Naked Security Naked Security

News in brief: Google teaches safety; US builds AI spies; new Twitter vulnerability

Your daily round-up of some of the other stories in the news

Your daily round-up of some of the other stories in the news

Google wants kids to ‘be internet awesome’

Google has launched a new interactive game, Interland, to teach children how to be safe online. Available on all major browsers, players visit four floating islands based on different principles. From learning how to ‘secure your secrets’ on the Tower of Treasure and how to ‘share with care’ on Mindful Mountain to finding out why ‘it’s cool to be kind’ on Kind Kingdom and how not to ‘fall for fake’ on Reality River.

Together with a classroom curriculum and a video series on YouTube, the Be Internet Awesome program was designed alongside digital security experts to encourage children to be ‘smart, positive and kind online’.

Pavni Diwanji, vice president of engineering for kids and families at Google, said, “For kids to really make the most of the web, we need more than just helpful products: We need to provide guidance as they learn to make their own smart decisions online.”

US Intelligence are building AI spies

Much to my disappointment, it turns out that the majority of undercover work doesn’t involve cool gadgets hidden in everyday objects or jumping onto the tops of trains and parachuting off again.

Robert Cardillo, head of the National Geospatial-Intelligence Agency, explained that much of the work carried out involves collecting and analyzing data from satellites around the world. He said, “I will send [my team] to a dark room to look at TV monitors to do national security-essential work … but boy, is it inefficient.”

Foreign Policy reports that Cardillo plans to outsource 75 percent of the work currently performed by US intelligence analysts to robots and has already hired former tech CEO, Anthony Vinci to head up the project.

Though many see this new technology as a threat to their jobs, Cardillo has described the planned automation as a “transforming opportunity for the profession.”

Twitter bug allows tweeting from any account

Researcher Anand Prakash discovered a vulnerability in Twitter’s ad service, Studio. The security hole meant that attackers could send tweets and upload videos to any account as well as delete videos and images from victim’s tweets, reports SC Magazine.

Twitter Studio was released in 2016 to simplify the process of publishing videos from a desktop but this is the second wide-ranging bug to be discovered in the tool.

Prakash explained in a post, “I started looking out for security loopholes after the launch [of the Studio tool]. All API requests on studio.twitter.com were sending a parameter named “owner_id” which was twitter user id(publicly available and sequential) of the logged in user. Owner_id parameter was missing authorisation checks changing which allowed me to take actions on behalf of other twitter users.”

The bug was patched immediately, Twitter said, and there was no evidence that anyone other than the bug bounty hunter had exploited it.

Catch up with all of today’s stories on Naked Security