Your daily round-up of some of the other stories in the news
WikiLeaks releases more stolen CIA documents
WikiLeaks on Thursday released another tranche of documents stolen from the CIA that show that the agency has been creating tools to bypass devices from Apple for at least a decade.
This dump, dubbed “Dark Matter”, is the second from an archive known as “Vault7”, the first tranche of which was posted by WikiLeaks earlier this month. After the first tranche was posted, detailing attacks that would require physical access to devices, vendors pointed out that many of the exploits detailed in the documents had since been patched.
Earlier this week WikiLeaks offered to work with technology companies including Apple, Google and Microsoft to help them patch the vulnerabilities detailed in the CIA documents in return for a list of demands.
Naked Security will be looking in more detail at the documents and evaluating their contents tomorrow.
Senators overturn privacy rules for ISPs
American internet users will be losing a key protection for their data after senators voted on Thursday to repeal historic rules that required ISPs to get their customers’ permission before selling on sensitive data such as their browsing history to third parties.
The senators voted to approve a resolution that not only prevents the FCC’s privacy rules from going into effect, but also bars the FCC from ever enacting similar protections, the Washington Post reported.
While industry groups unsurprisingly welcomed the result, privacy campaigners deplored it. The ACLU said: “It is extremely disappointing that the Senate voted today to sacrifice the privacy rights of Americans in the interest of protecting the profits of major internet companies.”
Instagram finally rolls out 2FA
Instagram, the image-sharing social media platform owned by Facebook, has finally caught up with best-practice security advice and is rolling out two-factor authentication, the service said on Thursday.
We – and former president Barack Obama – are big fans of two-factor authentication, and we’ve been urging you to turn it on wherever possible since, well, forever. If you’re an Instagram user, enable it by going to settings and then turning on the option to require a security code under the new “Two-Factor Authentication” option.
At the same time, Instagram said it is adding a feature that puts a blurred screen over images that have been flagged as “sensitive” but which don’t violate its guidelines: you’ll have to tap if you want to see the photograph.
Unlike 2FA, there doesn’t seem to be a way for adults to opt out of Instagram’s modesty screen, so it remains to be seen how useful or annoying that becomes.
Catch up with all of today’s stories on Naked Security
Constant Deniger
What do you think of the article published by Wired under the title “The Clever ‘DoubleAgent’ Attack Turns Antivirus Into Malware” ? Does Sophos address this problem ?
Kate Bevan
Bill Brenner will be writing about this on Monday – look out for his piece then!
Andy.Hillbish
Using a static cellphone number for 2FA is not the best for international travelers. Bummer.
Max
The Senate voting clearly against the interest of the people (that voted them into office) and for the corporations that supply their campaign funds. Corruption in the open.