This week started off with a bang and just kept going. In the late hours of a Saturday night, Tiktok has cut off access to users in the US Before of Sunday deadline This forced Apple and Google to remove the video-sharing application from their app stores. While Tiktok was dark, American users ran to get around the tiktok ban while Several other unexpected programs Also saw their approach to Americans. By noon on Sunday, however, Tiktok access is back in the United States. Before Monday night, newly inaugurated US President Donald Trump had signed an executive order delaying the Tiktok ban 75 days ago.
Tuesday, Trump did good ON His Promise to free Ross Ulbricht, the imprisoned creator of the Silk Road Dark Web Marketwhere users sold drugs, guns and worse. Ulbricht spent more than 11 years behind bars after he was Arrested by the FBI in 2013 And then sentenced to life in prison. Trump’s decision to pardon Ulbricht is largely seen as linked to the support he has received from the libertarian cryptocurrency community, which has long considered the Silk Road creator a martyr.
As the world enters the second Trump era, Wired sat down with Jen Easterlywho recently left his top post as director of the cybersecurity and infrastructure security agency to discuss the cyber threats facing the United States and the uncertain future of CISA as the first watchdog against nation-state hackers and other digital security threats facing the United States.
Last we detailed new research that revealed how trivial bugs had exposed Subaru’s system for tracking the locations of its customers’ vehicles. The researchers found they could access an online portal for Subaru employees that allowed them to calculate up to a year’s worth of a car – down to the parking spaces they use. The flaws have now been patched, but Subaru employees still have access to sensitive driver location data.
That’s not all. Each week, we round up the security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
A US judge in New York this week found that the FBI’s practice of seeking data on US people under section 702 of the Foreign Intelligence Surveillance Act without obtaining a warrant is unconstitutional. FISA gives the US government the authority to collect the communications of foreign entities through internet providers and companies like Apple and Google. Once this data was collected, the FBI was able to perform “back searches” for information on US citizens or residents who communicated with foreigners, and it did so without first obtaining a warrant. Judge Dearcy Hall found that these searches required a warrant. “To hold otherwise would effectively allow laws to amass a repository of communications under section 702 — including those of us the people — that can later be searched upon request without limitation,” the judge wrote.
An “issue” with the basic functionality of Internet infrastructure company CloudFlare’s content delivery network, or CDN, can reveal the raw location of people using apps, including those designed to protect privacy, according to findings by an independent security researcher. Cloudflare has servers in hundreds of cities and over 100 countries around the world. Its CDN works by hiding people’s internet traffic through its servers and delivering that data from the server closest to a person’s location. The security researcher, who goes by Daniel, found a way to send an image to a target, collect the URL, then use a custom-built tool to query CloudFlare to find out which data center delivered the image—and thus the state or perhaps the city that the target is Fortunately, Cloudflare tells 404 media that it fixed the issue after Daniel reported it.
In one of its first moves after Trump took office on Monday, the Department of Homeland Security let go of everyone on the agency’s advisory committees. This includes the Cyber Safety Review Board, which investigated widespread attacks on the US telecommunications system by the Chinese-backed hacker group Salt Typhoon. U.S. authorities revealed in mid-November that Salt Typhoon embedded itself in at least nine U.S. telecommunications networks for spying, potentially exposing anyone using unencrypted calls and text messages to surveillance by Beijing. While CSRB’s future remains uncertain, Sources Tell Reporter Eric Geller That their investigation into the Salt Typhoon attacks is effectively “dead.”