What the fail

pixel 4

With the Pixel 4 face unlock debacle, you really can say that Google’s Android security team did not check itself before it wrecked itself. What we’re thankful for here is the BBC journalist, who probably does not have narcolepsy, but instead pretended to be asleep with his review copy of a Pixel 4 to see if its “face unlock” feature was secure.

It wasn’t.

The Pixel 4’s only biometric security option, facial recognition, unlocked the phone even if the user’s eyes were closed. Google said it would be issuing a fix… in a few months. It made us wonder if everyone at Google was okay. In response to our queries, Google said: “We’ve been working on an option for users to require their eyes to be open to unlock the phone, which will be delivered in a software update in the coming months.”

Coinbase 2

So thank you for learning how to fake naptime, Mr. BBC reporter. You may have saved a lot of ordinary users (who do not have your access and influence) a lot of sleepless nights.

A vote for sanity

Since at least 2004, voting machine hackers — ahem, election security researchers — at Def Con were treated like crazy people or conspiracy nuts (which are kind of the same thing). Usually, both. In 2016, we wrote: “the machines are so badly maintained, historically backdoored, and easily hacked that even Def Con hackers massively stress out about the voting process in their own forums and chat spaces.”

It’s a setup that should seem familiar to any horror fan. The protagonist keeps trying to warn people about some looming danger — the Necronomicon, a clown in the sewer, a possessed car. But no one believes them, so the clown, the car and the gateway-to-hell book win every time. That’s what every day is like for researchers pointing out the insane mess of voting machine and election security year after year.

That is, until this year, when a voting machine (that was not possessed, we think) was filmed by a Mississippi voter actually changing their vote in front of their eyes. That viral video made national headlines, further exposing the numerous, simultaneous issues in electronic voting machines across the state, putting the governor’s race (and more) in doubt.

So let’s give thanks for that seemingly possessed voting machine. It’s time for everyone to start believing those Def Con election security “final girls.”

FCC’d up

FCC Chairman Pai Attends News Conference On Providing Low Cost Student Internet

The story of the fake FCC commenters could really be old episode of Scooby Doo, with Old Man Jenkins in a bad monster disguise cursing those nosy kids for seeing through his obvious scam. It started in 2017 when the FCC decided to decimate the open internet by killing net neutrality and (cough) miraculously, the FCC’s website was flooded with fake comments supporting the FCC’s widely-opposed move.

Fast forward to October this year, when reports emerged proving those comments were not only fake, but the stolen identities and information of US breach victims. You can’t say no one expected that plot twist: Turns out the people whose names were used in those fake FCC comments were none too pleased about it. Let’s just be thankful that the org behind this reprehensible attempt to hack public opinion, industry group Broadband for America, used the (ahem) brain trust at Media Bridge and LCX Digital to make sure a big stinky pile of breadcrumbs lead right back to the source.

Little green fail-iens

If it turns out that Mark Zuckerberg arrived on this planet promising a better world through his janky tech and carrying around a book called “To Serve Man,” we’d be among the humans saying “I told you so.” But in a way we’re glad Facebook has been so profoundly terrible at everything, because it helps us identify the planet-sized security #fails the company has made.

Like how in April, we found out that the passwords for hundreds of millions of Facebook, Facebook Lite, and Instagram users were stored in plain text. Facebook wanted everyone to know passwords were readable and searchable “only” internally, but with nearly 40,000 full-time employees, that comfort is as cold as Uranus. It’s even more chilling knowing the company discovered this complete and utter failure at password security by way of a 2018 breach, when attackers made off with data from 50 million Facebook users via compromised account access tokens.

Thanks for being terrible, Facebook! You have revealed your intentions on our planet.

We don’t see a problem

Cash withdrawal in dollars from an ATM.

Look. No one wants ATMs to be insecure, susceptible to viruses, or hackable by jerks who might try to take money from any unsuspecting individual.

The sad truth is that ATMs are so scattershot in their security, they’re a common theme in hacking presentations. And in organized crime there are “cashing crews” who swoop in to scoop up the Benjamins. In fact, the hacker who makes the ATM spew cash is a persistent and annoying Hollywood trope. But, for good reason: It’s real. In 2010, hacker Barnaby Jack made global headlines when he “jackpotted” ATMs on the Black Hat conference stage.

This is such a known problem, and has been going on so long that it’s hard to feel bad for ATM vendors, or their software and hardware vendors. So when we read headlines like “Malware That Spits Cash Out of ATMs Has Spread Across the World” it’s tough to feel like we’d be anything but grateful if this ongoing security blunder accidentally spit out some extra cash onto our feet this chilly holiday season.

Equifail

In the slums of our cyberpunk future, “Equifax” is the word harsh parents whisper to frighten their children into making strong, complex passwords. That’s thanks to news in October about a shareholder class-action suit over the credit reporting company’s egregious 2017 breach.

This revealed a slew of truly appalling, grossly negligent security practices. Especially, as Hot for Security reported, the use of “admin” as both username and password, “to authorize access to a portal used to manage credit disputes,” which “contained a vast trove of personal information.”

If you read the suit’s laundry list of security #fails it’s not a stretch to think of the company as both a folklore bogeyman of the American credit system, as well as cautionary-tale, monster under the bed for bad practices. We’re just grateful the headlines might’ve scared some people into following better password practices.

Keep on hackin’

Who forgot to secure all those electronic road signs we keep seeing hacked with messages like “THE FUTURE SUCKS”? Whoever you are, I hope you got fired, but I also have a strong urge to buy you a beer. Because in this abysmally wrong alternate timeline, I think many can agree that hackable road signs are bringing us a much-needed bit of levity right now.

The security failings of these signs are kind of two-fold. One is that they’re all issued with a default username and password, according to one manufacturer, ADDCO. If the signs were issued with a one-time password, that would be the end of warnings about “Entering bat country.”

The other #fail is that few people setting up their brand-new electronic road signs are changing those default passwords. Unless the calls are coming from inside the house, and someone working on the road crew was responsible for the sign reading “TRAPPED IN SIGN FACTORY.” In which case, let’s give thanks for anything reminding us that hacks are supposed to be fun, and people still love making each other smile.

Images: Koren Shadmi (Turkey Illustration); Chris Velazco / Engadget (Pixel 4); Mark Wilson/Getty Images (Ajit Pai); Getty Creative (ATM)

Security fails we’re kinda thankful for 1
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 39,910.00
ethereum
Ethereum (ETH) $ 2,292.79
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 311.84
cardano
Cardano (ADA) $ 1.28
xrp
XRP (XRP) $ 0.716406
usd-coin
USD Coin (USDC) $ 0.999317
dogecoin
Dogecoin (DOGE) $ 0.207454
polkadot
Polkadot (DOT) $ 14.47
binance-usd
Binance USD (BUSD) $ 0.999277
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 39,910.00
ethereumEthereum (ETH)
$ 2,292.79
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 509.15
litecoinLitecoin (LTC)
$ 138.97
bitcoinBitcoin (BTC)
33.828,71
ethereumEthereum (ETH)
1.943,43
tetherTether (USDT)
0,847625
bitcoin-cashBitcoin Cash (BCH)
431,57
litecoinLitecoin (LTC)
117,79
bitcoinBitcoin (BTC)
28,932.75
ethereumEthereum (ETH)
1,662.16
tetherTether (USDT)
0.724950
bitcoin-cashBitcoin Cash (BCH)
369.11
litecoinLitecoin (LTC)
100.75

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020
KuCoin hackers steal $150 million
KuCoin Exchange Hacked But Insurance Will Cover The Stolen $150M
September 29, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin39,885 0.08 % 1.80 % 23.16 %
Ethereum2,291.8 0.15 % 0.07 % 14.37 %
Tether1.000 0.39 % 0.44 % 0.11 %
Binance Coin311.74 0.50 % 0.48 % 6.09 %
Cardano1.280 0.08 % 0.69 % 8.76 %
XRP0.7157 1.01 % 11.67 % 24.75 %
USD Coin0.9991 0.15 % 0.37 % 0.85 %
Dogecoin0.2074 0.54 % 1.78 % 8.25 %
Polkadot14.46 0.13 % 1.63 % 16.62 %
Binance USD0.9990 0.12 % 0.39 % 0.83 %

bitcoin
Bitcoin (BTC) $ 40,277.00
ethereum
Ethereum (ETH) $ 2,311.18
tether
Tether (USDT) $ 1.01
binance-coin
Binance Coin (BNB) $ 316.11
cardano
Cardano (ADA) $ 1.28
xrp
XRP (XRP) $ 0.714646
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.209916
polkadot
Polkadot (DOT) $ 15.05
binance-usd
Binance USD (BUSD) $ 1.01