Security, Spoken

John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself, or deploys one of his experienced colleagues at Black Hills Information Security. But in July 2014, prepping for a pen test of a South Dakota correctional facility, he took a decidedly different tack. He sent his mom. In fairness, it was Rita Strand's idea. Learn about your ad choices: dovetail.prx.org/ad-choices

As Richard Grenell, the current US ambassador to Germany, starts his second day on the job as the nation’s acting director of national intelligence, his arrival also marks the ouster of not only his predecessor, Joseph Maguire, but reportedly also of DNI principle executive Andrew Hallman. By the end of the day, almost all of the roles created after 9/11 literally to prevent the next 9/11 will be either vacant or lack permanent appointees. Learn about your ad choices: dovetail.prx.org/ad-choices

Distributing malware by attaching tainted documents to emails is one of the oldest tricks in the book. It's not just a theoretical risk—real attackers use malicious documents to infect targets all the time. So on top of its anti-spam and anti-phishing efforts, Gmail expanded its malware detection capabilities at the end of last year to include more tailored document monitoring. And it's working. Learn about your ad choices: dovetail.prx.org/ad-choices

At 10:28 pm on November 1, an image of an unknown and classified Pokémon appeared in a Discord group. Gigantamax Machamp, the megasized version of the body-builder Pokémon, was slated to appear in the then-unreleased games Pokémon Sword and Pokémon Shield. Within minutes, JPEGs of it were posted to 4chan. Then, on a dedicated Pokémon Reddit. It wasn’t long until 300 URLs were hosting it. Learn about your ad choices: dovetail.prx.org/ad-choices

This week was filled with wide-scale calamity. Hundreds of millions of PCs have components whose firmware is vulnerable to hacking—which is to say, pretty much all of them. It's a problem that's been known about for years, but doesn't seem to get any better. Likewise, Bluetooth implementation mistakes in seven SoC—system on chips—have exposed at least 480 internet of things devices to a range of attacks. Learn about your ad choices: dovetail.prx.org/ad-choices

If there’s one line intelligence officials have stuck to about Russian interference in US elections, it’s that it never stopped. Not after the 2016 election, not after the 2018 midterms, and certainly not now, well into the 2020 primary season. Which is why it should be no great surprise that, as the Washington Post first reported Friday, US officials warned Bernie Sanders that Russia is “attempting to help” his presidential campaign. Learn about your ad choices: dovetail.prx.org/ad-choices

Bluetooth is used in everything from speakers to implanted pacemakers, which means that Bluetooth-related vulnerabilities can affect a dizzying array of devices. In the latest instance, a newly discovered round of 12 Bluetooth bugs potentially exposes more than 480 devices to attack, including fitness trackers, smart locks, and dozens of medical tools and implants. Learn about your ad choices: dovetail.prx.org/ad-choices

YouTube Gaming has been clawing its way into streaming platform Twitch’s market share for months. But new data retrieved by WIRED suggests that YouTube Gaming also has a serious problem with scammers and cheat-makers—and lots and lots of bots. In January, all seven of the most-watched YouTube Gaming channels weren’t run by happy gamers livestreaming the game du jour. Learn about your ad choices: dovetail.prx.org/ad-choices

That laptop on your desk or server on a data center rack isn't so much a computer as a network of them. Its interconnected devices—from hard drives to webcams to trackpads, largely sourced from third parties—have their own dedicated chips and code as well. Learn about your ad choices: dovetail.prx.org/ad-choices

West Virginia and Oregon have both recently deployed mobile a voting app called Voatz to facilitate absentee voting. But Voatz now turns out to have major security flaws, according to researchers from the Massachusetts Institute of Technology—including vulnerabilities that could let a hacker manipulate results. The newly unearthed bugs could allow an attacker to reveal someone's votes, block votes from being submitted, or even manipulate them. Learn about your ad choices: dovetail.prx.org/ad-choices