Cryptocurrencies are everywhere this week, funding anti-Russian resistance groups and hackers in Ukraine and was arrested by the United States Department of Justice in a $3.6 billion worth of laundered bitcoins. If you are just learning about crypto yourself and need a place to store your digital powder, we have guide to choosing and setting up a cryptocurrency wallet.
Microsoft has taken a big security step This week by announcing that it will disable its often abused macro feature by default in Microsoft Excel and Word files downloaded from the internet. Health privacy researchers have published findings on genetic and medical testing companies Leave details of third-party ad tracking and lead generation methods in their privacy policy.. And pro-democracy activists, many of them in hiding after Myanmar’s 2021 coup, fear that their phone records — and by extension the identities of loved ones and their resistance network—There is a danger of falling into the hands of a militarist.
And if you’re worried about being tracked with Apple AirTags, here it is A guide to scoping and protecting yourself.
And much more than that. We’ve rounded up all the news here that we didn’t break or cover in depth this week. Click on the title to read the full story. And it’s safe out there.
Partly redacted documents released by the US intelligence community on Thursday night show that a secret CIA surveillance network collected some of the data of Americans under a program that had no involvement approval or oversight by Congress. Senate Intelligence Committee members Ron Wyden (D-Oregon) and Martin Heinrich (D-New Mexico) sent a letter to the director of national intelligence and the director of the CIA on April 13, 2021, request declassification of program information. “Among the many details that the public deserves to know is the nature of the CIA’s relationship with its sources and the legal framework for the collection,” the senators wrote in their letter.
Program authorized by executive order of the president in 1981″US intelligence operations. Referring to the Foreign Intelligence Surveillance Act, the senators said in a statement Thursday that “FISA attracts all the attention because of its recurring congressional reauthorizations and the release of documents of the DOJ, ODNI, and FISA Courts” and data collection programs authorized by Congress as required by law. “But what these documents demonstrate is that many of the same concerns Americans have about their privacy and civil liberties apply to how the CIA collects and processes information under executive orders. and outside of FISA law.”
The Senate Judiciary Committee passed a familiar bill, the EARN IT Act, on Thursday. The law is intended to strengthen technology companies’ liability for child sexual abuse material posted or distributed through their services. Technologists and privacy advocates have multiple and urgent warnings that EARN IT will have significant cybersecurity and human rights implications by discouraging tech companies from implementing end-to-end encryption schemes. The law will force online services to “earn” some of the Section 230 protections that currently protect them from liability for material posted by their users. The bill was first introduced in 2020 and subsequently also removed from the committee, but it did not receive the number of votes in favor before the congress ended.
In a report this week, Google’s Project Zero bug-hunting team said that companies are working on patching more quickly after the team disclosed a security flaw. Project Zero is famous for setting deadlines for developers to release fixes for their products, from seven to 90 days depending on the severity of the bug. Once the deadline expires, sometimes with an extension of up to 14 days, the team makes the flaws public. This week, Project Zero said it took companies an average of 52 days to fix security vulnerabilities in 2021, down from an average of about 80 days in 2018. Also, it’s rare for organizations to drop out. missed Project Zero’s deadline. There’s only been one bug going over the deadline in 2021, though the team notes that 14% of bugs use the grace period. The team emphasizes that the findings may not be generalized across the industry, because Project Zero is well known and has a particularly strong reputation for being rigorous and effective at fixing errors. Companies may be more likely to take quick action when Project Zero comes around. However, these trends are promising and suggest that there is more formal understanding of the vulnerability disclosure process.
Stories with WIRED are more amazing
