This week we learned that the U.S. government is worse on cybersecurity than every major industry, according to a new report released by security risk benchmarking firm SecurityScorecard. Former Reuters journalist Matthew Keys was sentenced to two years in prison after a hacking-related conviction. Canadian police obtained BlackBerry's global decryption key, Vice News reports, while Motherboard takes a look at how this happened.
Meanwhile, the Oakland police quietly acquired the social media surveillance tool Geofeedia (which has been used by journalists to monitor photos and video displayed on social media by location in real time), the CIA is investing in firms that mine social media data, and the OPM is looking for companies to track public social media posts of people applying for security clearances. (How this will impact the percentage of rejections remains to be seen.)
Here's a recap of additional security news you might have missed this week, along with some tips on tools or features you may wish to uninstall, disable, update, or download.
Microsoft Sues The Justice Department Over Electronic Gag Order Statute
Inaccurate IP Address Mapping Turned A Kansas Farm Into A Living Hell
Over at Fusion, Kashmir Hill broke the story of a Kansas farm that was repeatedly raided due to digital mapping company MaxMind’s database spitting out its coordinates as a default location when it cannot identify an IP address, since it is located near the exact geographical center of the US. Other phantom IP houses also existed, but MaxMind has picked new default locations in the middle of bodies of water, rather than people’s homes, due to Hill’s reporting.
Location Data From Just Two Apps Is Enough To Identify You
A new report shows that users filling out profiles with fake names or other inaccurate information or using privacy settings to lock down access aren’t doing enough—just two fields (often integral to the apps) such as a phone number or location link the account with other accounts belonging to the same user.
“For example, on
See also: Awkward! How One Woman's Tinder Dates Popped Up As Professional Suggestions On LinkedIn
Pro tip: Consider disabling location settings from apps you want to use discreetly, or remove your phone number from profiles. For example, you can remove LinkedIn's app from your mobile phone and go to Accounts –> Settings –> Contact Info on LinkedIn to revoke LinkedIn's access to your phone number.
Apple Bug Exposed Chat History With A Single Click
Over at the Intercept, I wrote about a security vulnerability in the Mac version of
See also: For Social Engineering Scams, The Best Security Patch Is Education
Pro tip: Install the newest version of OS X El Capitan, if you haven’t already. And think twice before clicking on sketchy links!
Australian Police Sought Access To A Reporter’s Metadata
Without so much as a warrant, Australian police sought Guardian Australia journalist Paul Farrell’s telephone and email metadata while trying to identify his sources. “This is an outrageous invasion of my privacy and a gross interference with press freedom in Australia,” Farrell tweeted.
Pro tip: read up on six ways to protect your communications from prying eyes over at ProPublica. Consider using Richochet, an instant messaging tool that eliminates metadata.
Apple Will No Longer Patch QuickTime For Windows
Infosec firm Trend Micro found two vulnerabilities ( ZDI-16-241 and ZDI-16-242 ) that could infect PCs with malware with a single malicious file or download, but Apple is no longer supporting the software.
Pro tip: time to uninstall.