For anyone growing weary of the constant focus on Russian and President Donald Trump’s campaign, good news! A fresh horror took the spotlight late last week in the form of WannaCry, a vicious ransomware whose creators appear not to have been all that smart.
WannaCry, we learned, features a built-in “kill switch” that security researchers have used to, well, kill it, at least for now. Some people on XP and Windows 7 might even be able to get their files back. Meanwhile unknown hackers are throwing DDOS attacks at the kill-switch domain in order to bring WannaCry back from the dead. Who’s behind the whole thing, other than a nasty NSA exploit that went public in March? Who knows! But there’s at least a chance it was North Korea. Anyways, there’ll undoubtedly be another WannaCry at some point, so you should go ahead and start protecting yourself from ransomware now.
There was some brighter news this week, as Chelsea Manning went free after years of imprisonment for leaking government secrets. And former FBI Director Robert Mueller took the reins of the Russia investigation, giving hope that some sort of resolution could be coming … someday.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Telegram, a popular encrypted messaging app, introduces a suite of new features this week. You can now send video messages, send payments to bots, and view articles within the app, and without having to pop over to an outside browser. There’s even a built-in video platform now, called Telescope. All handy features, but maybe next time also start encrypting messages end-to-end by default?
ProPublica and Gizmodo recently teamed up to check how secure Mar-a-Lago’s internet is, and by goodness, the answer is ‘not very.’ The team found “weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.” Not a great rundown! But as security researcher Will Strafach notes, there’s a wide gap between Mar-a-Lago security and national security. The real, and still unanswered question, is whether Trump and others accessing sensitive information are doing so on those insecure networks. Which, in fairness given recent history, certainly remains a possibility.
Senate staffers start using Signal! A delightful tongue twister, but also a new reality of Congressional communications, according to a letter from senator Ron Wyden. The end-to-end encrypted messaging app should help political aides keep their secrets safe, but also raises some significant transparency questions. Congress doesn’t have to comply with the records-keeping laws that govern communications in other parts of government. But all of their communiques disappearing into a black hole seems … less than ideal. But hey! Security is trade-offs.
The nature of being a digital signing service means that Docusign users entrust it with highly sensitive papers all the time. The good news is, those documents were unaffected by a recent hack! What a twist. The bad news is, hackers used purloined Docusign customer email addresses to send phishing emails that appeared to be from Docusign—a great way to trick people into handing over delicate financial info. So, you know, be careful what you put your digital John Hancock on this weekend.