{"id":8932,"date":"2017-08-26T04:45:47","date_gmt":"2017-08-26T12:45:47","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/26\/news-2705\/"},"modified":"2017-08-26T04:45:47","modified_gmt":"2017-08-26T12:45:47","slug":"news-2705","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/08\/26\/news-2705\/","title":{"rendered":"Facebook Creepiness, AccuWeather Tracking, and More Security News This Week"},"content":{"rendered":"<p><strong>Credit to Author: Brian Barrett| Date: Sat, 26 Aug 2017 12:00:00 +0000<\/strong><\/p>\n<p data-reactid=\"229\"><span class=\"lede\" data-reactid=\"230\"><!-- react-text: 231 -->In a refreshing <!-- \/react-text --><\/span><!-- react-text: 232 -->change of pace, this week\u2019s security news included little to no escalation of nuclear rhetoric. Let\u2019s count that as a win! Among quite a few losses.<!-- \/react-text --><\/p>\n<p data-reactid=\"233\"><!-- react-text: 234 -->Digital financial services provider Enigma, for instance, <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/enigma-ico-ethereum-heist\/\" data-reactid=\"235\"><!-- react-text: 236 -->lost its supporters<!-- \/react-text --><\/a><!-- react-text: 237 --> almost $500,000 in cryptocurrency thanks to bad password habits. Domestic helper robots lost security cred by being <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/watch-robot-hacks-spy-sabotage\/\" data-reactid=\"238\"><!-- react-text: 239 -->hacked into tiny robotic Chucky dolls<!-- \/react-text --><\/a><!-- react-text: 240 -->. The US government nearly lost a <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/us-government-cybersecurity\/\" data-reactid=\"241\"><!-- react-text: 242 -->security-focused ranking of industries<!-- \/react-text --><\/a><!-- react-text: 243 -->, coming in 16 out of 18. And we\u2019re all about to <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/2017\/08\/anxiety-matrix\/\" data-reactid=\"244\"><!-- react-text: 245 -->lose our minds with tech anxieties<!-- \/react-text --><\/a><!-- react-text: 246 -->, but at least we\u2019re not alone.<!-- \/react-text --><\/p>\n<p data-reactid=\"247\"><!-- react-text: 248 -->Meanwhile, we took a look at how Microsoft has <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/microsoft-powershell-security\/\" data-reactid=\"249\"><!-- react-text: 250 -->eased anxieties around PowerShell<!-- \/react-text --><\/a><!-- react-text: 251 -->, a favorite hacker target. Instead of <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/sorry-banning-killer-robots-just-isnt-practical\/\" data-reactid=\"252\"><!-- react-text: 253 -->banning killer robots<!-- \/react-text --><\/a><!-- react-text: 254 -->, maybe just try to regulate them. <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/stormfront-alt-right\/\" data-reactid=\"255\"><!-- react-text: 256 -->Stormfront Nazis are spatting with the \u201calt-right,\u201d<!-- \/react-text --><\/a><!-- react-text: 257 --> echoing some of the same white-supremacist infighting of the 60s. And the government has <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/cyber-command-elevated\/\" data-reactid=\"258\"><!-- react-text: 259 -->elevated US Cyber Command<!-- \/react-text --><\/a><!-- react-text: 260 -->, because lord knows we need it now more than ever.<!-- \/react-text --><\/p>\n<p data-reactid=\"261\"><!-- react-text: 262 -->Of course, there\u2019s more, which is why we\u2019ve rounded up all the news we didn\u2019t break or cover in depth this week. As usual, click on the headlines to read the full stories.<!-- \/react-text --><\/p>\n<p data-reactid=\"263\"><a href=\"http:\/\/gizmodo.com\/facebook-figured-out-my-family-secrets-and-it-wont-tel-1797696163\" target=\"_blank\" data-reactid=\"264\"><!-- react-text: 265 -->A Case of Facebook Knowing More About You Than You Do<!-- \/react-text --><\/a><\/p>\n<p data-reactid=\"268\"><a href=\"http:\/\/gizmodo.com\/facebook-figured-out-my-family-secrets-and-it-wont-tel-1797696163\" target=\"_blank\" data-reactid=\"269\"><!-- react-text: 270 -->Gizmodo has a great story about<!-- \/react-text --><\/a><!-- react-text: 271 --> a case of Facebook\u2019s People You May Know feature getting a little too personal. The social network served up a previously unknown relative to reporter Kashmir Hill\u2014someone she had no connection with, online or otherwise\u2014and declined to tell her how. There have been plenty of other examples of Facebook\u2019s offputting clairvoyance, but Hill\u2019s story gets into the deeper issues of not just what it knows, but how.<!-- \/react-text --><\/p>\n<p data-reactid=\"274\"><a href=\"https:\/\/medium.com\/@chronic_9612\/advisory-accuweather-ios-app-sends-location-information-to-data-monetization-firm-83327c6a4870\" target=\"_blank\" data-reactid=\"275\"><!-- react-text: 276 -->AccuWeather Sent Location Data to Advertisers Even When You Turned It Off<!-- \/react-text --><\/a><\/p>\n<p data-reactid=\"277\"><!-- react-text: 278 -->Oh, dear. This week, security researcher Will Strafach found that popular weather app AccuWeather sent your GPS coordinates, the name and MAC address of the Wi-Fi router you were on, and whether Bluetooth was activated to a data monetization company\u2014even after you explicitly told AccuWeather not to access your location when you\u2019re not using it. This is very bad! Accuweather gave an <!-- \/react-text --><a href=\"https:\/\/daringfireball.net\/2017\/08\/wading_through_accuweathers_bullshit_response\" target=\"_blank\" data-reactid=\"279\"><!-- react-text: 280 -->unconvincing apology that wasn\u2019t quite apologetic<!-- \/react-text --><\/a><!-- react-text: 281 --> before pulling the responsible SDK from the app. And then <!-- \/react-text --><a href=\"http:\/\/www.zdnet.com\/article\/accuweather-still-shares-precise-location-with-advertisers-tests-reveal\/\" target=\"_blank\" data-reactid=\"282\"><!-- react-text: 283 -->sent<!-- \/react-text --><\/a><!-- react-text: 284 --> your location to another data broker. Maybe try <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/2016\/09\/dark-sky-site\/\" data-reactid=\"285\"><!-- react-text: 286 -->Dark Sky<!-- \/react-text --><\/a><!-- react-text: 287 --> instead?<!-- \/react-text --><\/p>\n<p data-reactid=\"288\"><a href=\"https:\/\/www.reuters.com\/article\/us-usa-cyber-opm-idUSKCN1B42RM\" target=\"_blank\" data-reactid=\"289\"><!-- react-text: 290 -->US Arrests Chinese National in Connection With OPM Hack Malware<!-- \/react-text --><\/a><\/p>\n<p data-reactid=\"291\"><!-- react-text: 292 -->The feds arrested a man named Yu Pingan in connection with a malware called Sakula, which was used in the devastating hack of the Office of Personnel Management in 2014. The actually filing doesn\u2019t name OPM, though, and Sakula was used to attack several US companies in the last few years, so it\u2019s not clear that the two are connected. Still, it\u2019s a good excuse to look back at our <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/2016\/10\/inside-cyberattack-shocked-us-government\/\" data-reactid=\"293\"><!-- react-text: 294 -->in-depth feature on how the OPM hack went down<!-- \/react-text --><\/a><!-- react-text: 295 -->. So do that!<!-- \/react-text --><\/p>\n<p data-reactid=\"298\"><a href=\"https:\/\/blog.lookout.com\/igexin-malicious-sdk\" target=\"_blank\" data-reactid=\"299\"><!-- react-text: 300 -->Android Apps With 100 Million Downloads Spread Malware<!-- \/react-text --><\/a><\/p>\n<p data-reactid=\"301\"><!-- react-text: 302 -->Google pulled 500 apps from the Google Play store this week, because an advertiser\u2019s SDK was secretly sending user data back to Chinese servers. (Not a great week for advertising SDKs.) Security research firm Lookout spotted the invasive behavior, and while it didn\u2019t name names of afflicted apps, it did note that they cumulative had 100 million downloads.<!-- \/react-text --><\/p>\n<p data-reactid=\"303\"><a href=\"http:\/\/m.nextgov.com\/cybersecurity\/2017\/08\/dems-aim-stop-state-department-shuttering-cyber-office\/140504\/\" target=\"_blank\" data-reactid=\"304\"><!-- react-text: 305 -->House Democrats Want to Keep the State Department Focused on the Cyber<!-- \/react-text --><\/a><\/p>\n<p data-reactid=\"306\"><!-- react-text: 307 -->In July, the <!-- \/react-text --><a href=\"https:\/\/www.wired.com\/story\/state-department-cybersecurity\/\" data-reactid=\"308\"><!-- react-text: 309 -->US State Department exiled its Cyber Security branch to an administrative backwater<!-- \/react-text --><\/a><!-- react-text: 310 -->, an odd move given the importance of cyberdiplomacy in 2017. So odd, in fact, that representative Debbie Dingell, a Democrat from Michigan, has sponsored an amendment to a spending bill that would prevent Secretary of State Rex Tillerson from doing so. It\u2019s unclear what chance the amendment has to succeed, but at least someone\u2019s raising a warning flag.<!-- \/react-text --><\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/facebook-accuweather-opm-security-news\" target=\"bwo\" >https:\/\/www.wired.com\/category\/security\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Brian Barrett| Date: Sat, 26 Aug 2017 12:00:00 +0000<\/strong><\/p>\n<p>Facebook&#8217;s weird friend suggestions, AccuWeather&#8217;s location snooping, and more of the week&#8217;s top security news.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10607],"tags":[714],"class_list":["post-8932","post","type-post","status-publish","format-standard","hentry","category-security","category-wired","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8932","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8932"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8932\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8932"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}