Security News This Week: Maybe Go Ahead and Make Your Venmo Private
This week started with a controversial, widely derided meeting between President Trump and Russian leader Vladimir Putin, and ended with… an invite for round two! And yes, all manner of craziness managed to happen in between.
That includes yet more denials on Trump’s part that Russia interfered—and continues to—with US democracy, a stance that has serious repercussions, however many times he walks it back. The Putin press conference performance also prompted concern across the aisle, as senators Marco Rubio and Mark Warner cast it as a major setback in efforts to safeguard the election. For what it’s worth, here’s what special counsel Robert Mueller’s been up to lately, and where he’ll likely go next.
The week wasn't a total Trumpapalooza. RealNetworks offered a new facial recognition tool to schools for free, introducing a host of privacy-related concerns. And a company called Elucd is helping police better gauge how their precincts feel about them by pushing surveys out through apps.
Good news could be found as well! We talked to the Google engineers who built Secure Browsing, a suite of technologies that underpin security for a huge amount of the modern web. We profiled Jonathan Albright, the academic who has shined the brightest spotlight on Russian influence campaigns in the 2016 election and beyond. And we took a look at two tools Amazon has tested that could help its leaky cloud problem.
There's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Privacy advocate and designer Hang Do Thi Duc this week brought attention to payment app Venmo’s lack of built-in privacy. Her site, Public by Default, taps into Venmo’s API to show the latest transactions taking place on the platform. In fact, the nearly 208 million public Venmo transactions that took place in 2017 can all be viewed at this URL. But while Public by Default explores the inherent privacy issues with Venmo’s opt-in privacy in largely anonymized fashion, a bot emerged Thursday that tweets the usernames and photos of any users that appear to be buying drugs. Not ideal!
Ideally, Venmo would go ahead and make transactions private by default. But because it’s structured as something of a social network—peeping other people’s emoji transaction descriptions is part of the appeal—that’s unfortunately unlikely. Instead, to better protect yourself, open the app, tap the hamburger menu in the upper left corner, tap Privacy, and select Private. You’re welcome!
In a departure from current policy, deputy attorney general Rod Rosenstein Thursday said that the government will let American groups and individuals know when they are the subject of an effort to subvert US democracy. The Obama administration notably didn’t do so in 2016, fearing that going public with Russia’s actions would appear politically motivated. It’s unclear exactly how the new policy will play out in practice, given that those sorts of disclosures will require a “high confidence” in attribution—tricky, especially in the digital sphere—and that the DOJ presumably won’t make any disclosures that would threaten ongoing investigations. Still, it would at least presumably prevent the current administration from trying to downplay or cover up any intrusions in the 2018 midterms and 2020 presidential campaigns.
A pair of high-profile attacks hit sensitive health care targets this week. Ontario-based CarePartners got hit with ransomware that locked out medical histories and contact info for as many as tens of thousands of patients, and apparently credit card numbers and other sensitive information as well. And the same SamSam malware that hobbled Atlanta struck LabCorp, a major lab services provider. Hackers apparently demanded $52,500 to free up the affected machines, but LabCorp appears inclined to simply replace them instead. Either way, it’s a good reminder that ransomware targets hospitals and other health care targets disproportionally, precisely because the stakes are so much higher.
As if the scourge of robocalls weren’t bad enough already, a company called Robocent left hundreds of thousands of voter records, spread across 2,600 files, exposed on the open web. The data appears to have comprised mostly addresses and demographic information, but if nothing else it’s a reminder that the cloud needs better tools to keep this sort of thing from happening basically every week.
More Great WIRED Stories
- The ultimate carbon-saving tip? Travel by cargo ship
- Laser-shooting planes uncover the horror of WWI
- The Pentagon's dream team of tech-savvy soldiers
- PHOTO ESSAY: The annual super-celebration in Superman's real-world home
- It’s time you learned about quantum computing
- Get even more of our inside scoops with our weekly Backchannel newsletter