Wired Security Spoken Edition

It happened again. Facebook went down in several pockets around the world for several hours Wednesday, as did Facebook-owned Instagram and WhatsApp. The outage inspired the usual existential jokes—and rush to news sites, to fill the void—but also gave rise to conspiracy theories that hackers were the cause. As is almost always the case, those theories are wrong. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the last decade, license plate readers have become an increasingly popular tool for law enforcement around the United States. One federal agency that has aggressively pursued this data is US Immigration and Customs Enforcement, through a $6.1 million contract with a private firm called Vigilant Solutions. Learn about your ad choices: dovetail.prx.org/ad-choices

You’ve got no shortage of ways to send encrypted messages, and at least as many cloud services for sending large files. But the Venn diagram for the two remains surprisingly, inconveniently small. That’s the beauty of Mozilla’s Firefox Send, a free, intuitive, web-based service that lets you share large encrypted files, no strings attached. Send began in 2017 as an experiment, part of Firefox’s since-discontinued Test Pilot program. Learn about your ad choices: dovetail.prx.org/ad-choices

Venezuela's massive, nationwide power outages, which began on Thursday, have so far resulted in at least 20 deaths, looting, and loss of access to food, water, fuel, and cash for many of the country's of 31 million residents. Late Monday, the United States said its diplomats would leave the US embassy in Caracas, citing deteriorating conditions. Learn about your ad choices: dovetail.prx.org/ad-choices

This week, RSA, one of the biggest cybersecurity conferences of the year took place in San Francisco. Researchers demonstrated lots of new reasons to freak out about your data security, but they also highlighted new techniques for staying safe. There’s the clever new tool that can protect Macs using Apple’s video game logic engine. And the NSA even made an appearance, revealing an open-source version of a powerful cybersecurity tool that agency had developed in house. Learn about your ad choices: dovetail.prx.org/ad-choices

Aric Toler’s face is illuminated only by the glow of the video playing on his laptop. It’s dashcam footage, supposedly captured by a driver in the town of Makiivka in eastern Ukraine, showing a Russian military convoy on its way to shoot down Malaysia Airlines flight 17 on July 17, 2014. At least, that’s the theory. Toler just has to prove it. To the untrained eye, the video is awfully dull. Learn about your ad choices: dovetail.prx.org/ad-choices

At the endless booths of this week's RSA security trade show in San Francisco, an overflowing industry of vendors will offer any visitor an ad nauseam array of "threat intelligence" and "vulnerability management" systems. But it turns out that there's already a decent, free feed of vulnerability information that can tell systems administrators what bugs they really need to patch, updated 24/7: Twitter. Learn about your ad choices: dovetail.prx.org/ad-choices

By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters. But increased awareness hasn't slowed the problem. In fact, it's only grown bigger—and more confounding. Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes-worth of detailed, plaintext marketing data—including 763 million unique email addresses. Learn about your ad choices: dovetail.prx.org/ad-choices

Yesterday afternoon, Mark Zuckerberg presented an entirely new philosophy. For 15 years, the stated goal of Facebook has been to make the world more open and connected; the unstated goal was constructing a targeted advertising system built on nearly infinite data. Yesterday, though, Zuckerberg pronounced that the company was reversing course. Learn about your ad choices: dovetail.prx.org/ad-choices

It's a familiar playbook for Google and Alphabet: Offer high-quality products like Gmail or Chrome, build a massive user base, and then capitalize on that reach to paternalistically promote safer practices across the tech industry. So far, this strategy has generally proved to be extremely effective. Now Chronicle, a company born last year out of X, Alphabet's "moonshot factory," is going to try it for defending corporate networks. On Monday, Chronicle announced its first product: Backstory. Learn about your ad choices: dovetail.prx.org/ad-choices

Daniel Crowley has a long list of software platforms, computers, and Internet of Things devices that he suspects he could hack. As research director of IBM’s offensive security group X-Force Red, Crawley’s job is to follow his intuition about where digital security risks and threats may be lurking, and expose them so they can be fixed. But so many types of computing devices are vulnerable in so many ways, he can’t chase down every lead himself. Learn about your ad choices: dovetail.prx.org/ad-choices

The National Security Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn't leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency chose for the first time demonstrated Ghidra, a refined internal tool that it has chosen to open source. Learn about your ad choices: dovetail.prx.org/ad-choices

When Google's team of ninja bug-hunting researchers known as Project Zero finds a hackable flaw in somebody else's code, they give the company responsible 90 days to fix it before going public with their findings—patched or not. Learn about your ad choices: dovetail.prx.org/ad-choices

The 2018 midterm elections were hardly a glowing reflection on the state of America’s voting technology. Even after Congress set aside millions of dollars for state election infrastructure last year, voters across the country still waited in hours-long lines to cast their ballots on their precincts’ finicky, outdated voting machines. Learn about your ad choices: dovetail.prx.org/ad-choices

Will Roper, assistant secretary of the Air Force for acquisition, technology and logistics, is something like Q for the Defense Department. He formerly ran the Strategic Capabilities Office, a secretive military skunkworks designed to figure out how to fight future wars. While there, he helped design swarms of tiny unmanned drones; he helped create Project Maven; and he tried to partner the Defense Department with the videogame industry. Learn about your ad choices: dovetail.prx.org/ad-choices

When the lip-syncing app Musical.ly first exploded in popularity nearly four years ago, it was best-known for being a teen sensation. But according to the Federal Trade Commission, the app also illegally collected information from children under the age of 13. The agency announced Wednesday that Musical.ly, now known as TikTok, has agreed to pay a $5. Learn about your ad choices: dovetail.prx.org/ad-choices

The bombshells and not-so-surprising surprises, both legal and those just plain embarrassing, come on almost every page of Michael Cohen’s 20 pages of prepared testimony for the House Oversight and Reform Committee. Learn about your ad choices: dovetail.prx.org/ad-choices

A much-touted two-day summit between Donald Trump and North Korean leader Kim Jong-Un failed to reach the finish line Thursday, as talks collapsed and Trump returned to Washington, DC. It’s unclear exactly what unraveled the process; Trump says Kim asked for the lifting of all economic sanctions in exchange for closing the Yongbyon Nuclear Scientific Research Complex, while North Korea reportedly says it had asked for relief on some, but not all. Learn about your ad choices: dovetail.prx.org/ad-choices

Like many reporters and editors in DC or New York, I have been yelled at by Michael Cohen. It's been almost a rite of passage for anyone writing about Donald Trump over the past decade. There was no bone too small for his long-time lawyer and fixer to pick when it came to published criticisms of the real estate developer. My turn came in June 2012, when he called to yell at me over an item the magazine I then edited had written about Trump's forthcoming hotel on Pennsylvania Avenue. Learn about your ad choices: dovetail.prx.org/ad-choices

Over the past 18 months, revelations about wireless carriers selling smartphone location data to third parties have forced telecoms to promise reform. Worryingly, but perhaps not surprisingly, these user protections have been slow to actually materialize. Even if carriers shape up, though, an attacker can still track a smartphone's location and snoop on phone calls thanks to newly discovered flaws in 4G and even 5G protocols. Learn about your ad choices: dovetail.prx.org/ad-choices