC is hosting a virtual public forum on September 8th that will give people two minutes each to share their views. The session will also include a panel discussion.

The FTC is still far from outlining rules, let alone putting them into effect. Even so, there's plenty of pressure to act. Governments at multiple levels in the US are increasingly banning or withdrawing at least some uses of surveillance tech, and there's a growing backlash against companies that either misuse personal data or are prone to data breaches. New regulations could reduce violations and otherwise ensure that data holders show more respect for your privacy.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

[Updated] Qualcomm and Asus roll out an old security patch to the Snapdragon Insider’s Phone – still no word of Android 12

$ 1,500 could buy you the Galaxy S22 Ultra and still leave you some change for accessories or it could have bought Qualcomm’s Snapdragon Smartphone for Insiders. One gets updated every month with security patches and frequent OS tweaks, the other is still running on Android 11 and hasn’t seen an update of any kind since […]

Come comment on this article: [Updated] Qualcomm and Asus roll out an old security patch to the Snapdragon Insider’s Phone – still no word of Android 12

Visit TalkAndroid

TalkAndroid

TikTok says it’s storing US data domestically amid renewed security concerns

TikTok says it’s achieved a “significant milestone” toward its promises to beef up the security of its US users’ data. In a new update, the company says it has “changed the default storage location of US user data.”

As the company notes, it had already stored much of its user data in the United States, at a Virginia-based data center. But under a new partnership with Oracle, the company has migrated US user traffic to a new Oracle Cloud Infrastructure.

“Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure,” the company wrote in a blog post. “We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users' private data from our own data centers and fully pivot to Oracle cloud servers located in the US.” Additionally, TikTok says it has made “operational changes,” including a new department “with US-based leadership, to solely manage US user data for TikTok.”

The moves are part of a longstanding effort by TikTok to address US officials’ concerns over how user data is handled by TikTok and parent company ByteDance. The company has been working to separate US user data so that it’s not accessible to China-based ByteDance as US lawmakers eye legislation to curb the influence of Chinese tech companies.

Still, the new safeguards are unlikely to fully sway critics of TikTok, who say the company still hasn’t addressed all potential concerns about how US user data is handled. In fact, just after TikTok published its blog post, BuzzFeed Newspublished a report that raises new questions about how the company handles the data of its US users.

The report, which was based on hours of internal meetings leaked to BuzzFeed, says that “China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users.” The recordings, which cover a time period between last September and January 2022, offer new details about the complex effort to cut off Bytedance's access to US user data.

The report quotes an outside consultant hired by TikTok to oversee some of the work saying that they believed there was “backdoor to access user data in almost all” of the company’s internal tools. It also quotes statements from several employees who say “that engineers in China had access to US data between September 2021 and January 2022, at the very least.”

It also notes that while data deemed “sensitive,” like users’ birth dates and phone numbers, will be stored in the Oracle servers, other information about US-based users could remain accessible to ByteDance. “ByteDance’s China-based employees could continue to have access to insights about what American TikTok users are interested in, from cat videos to political beliefs,” the report says.

That may not seem as serious as more personal information like birthdays and phone numbers, but it’s exactly the kind of details that some lawmakers in the US have raised concerns about. US officials have questioned whether the app’s “For You” algorithm could be used as a means of foreign influence.

“We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” TikTok said in a statement to BuzzFeed News.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Android rebrands mobile security measures under one umbrella

Android has revealed a catch-all branding for its security measures that seems likely to be used in most software updates and announcements moving forward.
Mobile | Digital Trends

WhatsApp Web gets a browser extension to beef up security

Meta has created a browser extension called Code Verify that will fortify security while using WhatsApp Web on a desktop and alert users of any security risks.
Mobile | Digital Trends

[Guide] How to secure your identity with 2fa security

2-Factor Authentication (2FA) or also known as multi-factor authentication, is an added layer of security that helps protect your account even if your password is compromised. Where a password acts as the key to the lock under the door handle, 2FA acts as an additional lock you have above handle. It’s an additional layer of […]

Come comment on this article: [Guide] How to secure your identity with 2fa security

Visit TalkAndroid

TalkAndroid

Samsung is putting other Android OEMs to shame by promising 4 years of OS upgrades and 5 years of security patches

Samsung took the wraps off its new Galaxy S22 smartphones and Galaxy Tab S8 tablets earlier today and while they look all shiny and appealing, I find myself drawn in by a feature that until recently at least, would never previously have been associated with the South Korean company. Software support. With most brands, you […]

Come comment on this article: Samsung is putting other Android OEMs to shame by promising 4 years of OS upgrades and 5 years of security patches

Visit TalkAndroid

TalkAndroid

Google releases its last Pixel 3 security update

Don't expect to receive more updates for your Pixel 3. Esper's Mishaal Rahman has learned Google is delivering one last security update to the Pixel 3 and 3 XL. The company previously said the Pixel 3 would get one last update in the first quarter of 2022, and confirmed to Engadget this represents the device's last hurrah.

It's not certain what the patch fixes. However, DarkPlayer noted the build ID matches that for an October patch that targeted newer Pixel models on Verizon. This is a catch-up release rather than an up-to-the-moment patch.

You can expect more if you have a recent Pixel, at least. Google has posted a February 2022 update for the Pixel 3a and newer phones. The revision tackles several significant problems, including reboots during camera use, Bluetooth audio disconnection and quality problems, carrier-specific connection woes and keyboards that override input text in some cases.

This won't thrill you if you're fond of the Pixel 3 — you'll have to upgrade if you want up-to-the-minute security fixes. Don't fret if you have a Pixel 6, though. Google has promised five years of security updates for its latest phone line, so you might not have to worry about patches until 2026.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Here is December’s Security Patch with an impossibly long list of fixes for Pixel smartphones

Besides rolling out the latest Pixel Feature Drop, Google has also taken it upon itself to unload a lengthy list of fixes for its Pixel phones this December. And when I say lengthy, I actually mean mammoth. Basically, if your Pixel still has a bug after the December Patch then it’s a lemon. Or just […]

Come comment on this article: Here is December’s Security Patch with an impossibly long list of fixes for Pixel smartphones

Visit TalkAndroid

TalkAndroid

FBI email servers were hacked to target a security researcher

The FBI appears to have been used as a pawn in a fight between hackers and security researchers. According to Bleeping Computer, the FBI has confirmed intruders compromised its email servers early today (November 13th) to send fake messages claiming recipients had fallen prone to data breaches. The emails tried to pin the non-existent attacks on Vinny Troia, the leader of dark web security firms NightLion and Shadowbyte.

The non-profit intelligence organization Spamhaus quickly shed light on the bogus messages. The attackers used legitimate FBI systems to conduct the attack, using email addresses scraped from a database for the American Registry for Internet Numbers (ARIN), among other sources. Over 100,000 addresses received the fake emails in at least two waves.

The FBI described the hack as an "ongoing situation" and didn't initially have more details to share. It asked email recipients to report messages like these to the bureau's Internet Crime Complaint Center or the Cybersecurity and Infrastructure Security Agency. Troia told Bleeping Computer he believed the perpetrators might be linked to "Pompomourin," a persona that has attacked the researcher in the past.

Feuds between hackers and the security community aren't new. In March, attackers exploiting Microsoft Exchange servers tried to implicate security journalist Brian Krebs using a rogue domain. However, it's rare that they use real domains from a government agency like the FBI as part of their campaign. While that may be more effective than usual (the FBI was swamped with calls from anxious IT administrators), it might also prompt a particularly swift response — law enforcement won't take kindly to being a victim.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

[Deal] Grab Eufy’s Security Video Doorbell with 1080p resolution for just $69.99

Are you tired of your deliveries being snatched off your doorstep and don’t have the time or patience to start leaving disguised glitter bombs? Here to help you in your quest is Anker’s Eufy home accessory brand with its Security Video Doorbell that pulls double duty as a video doorbell and security camera, without the […]

Come comment on this article: [Deal] Grab Eufy’s Security Video Doorbell with 1080p resolution for just $ 69.99

Visit TalkAndroid


TalkAndroid

Amazon’s ‘Always Home’ security drone is real and costs $249

It’s been a while since it was first mentioned but Amazon’s Ring Always Home Cam is actually a real product and you can already request an invite to be an early adopter. Priced at $ 249, the Always Home Cam is basically a camera that is attached to a small drone that can patrol your home […]

Come comment on this article: Amazon’s ‘Always Home’ security drone is real and costs $ 249

Visit TalkAndroid


TalkAndroid

Future Snapdragon phones can get up to four years of security updates

Back in 2017, Google announced Project Treble, a modular redesign of Android’s low-level system architecture that was supposed to reduce the time it took for phone manufacturers to update their devices with the latest version of its mobile operating…
Engadget

The December Security Patch (2020) is now available for Pixel devices

December is notable for two reasons in its the last Security Patch for 2020 and that it marks the end of software support for the Pixel 2 and 2 XL. The December Security Patch is now rolling out to all Pixel handsets (except the 1st-generation), and we’ve got the details and download links for you […]

Come comment on this article: The December Security Patch (2020) is now available for Pixel devices

Visit TalkAndroid


TalkAndroid

Samsung rolls out the October Security Patch to the Galaxy Tab S2 in what can only be described as ‘Peak 2020’

This isn’t an incorrectly scheduled post, nor is it a hoax, Samsung really has begun rolling out the October Security Patch to the five-year-old Galaxy Tab S2. And yes, it’s the October 2020 patch. For a company that sometimes forgot to update its tablets more than once in the past, it’s an incredible example of […]

Come comment on this article: Samsung rolls out the October Security Patch to the Galaxy Tab S2 in what can only be described as ‘Peak 2020’

Visit TalkAndroid


TalkAndroid

OnePlus 7 and 7T pick up a new OxygenOS Open Beta with the October security patch (in November)

Okay, sure, it’s a little late in the year to talk about October security patches, but OnePlus is still trying to keep its older OnePlus 7 and OnePlus 7T phones updated with monthly security patches. The latest comes in the form of a brand new OxygenOS open beta, which includes a new build of OnePlus’s […]

Come comment on this article: OnePlus 7 and 7T pick up a new OxygenOS Open Beta with the October security patch (in November)

Visit TalkAndroid


TalkAndroid

(Updated Nov. 4th) The November 2020 Security Patch has rolled out to these Samsung Galaxy devices so far

It’#s November which means that it’s time to forget about the October Security Patch and start taking note of which Samsung handsets are receiving the November patch. The first phones to receive the patch are Samsung’s most recent flagships, and since the brand is busy prepping its One UI 3.0 update, it’s unlikely that the […]

Come comment on this article: (Updated Nov. 4th) The November 2020 Security Patch has rolled out to these Samsung Galaxy devices so far

Visit TalkAndroid


TalkAndroid

These unlocked Samsung Galaxy smartphones have received the October Security Patch so far

Samsung is rolling out the October Security Patch to a whole bunch of its smartphones in the US, starting with the Galaxy A50 last week and now with its Galaxy S20 and Galaxy Note 20 handsets. As Samsung’s wide range of handsets gets the October patch, we’ll be updating this post accordingly, making a separate […]

Come comment on this article: These unlocked Samsung Galaxy smartphones have received the October Security Patch so far

Visit TalkAndroid


TalkAndroid

Twitter for Android had a big security vulnerability

Twitter has had a rough go on the security front lately, with some serious high-profile accounts getting hacked and now a discovered vulnerability affecting the Twitter for Android app. Yikes. Twitter for Android security Twitter hasn’t disclosed exactly what the vulnerability does, but they did specify what could happen. Essentially, other apps installed on your […]

Come comment on this article: Twitter for Android had a big security vulnerability

Visit TalkAndroid


TalkAndroid

[Deal] Grab Amazon’s Show 5 smart display and the Blink Mini Indoor Security Camera for just $75

Amazon’s Show 5 Smart Display is on offer today with a Blink Mini indoor security camera bundled in for just $ 74.99, bringing about a $ 50 saving. The Alexa-toting smart display has an RRP of $ 89 by itself, so getting the Show 5 and the Blink Mini camera is a deal you may want to take […]

Come comment on this article: [Deal] Grab Amazon’s Show 5 smart display and the Blink Mini Indoor Security Camera for just $ 75

Visit TalkAndroid


TalkAndroid

Study finds security holes in online voting for New Jersey and West Virginia

States are under pressure to use online voting for the US presidential election when COVID-19 could remain a threat in November, but those platforms might not be as secure as you’d like. MIT and the University of Michigan have published a report deta…
Engadget RSS Feed

Eve’s HomeKit-only indoor security camera arrives on June 23rd

It’s still hard to find HomeKit-friendly security cameras, let alone ones that are focused primarily on Apple’s smart home framework, but Eve Systems is close to filling that gap. The company is shipping the HomeKit-exclusive Eve Cam indoor security…
Engadget RSS Feed

Multiple antivirus apps are vulnerable to common security flaws

Some antivirus tools are more resilient than others, but it appears that many of them had weaknesses in common. Rack911 Labs has revealed (via ZDNet) that 28 well-known antivirus programs, including Microsoft Defender, McAfee Endpoint Security and Ma…
Engadget RSS Feed

Eufy’s new Indoor Security Cameras with 2K resolution are up for pre-order from just $26

When it comes to home security cameras there’s a whole range of options to choose from to suit almost any budget. Anker’s home automation brand, Eufy, has just brought its new Indoor Security Cam 2K and 2K Pan & Tilt to market, with pre-order deals running as low as just $ 26. The Indoor Security Cam […]

Come comment on this article: Eufy’s new Indoor Security Cameras with 2K resolution are up for pre-order from just $ 26

Visit TalkAndroid


TalkAndroid

School districts ban Zoom over security concerns

Concerns about Zoom's security are having a real impact on its use in remote education. Some US school districts, including large ones like New York City and Nevada's Clark County, have banned or disabled Zoom over security and privacy worri…
Engadget RSS Feed

Zoom puts a pause on features while security issues are resolved

It’s safe to say that Zoom has gotten the attention that it never thought it would have as a enterprise-level application. A jump from 10 million daily users in December to nearly 200 million is no small number. And with that kind of growth, comes security issues unfortunately. With such an increase, a variety of […]

Come comment on this article: Zoom puts a pause on features while security issues are resolved

Visit TalkAndroid


TalkAndroid

Latest Android 10 beta (with January 2020 security patch) is rolling out to Samsung’s Galaxy S9 and S9+

Samsung managed to pip Google to rolling out the December security patch a few weeks ago and now it’s included the January 2020 patch in the third Android 10/One UI 2.0 beta that is rolling out to the Galaxy S9 and S9+. Besides next month’s security patch, the update also includes a number of bugfixes. […]

Come comment on this article: Latest Android 10 beta (with January 2020 security patch) is rolling out to Samsung’s Galaxy S9 and S9+

Visit TalkAndroid


TalkAndroid

Google delays Pixel 4 security patch roll-out until next to pack in more handset specific fixes

“O, December update, wherefore art thou December update?” If you are the owner of a Pixel 4 or 4 XL, you might be wondering why the December update hasn’t begun rolling out to your brand new phone. There’s no need to worry, the Pixel 4 isn’t an app so Google hasn’t killed it off, instead, […]

Come comment on this article: Google delays Pixel 4 security patch roll-out until next to pack in more handset specific fixes

Visit TalkAndroid


TalkAndroid