![](\"https:\/\/media.wired.com\/photos\/5b2437d32b3a2d7b093344cf\/master\/pass\/RealMadrid-SecurityRoundup-966631410.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Sat, 16 Jun 2018 13:00:00 +0000<\/strong><\/p>\n Did you hear? <\/span>There was a summit this week! A good ol\u2019 fashioned meeting of world powers, in which North Korea promised to denuclearize<\/a> for at least the seventh time in the last 30 years. In the process, President Donald Trump says he gave North Korean dictator Kim Jong Un his direct phone number, which if true was a terrible idea<\/a>. Oh, and even if North Korea does actually go through with ditching its nukes this time, it\u2019s going to be almost impossible to hold them accountable<\/a>.<\/p>\n The Inspector General report of the FBI\u2019s actions during the 2016 presidential campaign<\/a> came out this week as well. Despite what Trump\u2019s tweets might have you believe, it did not exonerate the president\u2019s campaign in terms of potential Russian collusion. It did, however, show that the FBI and its former director James Comey made some not-great decisions in its probe of the Clinton email server. In a happier moment for the Justice Department, alleged Silk Road consigliere Roger Clark was extradited<\/a> from Thailand to the United States this week. They also took down dozens of Nigerian email scammers<\/a>, but that\u2019ll barely make a dent.<\/p>\n Everyone from Paul Manafort to Michael Cohen learned that encrypted messaging isn\u2019t magic<\/a> this week, and you should too before misplaced trust gets you in trouble. Anduril is<\/em> a magic sword in the Lord of the Rings<\/em> universe, but also the name of former Oculus Rift wunderkind Palmer Luckey\u2019s company<\/a> that exists to build a virtual borrder wall.<\/p>\n If you\u2019re traveling to Russia for the World Cup, you\u2019re virtually sure to get hacked<\/a> unless you take some straightforward precautions. And US senators want straightforward answers from Amazon about exactly how much the Echo snoops on its owners.<\/p>\n But wait, there's more! As always, we\u2019ve rounded up all the news we didn\u2019t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.<\/p>\n A week ago, the developers of the most popular soccer app in Spain, La Liga, pushed an update that asked permission to access a smartphone\u2019s mic and GPS settings. It then used that permission to listen for unlicensed broadcasts of games in public spaces. La Liga says any audio that gets captured is converted into binary code, which it then matches up against a control code to see if you\u2019re watching something no one paid for. This is bad! No matter how they mask the actual audio they\u2019re grabbing, it\u2019s still a significant privacy violation\u2014hard to imagine many people granted mic permission with the expectation it\u2019d be used like this\u2014and a risk, depending on how securely they capture and store the audio. An own goal, indeed.<\/p>\n It\u2019s nowhere near as bad as Meltdown and Spectre<\/a>, the speculative execution attacks that rattled the entire hardware industry, but Lazy FP state restore, the latest CPU vulnerability, is still a worrying continuation of this year\u2019s least welcome security trend. Affecting all Intel Core processors from 2011\u2019s Sandy Bridge line onward, the bug could allow an attacker to pull data from even encryption software. It\u2019s apparently both hard to pull off and easy to fix, so chalk it up to a good reminder that there\u2019s there\u2019s danger in them there chips.<\/p>\n A critical vulnerability in a number of email encryption tools that rely on PGP encryption all patched a vulnerability this week that would have let attackers spoof digital signatures of people with public keys. It didn\u2019t work in the default configuration, but anyone who turned on the \u201cverbose\u201d setting was potentially susceptible. Even more fun: The bug dates back 20 years. This is distinct from the Efail encrypted email vulnerability<\/a> that surfaced in March and ultimately less worrisome. But it\u2019s still a good reminder to only put so much faith in the tools you use to protect your privacy.<\/p>\n