‘Blacklight’ Tool Reveals Website Trackers

A tool called Blacklight has been making waves in the news recently. When you enter a website address into the page it scans it to reveal user-tracking technology.

Blacklight works by visiting each website with a headless browser, running custom software built by The Markup. This software monitors which scripts on that website are potentially surveilling the user by performing seven different tests, each investigating a specific, known method of surveillance.

Quickly Access iCloud Keychain With This Apple Engineer’s Shortcut

Ricky Mondello works on app and website authentication as well as password management at Apple. They recently created a shortcut that lets you quickly access iCloud Keychain, so instead of opening Settings and scrolling down to tap on Passwords, it’s a one-tap method to directly open the Passwords section. Separately from that, this is also something you can do yourself using the Settings Shortcut Generator. You can quickly jump to a variety of different places within Settings. One that I recently created is jumping to Settings > Privacy > Photos to manage app access to photos.

How the United States is Ensuring Votes are Secure

Max Eddy writes an examination of election engineering and how the U.S. can ensure voting security. The part I think is fascinating is the work of Sam Curry, CSO of cybersecurity company Cybereason. His team has been simulating election attacks to figure out how best to protect our elections.

He’s observed numerous strategies and has advice on how best to protect an election. The people playing the role of defenders, usually given the role of law enforcement, “must create open lines of communication between government departments and also media sources and social media companies,” said Curry. Knowing who to call and when to call them and having a reliable back-up system in case one fails (or is intentionally sabotaged) are all critical.

CISA Believes China Hacked US Government Systems

According to the Cybersecurity and Infrastructure Security Agency, Chinese-affiliated hackers have compromised U.S. government computer systems.

“This beaconing is a result of cyber threat actors successfully completing cyber operations that are often designed around emergent vulnerabilities and reliant on existing exploitation tools,” the advisory states. “CISA observed activity from a Federal Government IP address beaconing out to the threat actors’ [command and control] server.”

Get we just get it together for 10 seconds, please?

Gaming Company Razer Leaked 100,000 Users’ Data

In August, security researcher Volodymyr Diachenko found a server owned by Razer that exposed the data of over 100,000 users. It took the company over three weeks to get around to fixing the issue.

The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you’d expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.

Reboot Your iPhone Weekly as a Security Measure

Adrian Kingsley-Hughes has a tip for iPhone owners: Reboot it at least once a week as a security measure.

Not only does this clean the systems RAM and get it ready to do more work, it also helps protect against remote exploits by making it harder for hackers to keep control of your iPhone — hacks don’t survive reboots.

A good, practical, and easy tip for Apple users.

Prison Phone Service ‘Telmate’ Leaks Data of Inmates

Telmate, owned by Global Tel Link, makes an app for prisoners to send messages and calls to friends and family. It exposed a database of private messages, call logs, and personal information numbers in the tens of millions. Why? The database wasn’t secured with a password.

Comparitech security researcher Bob Diachenko on August 13, 2020 discovered the unsecured database and immediately reported it to Global Tel Link, the company that owns and operates Telmate. The company, to its credit, responded within two hours and secured the database an hour later, but it’s possible that other unauthorized parties accessed it prior to Diachenko’s disclosure.

ProtonDrive’s End-to-End Encryption Security Revealed

ProtonDrive (from the makers of ProtonMail and ProtonVPN) is in the final stages of development before it gets a beta launch later in 2020. The team revealed its end-to-end encryption security in a blog post.

Files and folders are arranged in a tree structure. Therefore, there is a recurring pattern where a file or folder’s asymmetric key is locked with a passphrase, which in turn is encrypted with the asymmetric key of their parent folder. All passphrases are signed with the address key of the user, without which a malicious server could forge the contents of the tree.

This ‘Clear Clipboard’ Shortcut Empties Your Clipboard Automatically

Redditor u/SpamSencer created a Clear Clipboard shortcut that does exactly what the name says: It automatically clears your clipboard. With iOS 14 Apple introduced a feature that shows when an app accesses the clipboard, like TikTok and Microsoft. You could even set it up as an automation so that whenever you open any app of your choosing, the shortcut will run (an iOS 14 feature). You’ll just have to painstakingly tap on every app you have installed if you choose to automate it.

‘Deep Social’ Data Leak Exposes 235 Million Profiles of Instagram, TikTok, YouTube

A database containing almost 235 million social media profiles of users from Instagram, TikTok, and YouTube has been exposed because it wasn’t password-protected.

Evidence suggests that much of the data originally came from a now-defunct company: Deep Social. The names of the Instagram datasets (accounts-deepsocial-90 and accounts-deepsocial-91) hint at the data’s origin. Based on this, [security researcher Bob] Diachenko first contacted Deep Social using the email address listed on its website to disclose the exposure. The administrators of Deep Social forwarded the disclosure to Social Data. The CTO of Social Data acknowledged the exposure, and the servers hosting the data were taken down about three hours later.

pCloud Update Lets Users Decide Where Files are Stored

pCloud is an encrypted cloud storage service, and a recent update gave users the ability to decide in which server their files are stored.

All pCloud users will be able to choose the server location where their files are stored. This will give users greater control over the security of their files. Once the choice of where to store the data is made during registration – in the US or Europe – it is practically impossible to transfer them without the user’s knowledge or permission. Currently, the option to select the server location is available only to newly registered users.