Search Results for “Gizmodo”

September 3, 2019
Dell Cameron / Gizmodo

Dell Cameron / Gizmodo  
Imprisoned Hacktivist Jeremy Hammond Called to Testify Before Grand Jury in Virginia Raising Questions About Whether U.S. Is Expanding Scope of Charges Against Julian Assange

Imprisoned hacktivist Jeremy Hammond, a former WikiLeaks source and once the FBI’s most-wanted cybercriminal, has been called to testify before a federal grand jury in the Eastern District of Virginia. The Jeremy Hammond Support Committee doesn’t know the nature or scope of the grand jury’s investigation but believes it is the same grand jury that Chelsea Manning is currently being incarcerated for refusing to testify before, raising new questions about whether the U.S. government is expanding the scope of the government’s criminal case against WikiLeaks and Julian Assange. It’s unclear how Hammond connects to the government’s probe of Assange, but WikiLeaks had provided Hammond and his AntiSec hacking crew with access to a custom search engine tool in early 2012 in an effort to aid the hackers in searching a batch of more than 5 million emails of Austin, TX-based global intelligence firm, Stratfor. Hammond pleaded guilty in 2013 to hacking Stratfor, which counted at the time a string of powerful clients including the Departments of Homeland Security and Defense, employees of the National Security Agency, countless police agency heads, and, among other notable figures, former Secretary of State Henry Kissinger.

Related: SparrowMedia, CNN, Washington Post, Daily Beast

Tweets:@dellcam @dellcam @dellcam @dellcam @dellcam @kevincollier @kevincollier @NatashaBertrand @FreedomofPress @rachelweinerwp @woodruffbets

SparrowMedia: Imprisoned Activist Jeremy Hammond Called Against His Will to Testify Before Federal Grand Jury in the EDVA
CNN: Incarcerated Anonymous hacker called before grand jury, sparking WikiLeaks questions
Washington Post: Hacker linked to WikiLeaks says he’s been brought to Virginia for testimony
Daily Beast: DOJ Wants To Question Wikileaks Associate Jeremy Hammond, His Supporters Claim

@dellcam: NEW: Jeremy Hammond, Anonymous hacker and one-time WikiLeaks source, has been called to testify before a federal grand jury, signaling the scope of DOJ’s criminal investigation into WL may be far wider than previously reported.
@dellcam: I included a refresher here on AntiSec’s exploits and on my own prior investigation into the Stratfor hack and how FBI’s claims about the attack to the @nytimes and elsewhere are misleading & do not align with the sealed evidence in its possession.
@dellcam: Things to remember: (a) FBI had intel that Stratfor had been hacked a full day before Hammond knew the company even existed; (b) WikiLeaks entered the scene after the hack was already public knowledge.
@dellcam: (c) In the post-Equifax world, Stratfor would be crucified. A leaked report I published in 2014 proved it enabled the attack. Root access to its servers required no password. It had no antivirus & no firewall.
@dellcam: Related: In Nov, Giz reported that WikiLeaks provided Hammond and potentially other Stratfor hackers w/ access to a search-engine tool to help them comb through the emails. (Perhaps a parallel here to Assange charge for allegedly trying to assist Manning)
@kevincollier: We don't currently have reporting why exactly Hammond's called. But as @dellcam reported last year, Hammond said in a private 2011 chat that Assange had offered him a tool to help w/hacked Stratfor emails. Echoes how the US charged him w/helping Manning:
@kevincollier: Anonymous hacktivist Jeremy Hammond, who's spent the past 7 years behind bars, called to testify before a grand jury. Believed to be related to Assange investigation and Chelsea Manning's similar grand jury call:
@NatashaBertrand: NEW: A potential development in the Assange case. Jeremy Hammond, who was convicted of computer fraud in 2013 for hacking the private intel firm Stratfor and releasing data to WikiLeaks, has been subpoenaed to testify before a grand jury in the Eastern District of Virginia.
@FreedomofPress: Ominous signs the Trump admin is expanding its case against WikiLeaks founder Julian Assange, who is already under an indictment that would have unprecedented consequences for press freedom.
@rachelweinerwp: Jeremy Hammond, serving 10-year sentence for Stratfor hack shared with Wikileaks, says he's been brought to Virginia for grand jury but won't testify
@woodruffbets: News: A grand jury in EDVA has called in Jeremy Hammond, who was involved in the Stratfor hack. His supporters say they believe it's to question him about Wikileaks.

September 6, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
[Updated] Apple Issues Statement on Google’s Discovery of iOS Vulnerabilities That Led to Attacks on Uighur Community, Says The Attacks Lasted for Shorter Period of Time and Were Less Widespread Than Google Researchers Suggest

Apple released a rare and defensive statement to comment on the attacks on iPhone users revealed by Google last week. Google revealed five chains of iOS vulnerabilities discovered by its security teams and described the attacks as “indiscriminate,” and potentially hitting “thousands” of people. Apple disputes minor details that Google released about the attacks saying the attacks lasted for a shorter amount of time and that they were less widespread than Google reported. Apple said that the attacks affected fewer than a dozen websites that focus on content related to the Chinese Muslim minority Uighur community. The target of the attacks had not been revealed by Google but journalists subsequently discovered they were targeted at the Uighur community. In the statement, Apple said that “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.” In response to Apple’s statement, Google issued its own statement saying “we stand by our in-depth research.”

Related: Apple, The Verge, Bloomberg, Reuters, Slashdot, Quartz, Buzzfeed, Gizmodo, CNET, The Next Web, New York Magazine, FOX News, Daring Fireball, Yahoo! News, FirstpostTODAYonline, TechCrunch, iClarified, TechnoBuffalo, iMore, MacDailyNews, Tech Insider, MacRumors, Technology Review, The Hill: Cybersecurity, Channel News Asia, The Hacker News, Engadget, iPhone Hacks, SlashGear » security

Tweets:@lmatsakis @josephfcox @josephfcox @zeynep @zackwhittaker @lorenzofb @markgurman @jeffstone500 @thehackernews @BleepinComputer @JohnPaczkowski @ericgeller @ericgeller @RMac18 @alexstamos @alexstamos @alexstamos @alexstamos @alexstamos @alexstamos @gizmodo @LorenzoFB @ShiraOvide @tqbf @suka_hiroaki @mattblaze @howelloneill @josephmenn @josephfcox @SwiftonSecurity

Apple: A message about iOS security 
The Verge: Apple accuses Google of ‘stoking fear’ over iPhone security issues
Bloomberg: Apple Disputes Google Description of a Widespread iPhone Attack
Reuters: Apple says Uighurs targeted in iPhone attack but disputes Google’s findings
Slashdot:Apple Disputes Google’s Claims of a Devastating iPhone Hack
Quartz: Apple implies iPhones were hacked to spy on China’s Uyghur Muslims
Buzzfeed: Apple Has Confirmed Uighurs Were Targeted In Wide-Ranging Phone Hacking Scheme
Gizmodo: Apple Can Feel Its Reputation for Bulletproof Security Slipping Through Its Fingers
CNET: Apple pushes back against Google on iOS hack targeting Muslims
The Next Web: Apple claps back at Google for spreading FUD in iOS exploit report
New York Magazine: Apple Downplays Enormous iOS Security Hole That Google Found
FOX News: Apple disputes Google’s iPhone hack claim, says report ‘creates false impression’
Daring Fireball: Apple Pushes Back on iOS Security in Wake of Google’s Report
Yahoo! News: UPDATE 2-Apple says Uighurs targeted in iPhone attack but disputes Google findings
Firstpost: Apple says Uighurs targeted in iPhone attack but disputes Google findings
TODAYonline: Apple says Uighurs targeted in iPhone attack but disputes Google findings
TechCrunch: Apple doesn’t want Google ‘stoking fear’ about serious iOS security exploits
iClarified: Apple Issues Statement on iOS Exploits Found in the Wild
TechnoBuffalo: Apple responds adamantly to concerns about iOS security vulnerabilities
iMore: Apple responds vehemently to concerns about iOS security vulnerabilities
MacDailyNews: CNET reviews Apple Card: Most useful for users who love Apple Pay
Tech Insider: Apple just put Google on blast for trying to stoke ‘fear among all iPhone users that their devices had been compromised’ (AAPL, GOOG)
MacRumors: Apple Disputes Some Details of Google’s Project Zero Report on iOS Security Vulnerabilities [Updated]
Technology Review:Apple says China’s Uighur Muslims were targeted in the recent iPhone hacking campaign
The Hill: Cybersecurity: Apple says iPhone attack was targeted at Chinese Muslim minority group
Channel News Asia: Apple says Uighurs targeted in iPhone attack but disputes Google’s findings
The Hacker News: Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Engadget: Apple tries to clear up Google’s claims about iOS vulnerabilities
iPhone Hacks: Apple Disputes Google Project Zero Findings, Issues Statement Highlighting iOS Security
SlashGear » security: Apple just accused Google of iPhone security fake news [Update]

@lmatsakis: It's really telling, I think, that Apple doesn't use the word "China" in this statement confirming that the iOS exploits Google discovered were used to spy on China's minority Muslim population
@josephfcox: Apple just posted a wild statement in response to Google Project Zero's findings on malicious websites pushing iOS exploits for years - confirms against Uighurs - disputes "years" deployment, says two months - pretty arrogant tone about device security
@josephfcox: The whole statement is pretty dismissive of the targeting of the Uighur minority. Notice it doesn't actually say how many devices were infected either, just tries to suggest smaller impact than Google said
@zeynep: This is a terrible statement.
@zackwhittaker: Apple has issued a rare statement about iOS security re: Google's iPhone exploits it posted last week, basically confirming my reporting about the attacks targeting Uyghur Muslims.
@lorenzofb: So, to recap.Google said the attacks on iPhones were widespread. Multiple reports say it was China hacking Uighurs.Apple confirms it was Uighurs, but doesn't say it was China.In 2009, Google wasn't scared to point finger at China. How the times change.
@markgurman: First Siri privacy issues, now Apple puts Google malware finding controversy behind it ahead of Tuesday. They’re blasting Google for posting about it 6 months after it was fixed.
@jeffstone500: Apple’s response to Google today says that massive iOS hacking operation lasted "only" months & that it was “focused,” creating the impression all this is overblown. Try telling the Uighur targets who probably have Chinese spies lurking on their phones forever.
@thehackernews: Apple says Google created the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised.Update added to the original story:
@BleepinComputer: Apple claims Google's Project Zero report is "stoking fear among all iPhone users that their devices had been compromised."
@JohnPaczkowski: kinda odd that google didn't mention Uighurs in that project zero post, too
@ericgeller: In a rare public statement, Apple confirms watering-hole websites used to infect Uighurs' iPhones but rejects Google's initial description ( including duration and scale.
@ericgeller: Google responds to Apple saying that Project Zero got some details wrong when it first revealed the iOS hacking campaign: "We stand by our in-depth research..."
@RMac18: Some updates:-An FBI official says the bureau has been aware of the exploit for some time and has been in contact with Apple.-Google has a statement pushing back on Apple and saying it stands by its research.
@alexstamos: Apple's response to the worst known iOS attack in history should be graded somewhere between "disappointing" and "disgusting".First off, disputing Google's correct use of "indiscriminate" when describing a watering hole attack smacks of "it's ok, it didn't hit white people."
@alexstamos: Even if we accept Apple's framing that exploiting Uyghurs isn't as big a deal as Google makes it out to be, they have no idea whether these exploits were used by the PRC in more targeted situations. Dismissing such a possibility out of hand is extremely risky.
@alexstamos: Second, the word "China" is conspicuously absent, once again demonstrating the value the PRC gets from their leverage over the world's most valuable public company.To be fair, Google's post also didn't mention China. Their employees likely leaked attribution on background.
@alexstamos: Third, the pivot to Apple's arrogant marketing is not only tone-deaf but really rings hollow to the security community when Google did all the heavy lifting here. I'm guessing we won't hear Tim talk about how they are going to do better on stage next week.
@alexstamos: This possibility that this incident might wake Apple up to their responsibilities the way Aurora impacted Google was discussed by @riskybusiness and I just a couple of days ago. I guess we have our answer.
@alexstamos: Dear Apple employees: I have worked for companies that took too long to publicly address their responsibilities. This is not a path you want to take. Apple does some incredible security work, but this kind of legal/comms driven response can undermine that work. Demand better.
@gizmodo: Apple can feel its reputation for bulletproof security slipping through its fingers
@LorenzoFB: Even former Apple security engineers think Apple's statement on this is bad.
@ShiraOvide: This is savage and good.Humility is a highly useful quality in people, and in companies.
@tqbf: Cosign all of this. Apple does astonishing technical work to secure the iOS platform, and this statement squanders the moral authority they earned.
@suka_hiroaki: Google: Hey, we found a bunch of full exploit chains for iOS, here is how to fix them. Apple: HOW DARE YOU!!!
@mattblaze: This thread from @alexstamos . I hope my friends at Apple read it very carefully. There's important, hard-earned wisdom here.
@howelloneill: There's a lot of worthwhile debate to be had over Apple's statement about this hacking campaign. One important thing it did do is confirm earlier reporting about Uighur targets. One thing it didn't do is use the word China.
@josephmenn: Unclear how Apple and Google taking Sharpies to one another is helping the Uighurs.
@josephfcox: i don't think anything has ever brought the infosec community together as much as this unanimous response to apple's statement
@SwiftonSecurity: Apple should have just taken the L and hardened their OS instead of posting this garbled statement.

October 16, 2019
Dell Cameron / Gizmodo

Dell Cameron / Gizmodo  
Democratic Lawmakers Put Election Security in the Spotlight During Hearing Held in Illinois

In a bid to broaden the public’s understanding of election security and boost the profile of pending election security legislation, Democratic lawmakers traveled to Gurnee, Illinois, to hear testimony from leading election and cybersecurity officials. Illinois was a top target of Russian hackers during the 2016 election with the personal information of around 76,000 Illinois voters compromised by Russian hackers who exfiltrated the data from the Illinois Board of Elections’ website. Lawmakers heard from DHS’ Matt Masterson that funding previously approved for election security by Congress had enabled the Department to deploy intrusion-detection capabilities across all 50 states. Elizabeth Howard, counsel for the Brennan Center’s Democracy Program, said despite the surprise of nation-state targeting during the 2016 election, cybersecurity experts are familiar with the tactics they used, and there is widespread agreement on the appropriate countermeasures and policies that are needed to ensure election systems can withstand attacks.

August 7, 2019
Caroline Haskins / Vice News

Caroline Haskins / Vice News  
Amazon’s PR Arrangement With Police Regarding Ring Home Surveillance Video Footage Guides Police With Statements to Encourage Sharing Camera Footage

Ring, Amazon’s home surveillance company, has partnered with at least 225 law enforcement agencies around the country and according to documents obtained by Motherboard, in a PR arrangement with police, previously revealed by Gizmodo, Ring aims to control not just press releases and announcements, but statements designed to be spoken aloud and posted on social media platforms such as Neighbors, Ring’s “neighborhood watch” app. According to the documents, Ring made a spreadsheet with 46 standardized comments that cops can post on social media. The comments encourage users to share camera footage with police, call and email police officers, and encourage friends to download Neighbors, in essence allowing law enforcement to gain access to Ring footage without a warrant.

Related: Last Minute Geek, Ars TechnicaPocket-lint, Gizmodo

Tweets:@derektmead @carolineha_ @carolineha_

September 1, 2019
Margaret Harding McGill / Politico

Margaret Harding McGill / Politico  
Google Reportedly to Pay $150 to $200 Million FTC Fine to Settle Children’s YouTube Privacy Violations

In what could be the largest civil penalty ever obtained in a children’s privacy case, the Federal Trade Commission (FTC) has voted to fine Google $150 million to $200 million to settle accusations that its YouTube subsidiary illegally collected personal information about children, according to a person familiar with the matter. The FTC voted 3-2 along party lines to approve the settlement, sending it over to the Justice Department as part of the review process. The previous record fine was a $5.7 million levy against the owners of TikTok earlier this year.

Related: The Hindu – News,, Gizmodo, The Financial Express, NDTV, TechSpot, Wall Street Journal, CNN, Reuters, CNET, New York Times

August 31, 2019
Brian Barrett / Wired

Brian Barrett / Wired  
Anonymous Hacker Compromised Twitter CEO Jack Dorsey’s Account Through SIM Swapping and Tweeted String of Racist Messages, Bomb Threats

An anonymous hacker took over Twitter CEO Jack Dorsey’s account for 20 minutes and used it to send out a string of racist messages and bomb threats. A group that calls itself the “Chuckle Gang,” which has broken into other high-profile Twitter accounts before, apparently broke into the @jack account at 3:45 pm and sent out dozens of tweets and retweets. Other who have been attacked by these hackers blamed so-called SIM swap attacks, with a particular focus on AT&T and Twitter confirmed that Dorsey’s breach was a SIM swap as well. It’s unclear, however, how Dorsey was able to regain access to his account so quickly if the attack was a result of a SIM swap.

Related: Deutsche Welle, Digital Trends, The Hill: CybersecurityAvira Blog, Firstpost, Sydney Morning Herald, Reuters, The Next Web, Tech Insider, Stars and Stripes,, ZDNet, ABC News: U.S., CBC, TribLIVE, Financial Times, Washington Post, SlashGear » security, – Stuff, CNET News, ZDNet, New York Times, CBC, The A.V. Club, BuzzFeed – Tech, Sky News, Mashable, TORONTO STAR, Dark Reading: Attacks/Breaches, USA Today, Social Media Today , Vox, OneZero – Medium, FOX News, The Verge, VentureBeat, Gizmodo, Evening Standard, Daring FireballWindows Central , TechCrunch, Daily Dot, Tech Insider,, Digital Trends,, Quartz, Neowin, Daily Beast, The Verge, Slashdot, CNET News,, Android Central , San Francisco Chronicle, SFist, Axios, Vox,, The Inquisitr News, CCN, AP Breaking News, iAfrikan, TIME, iMore, Memeburn, The Guardian, Android Central , RT USA, Boing BoingAndroid Authority, The Register,, San Francisco Chronicle, Quartz, Cybersecurity Insiders, SC Magazine, THE INQUIRER,, THE INQUIRER, iTnews – Security,,

Deutsche Welle: Twitter CEO Jack Dorsey’s account sent racist tweets after hack
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages
The Hill: Cybersecurity: Hillicon Valley: Twitter CEO Jack Dorsey’s account hacked | Google found iPhone security bug | YouTube reportedly to pay up to $200M to settle child privacy investigation | DNC expected to nix Iowa virtual caucus plans
Firstpost: Twitter CEO’s hacked account sends racist tweets before being secured
Sydney Morning Herald: Twitter CEO Jack Dorsey’s account hacked, racist tweets sent
Reuters: Twitter CEO’s hacked account sends racist tweets before being secured
Channel News Asia: Twitter CEO’s hacked account sends racist tweets before being secured
The Next Web: Twitter CEO Jack Dorsey’s account has been hacked
Tech Insider: Twitter CEO Jack Dorsey’s Twitter account was hacked to send out racist tweets with the n-word and phrases like ‘Hitler is innocent’ (TWTR)
Stars and Stripes: Twitter CEO Dorsey’s account sent racist tweets after hack Twitter CEO’s Account Hacked, Defaced With Racist Posts
ZDNet: Jack Dorsey’s Twitter account got hacked
ABC News: U.S.: Twitter CEO Dorsey’s account sent racist tweets after hack
CBC: Twitter says CEO’s account sent out racist, vulgar tweets after it was hacked
TribLIVE: Twitter CEO Jack Dorsey hacked; account sent racist tweets
Financial Times: Jack Dorsey’s Twitter account hacked
Washington Post: Twitter co-founder Jack Dorsey’s account hacked
SlashGear » security: Twitter CEO’s @Jack account hacked [Update] – Stuff: Twitter CEO Jack Dorsey’s account sends racist tweets after hack
CNET News: Jack Dorsey’s Twitter account hacked – CNET
New York Times: Twitter C.E.O. Jack Dorsey’s Account Hacked
The A.V. Club: Someone hacked Jack Dorsey’s Twitter account to say even dumber stuff than usual
BuzzFeed – Tech: Jack Dorsey, The CEO Of Twitter, Was Hacked On Twitter
Sky News: Twitter founder’s account hacked as racist tweets posted
Mashable: Jack Dorsey’s Twitter account hacked to spread pro-Hitler message
TORONTO STAR: Twitter founder Jack Dorsey’s account hacked
Dark Reading: Attacks/Breaches: @jack Got Hacked — Twitter CEO’s Tweets Hijacked
USA Today: Twitter says it is investigating how CEO Jack Dorsey's account was compromised
Social Media Today : Hackers Gain Access to the Twitter Account of Platform CEO Jack Dorsey, Tweet Offensive Content
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content
OneZero – Medium: Three Takeaways From the Hack of Jack Dorsey’s Twitter Account
FOX News: Twitter CEO Jack Dorsey’s own account was hacked, used to post vulgar messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked
VentureBeat: Twitter is investigating CEO Jack Dorsey’s account being hacked
Gizmodo: Jack Dorsey’s Twitter Account Was Hacked
Evening Standard: Twitter CEO Jack Dorsey's own Twitter account hijacked with series of racist tweets
Daring Fireball: Jack Dorsey’s Twitter Account Was Compromised
Windows Central : Jack Dorsey, Twitter’s CEO, had his account hacked
TechCrunch: A hacker has compromised Jack Dorsey’s Twitter account
Daily Dot: Twitter CEO’s account hacked, retweets pro-Nazi propaganda
Tech Insider: How to delete your Fitbit account and erase your personal data Hackers tweet racial slurs from Twitter CEO Jack Dorsey’s account
Digital Trends: Twitter CEO Jack Dorsey’s account was hacked and used to tweet racist messages Jack Dorsey’s Twitter Account Hacked by ‘Chuckling Squad’
Quartz: Jack Dorsey’s Twitter account got hacked—here’s what we know
Neowin: Twitter CEO, Jack Dorsey, gets account taken over by hackers
Tech Insider: It took Twitter longer to secure Jack Dorsey’s account from hackers than it would for a nuclear missile to travel around the world — and that should terrify you
Daily Beast: Twitter CEO Jack Dorsey’s Account Gets Hacked, Posts Racist Messages
The Verge: Twitter CEO Jack Dorsey’s account has been hacked Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
Android Central : How to change your Twitter password and activate two-factor authentication
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
SFist: Hackers Seize Jack Dorsey’s Twitter, Make Bomb Threats, Praise Hitler
Axios: Twitter CEO Jack Dorsey’s account hacked
Vox: Jack Dorsey’s hack encapsulates Twitter’s struggle with problematic content Twitter CEO Jack Dorsey has been hacked
The Inquisitr News: Twitter CEO Jack Dorsey’s Account Was Hacked
CCN: Jack Dorsey Twitter Hack a Sick Way to Protest Hate Speech
AP Breaking News: Twitter CEO Dorsey’s account sent racist tweets after hack
iAfrikan: Jack Dorsey’s Twitter account hacked
TIME: Twitter CEO Jack Dorsey’s Twitter Account Has Been Hacked
iMore: Worried about getting your Twitter account hacked? Set up 2FA to protect it
Memeburn: Jack Dorsey’s Twitter account has been hacked, yet again
The Guardian: Jack Dorsey: Twitter CEO’s account hacked in embarrassing security lapse
Android Central : Jack Dorsey, Twitter’s CEO, had his account hacked
RT USA: Twitter CEO Jack Dorsey’s account ‘compromised,’ posted racial slurs
Boing Boing: How did Twitter CEO Jack Dorsey’s account get hacked?
Android Authority: Regularly changing your Twitter password is important, as Twitter CEO found out
Tech Insider: What we know about how Twitter CEO Jack Dorsey’s account was hacked, and the group called ‘Chuckling Squad’ who is claiming responsibility
The Register: JACK OF ALL TIRADES: Twitter boss loses account to cunning foul-mouthed pranksters Jack Dorsey’s Twitter account was hacked — and he’s the CEO of Twitter
San Francisco Chronicle: Twitter CEO Dorsey’s account sent racist tweets after hack
Quartz: Hong Kong’s fast-learning, dexterous protesters are stumped by Twitter
Cybersecurity Insiders: Twitter Mobile Security flaw allows hackers to post Racist comments
SC Magazine: Twitter CEO’s account hacked in SIM-swapping scheme | SC Media
THE INQUIRER: Twitter CEO Jack Dorsey gets his Twitter account hacked Hey Jack, How Was Your Account Hacked?
iTnews – Security: Twitter CEO’s hacked account sends racist tweets before being secured Twitter CEO’s Account Hacked, Defaced With Racist Posts Twitter CEO Jack Dorsey’s account sends out pro-Nazi tweets after being hacked

August 28, 2019
Mark Gurman / Bloomberg

Mark Gurman / Bloomberg  
Apple Apologizes for Now-Suspended Practice of Allowing Workers to Listen to Siri Recordings But Plans to Reinstate Practice After Software Tinkering

In a rare concession, Apple apologized for privacy mishaps surrounding its Siri voice assistant and said that it would no longer retain audio recordings of Siri interactions, among other changes. “As a result of our review, we realize we haven’t been fully living up to our high ideals, and for that we apologize,” Apple said in a statement. The move follows criticism of Apple and other Silicon Valley tech giants for employing humans to listen to recordings of user interactions with voice assistants in a bid to improve their products.  Apple, however, plans to reinstate the practice after making a few changes in software updates this fall that will give users more control over their privacy.

Related: Patently Apple, Financial Times, SlashGear, EFF,, 9to5Mac, iClarified, The Mac Observer, Slashdot, AppleInsider, iPhone Hacks, 9to5Mac, ZDNet Security,, Threatpost, VentureBeat, Neowin, iMore, iMore, MacDailyNews, BetaNews, The Verge, BGR, The Verge, Pocket-lint, MacRumors, Axios, Computer Business Review, AP Breaking News, Gizmodo, iTnews – Security, NDTV, Telecompaper Headlines, fossBytes, iClarified, The Loop, channelnews, Asia One Digital, Lowyat.NET, Fortune, CCN, San Francisco Chronicle, Technology –

Patently Apple: Apple Decides to Eliminate Siri Grading by ending Contracts with workers Manning the Project until this Fall
Financial Times: Apple apologises for listening to Siri conversations
SlashGear: Siri privacy upheaval: Apple apologizes with new audio policy
EFF: EFF and Mozilla Release Public Letter to Venmo Apple Offers Rare Apology Over Siri Voice Recordings And Promises User Privacy Changes
9to5Mac: Apple publishes FAQ page addressing Siri privacy and common concerns
iClarified: Apple Apologizes for Falling Short on Siri Privacy, Outlines Changes Coming This Fall
The Mac Observer: Apple Pledges to Improve Siri Privacy, Starting by Firing 300 Contractors
Slashdot: Apple is Turning Siri Audio Clip Review Off by Default and Bringing it in House
AppleInsider: Apple announces plans to improve Siri’s privacy protections for users
iPhone Hacks: Apple Makes Major Privacy Focused Changes to Siri Grading Program
9to5Mac: Apple says Siri audio grading program will return later this fall, with privacy-focused policy changes
ZDNet Security: Apple will no longer keep Siri audio recordings by default, makes feature opt-in Apple details improved privacy protections following the recently suspended human grading of Siri requests
Threatpost: Apple Updates Privacy Policies After Siri Audio Recording Backlash
VentureBeat: Apple apologizes for Siri privacy issues, changes recording policies
Neowin: In light of recent controversy, Apple is changing the way it handles Siri recordings
iMore: Apple addresses Siri privacy and grading questions with new FAQ page
iMore: Apple apologizes for Siri recording controversy
MacDailyNews: Apple apologizes for Siri grading program, makes changes to improve Siri’s privacy protections
BetaNews: Apple apologizes for having contractors listen to Siri recordings and announces privacy changes
The Verge: Apple apologizes for Siri audio recordings, announces privacy changes going forward
BGR: Apple announces sweeping changes to its Siri review process following privacy backlash
Pocket-lint: How Apple is changing Siri in aftermath of audio recordings controversy
MacRumors: Apple Will Continue to Review Computer-Generated Siri Transcripts Regardless of Opt-In Status
Axios: Apple apologizes over Siri recordings
Computer Business Review: Apple Apologies for Default Siri Audio Retention, Software Update will Make it Opt-In
AP Breaking News: Apple apologizes for use of contractors to eavesdrop on Siri
Gizmodo: Apple Says Only In-House Employees Will Listen to Siri Recordings as 300 Contractors Are Reportedly Laid Off
iTnews – Security: Apple to stop default practice of keeping Siri recordings
NDTV Apple Fires Hundreds of Contractors Hired to Listen to Siri Recordings: Report
Telecompaper Headlines: Apple apologises for listening into Siri, plans opt-in to ensure privacy
fossBytes: Apple’s Apology Gives Us Hope Siri Won’t Spy On Us Again
iClarified: Apple Posts New Support Document on Siri Privacy and Grading
The Loop: Siri Changes
channelnews: Apple Apologises For Siri Privacy Breach
Asia One Digital: Apple to stop default practice of keeping Siri recordings
Lowyat.NET: Apple Announces Privacy Protection Improvements In Light Of Siri Recording Program
Fortune: Apple Opts Out of Saving Siri Recordings by Default, Turning Another Controversy Into a Marketing Moment
CCN: Apple Says ‘Sorry’ for Completely Disregarding Our Privacy
San Francisco Chronicle: Apple apologizes for contractors who eavesdropped on Siri
Technology – Apple apologizing for privacy issues with Siri recordings

August 19, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
Latest iOS Version Reintroduces Bug Found in Earlier Version, Researcher Releases Public Jailbreak for Up-to-Date iPhones

iOS 12.4, the latest version released in June, reintroduced a bug found by a Google hacker that was fixed in iOS 12.3, Jonathan Levin, a security researcher and trainer who specializes in iOS discovered. Pwn20wnd, a security researcher who develops iPhone jailbreaks, published a jailbreak for iOS 12.4.  Yet another security researcher who wishes to remain anonymous said that organizations that have the expertise to target iPhones can now use a bug in Safari, for example, to “ hack any up to date iPhone.” Finally, Ned Williamson, a security researcher at Google, confirmed that the old exploit that was once patched by Apple works on his iPhone XR.

Related: Wired, Gizmodo, Engadget, Tom’s Guide, 9to5Mac, Cult of Mac, The Mac Observer, pwn20wndstuff/Undecimus


August 12, 2019
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Researchers Devise Method to Bypass Sleeping Victim’s FaceID by Modifying a Pair of Eyeglasses

An attack that allowed researchers to bypass a victim’s Apple FaceID on an iPhone and log into their phone simply by putting a pair of modified glasses on their face was demonstrated by Tencent researchers at Black Hat. By placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers tapped into a feature behind biometrics called “liveness” detection which renders a black area (the eye) with a white point on it (the iris) and discovered the liveness detection scans the eyes differently for users wearing glasses. They created a prototype set of glasses called X-glasses with black tape on the lenses and white tape on the inside and were able to unlock a mobile phone and ultimately transfer money through mobile payment. The obvious drawback for this technique is the victim must be unconscious, for one, and can’t wake up when the glasses are placed on their face.

August 10, 2019
Andy Greenberg / Wired

Andy Greenberg / Wired  
Eighteen-Year-Old High School Student Found Flaws in School Software That Could Have Allowed Hackers Deep Access to At Least Five Million Students’ Data in 5,000 Schools

Serious bugs in the web interfaces of two common pieces of software sold by tech firms Blackboard and Follett that could allow hackers deep access to at least five million students’ data used by more than 5,000 schools were discovered by eighteen-year-old high school student Bill Demirkapi. The common bugs of so-called SQL-injection and cross-site-scripting vulnerabilities were found in Blackboard’s Community Engagement software and Follett’s Student Information System. In Blackboard’s case, Demirkapi found 5 million vulnerable records for students and teachers, including student grades, immunization records, cafeteria balance, schedules, cryptographically hashed passwords, and photos. Follett thanked Demirkapi for finding the bugs, which the company said were fixed in July 2018. Blackboard also thanked Demirkapi, but argued that based on its analysis no one else had accessed those records through the vulnerability he exposed.