This week, hackers won a million dollar bounty for discovering a long-sought iOS zero-day. Federal lawmakers introduced the Stingray Privacy Act, a new bill that would require state and local lawmakers to get a warrant before using the invasive surveillance devices. The world got its first look at the full text of the Trans-Pacific Partnership trade pact. We found out the UK’s TalkTalk telecom hack may not be as bad as it looked. Android users can finally use Open Whisper Systems’ RedPhone app and TextSecure messaging app in one app, called Signal. And Crackas With Attitude, the teens who hacked CIA Director John Brennan, are back with a new hack.
But that’s not all. Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there!
It’s no secret that websites typically send user data to third parties (typically without their knowledge or consent), but now new peer-reviewed research published by University of Pennsylvania privacy researcher and doctoral student Tim Libert shows that the scale of this is enormous—nine out of ten sites are leaking user data to an average of nine external domains. That means that a single site you visit will send your data to nine outside websites. Tim Libert cites Google as the worst culprit, but gives Twitter props for respecting browsers’ Do Not Track setting. He also points out that the NSA has leveraged commercial tracking tools in order to monitor users. For added privacy, using Tor is your best bet, Libert told Motherboard, so long as you don’t log into any accounts (Gmail, Facebook, etc.) while you’re on it.
A four-year federal investigation revealed this week that the Pentagon has outsourced work writing software for sensitive US military communication systems to Russian programmers. Contractor John C. Kingsley discovered the Russian-contracted software had built-in holes that left the Pentagon’s communication system vulnerable to viruses. The two firms involved, Massachusetts-based NetCracker Technology Corporation and Virginia-based Computer Sciences Corporation (which had subcontracted the work), agreed to pay fines of $11.4 million and $1.35 million, respectively. Outsourcing work on classified systems to anyone who’s not a US citizen with approved security clearance violates federal regulations, as well as the company’s contract.