Wired Security Spoken Edition

At Apple's Worldwide Developers Conference on Monday, the company debuted a slew of products and services, including a new Mac Pro that's part raw computing power, part cheese grater. But one new feature, mentioned in passing, could have an outsized impact on user security and privacy for years to come. Apple now has its own single-sign-on scheme—and it's a major reimagining of how such a mechanism can work. You've seen single-sign-on before, even if you don't use it. Learn about your ad choices: dovetail.prx.org/ad-choices

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. Learn about your ad choices: dovetail.prx.org/ad-choices

Apple (the company) is rolling out a new sign-on feature, the Big Apple (the city) is pushing a groundbreaking privacy law, and Hot Wheels cars are being put to the test. Here's the news you need to know, in two minutes or less. Today's Headlines New York is set to pass a landmark privacy law Just last week, California passed a historic privacy bill that gave people the power to know how their data was being shared, and the ability to request changes or stop sharing it all together. Learn about your ad choices: dovetail.prx.org/ad-choices

Two hours into his keynote at Apple’s Worldwide Developer's Conference last June, senior vice president Craig Federighi revealed a new privacy feature in MacOS Mojave that forces applications to ask the user if they want to "allow" or "deny" any request to access sensitive components and data, including the camera or microphone, messages, and browsing history. The audience dutifully applauded. Learn about your ad choices: dovetail.prx.org/ad-choices

In 1999, Apple released a slew of new features with Mac OS 9, calling it "the best internet operating system ever." The idea was to unlock the full potential of the turquoise plastic iMac G3—the Internet Mac!—released in 1998. But 12-year-old Joshua Hill didn't have an iMac. To take advantage of all the new connectivity from his parents' mid-'90s Mac Performa, he needed a modem that would plug into the computer through one of its chunky "serial" ports. Learn about your ad choices: dovetail.prx.org/ad-choices

Returning to work after a long weekend is always rough—especially if you have to deal with a looming worm attack or yet another disinformation operation on your networks! Which was the case in the security world this week. Despite dire warnings and an urgent update issued from Microsoft, customers are taking too long to patch a critical vulnerability that still remains in approximately 900,000 Windows computers. Learn about your ad choices: dovetail.prx.org/ad-choices

One of the most difficult things about detecting manipulated photos, or "deepfakes," is that digital photo files aren't coded to be tamper-evident. But researchers from New York University's Tandon School of Engineering are starting to develop strategies that make it easier to tell if a photo has been altered, opening up a potential new front in the war on fakery. Learn about your ad choices: dovetail.prx.org/ad-choices

Two weeks have passed since Microsoft warned users about a critical vulnerability in a common Windows protocol that could enable a hacker to remotely take over machines without even a click from their owners, potentially allowing an infectious worm to rip through millions of PCs. That bug might be fading from the headlines, but it still lingers in at least 900,000 computers. Learn about your ad choices: dovetail.prx.org/ad-choices

After years of issues with rogue Chrome extensions, hijacks, and malware, Google announced a slew of new policies Thursday to ensure the little browser applets are secure. The improvements come as part of a wider company push to evaluate how much user data third-party applications can access. Google launched the audit, known as Project Strobe, in October alongside an announcement that Google+ had suffered data exposures and would be shuttered. Learn about your ad choices: dovetail.prx.org/ad-choices

Last August, researchers from the threat intelligence firm FireEye uncovered a vast social media influence campaign, conducted by a network of inauthentic news outlets and fake personas with ties to Iran. Their findings were a stark reminder that these kinds of tactics aren't limited to Russia. Now FireEye has published a sequel of sorts, documenting the evolving methods of disinformation actors are using across social media platforms and other outlets to promote Iranian interests online. Learn about your ad choices: dovetail.prx.org/ad-choices

After a solid decade of nonstop corporate data breaches and exposures you'd think large organizations would have at least fixed the most basic and obviously damaging types of data mishandling. But there's clearly still a long way to go. On Friday, independent security journalist Brian Krebs revealed that the real estate and title insurance giant First American had 885 million sensitive customer financial records, going back to 2003, exposed on its website for anyone to access. Learn about your ad choices: dovetail.prx.org/ad-choices

The Memorial Day weekend begins on a dire note for constitutional protections. On Thursday, the US government indicted Wikileaks founder Julian Assange for violating the Espionage Act. This is the first time in modern history that the US has charged the publisher of sensitive materials rather than the person who leaked it. Learn about your ad choices: dovetail.prx.org/ad-choices

On Thursday, the Department of Justice unsealed new charges against WikiLeaks founder Julian Assange. Unlike the previous indictment—which focused narrowly on an apparent offer to help crack a password—the 17 superseding counts focus instead on alleged violations of the Espionage Act. In doing so, the DOJ has aimed a battering ram at the freedom of the press, whether you think Assange is a journalist or not. Learn about your ad choices: dovetail.prx.org/ad-choices

New charges against Julian Assange threaten all of the press, scientists have figured out how to alter emotional memories, and Memorial Day is coming. Here's the news you need to know, in two minutes or less. Today's Headlines Julian Assange's charges put all of the press at risk New charges unveiled by the Justice Department against WikiLeaks founder Julian Assange paint a troublesome picture for him---and for all journalists. Learn about your ad choices: dovetail.prx.org/ad-choices

As facial recognition technologies have evolved from fledgling projects into powerful software platforms, researchers and civil liberties advocates have consistently warned about their potential to erode privacy. Those mounting fears came to a head Wednesday in Congress. Alarms over facial recognition had already gained urgency in recent years, as studies have shown that the systems still produce relatively high rates of false positives, and consistently contain racial and gender bias. Learn about your ad choices: dovetail.prx.org/ad-choices

It happened again. Google announced today that it's the latest tech giant to have accidentally stored user passwords unprotected in plaintext. GSuite users, pay attention. Google says that the bug affected "a small percentage of GSuite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. Learn about your ad choices: dovetail.prx.org/ad-choices

Bluetooth is the invisible glue that binds devices together. Which means that when it has bugs, it affects everything from iPhones and Android devices, to scooters, and even physical authentication keys used to secure other accounts. The order of magnitude can be stunning: The BlueBorne flaw, first disclosed in September 2017, impacted five billion PCs, phones, and IoT units. Learn about your ad choices: dovetail.prx.org/ad-choices

In the three years since Russian operatives breached the servers of the Democratic National Committee and threw presidential politics into a state of perpetual chaos, countries around the world have been on notice to the threat of foreign interference in elections. Learn about your ad choices: dovetail.prx.org/ad-choices

A decade ago, Amazon abruptly deleted copies of George Orwell's 1984 from the Kindles of its American customers. The move instantly evoked the “memory holes” in the novel's totalitarian dystopia, and it inspired about equal measures of shock, outrage, and jokes. (If a fictional Amazon in a dystopian novel had performed the same mass deletion, critics would have said it was too on the nose. Learn about your ad choices: dovetail.prx.org/ad-choices

The week started out with a bang, or several of them really. Remember Meltdown and Spectre, the vulnerabilities that affected basically every Intel processor from the last decade? There’s a related attack called ZombieLoad—yes, ZombieLoad—with similarly broad and bad impact. Serious stuff! But honestly not even the worst disclosure of the week. That distinction probably goes to Cisco. Learn about your ad choices: dovetail.prx.org/ad-choices