5 major revelations you should know from the WikiLeaks CIA cache

Welcome to The Dashlane Tech Check for March 10, 2017!  I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack that will keep you safe and secure all year long.

What in the (Security) World?

Here’s what made headlines this week in the world of digital identity, security, and privacy:

Wikileaks releases information on alleged CIA hacking tools

 

The Central Intelligence Agency (CIA) is scrambling to mitigate the damage caused when WikiLeaks published a trove of documents on alleged CIA hacking programs. Dubbed “Vault 7”, this is the first release in a series of releases known as “Year Zero” and promises to be the largest publication of confidential CIA documents ever, according to WikiLeaks. Here are 5 big revelations for the documents disclosed in the leak:

  • The CIA allegedly built malware that targets iPhones, Androids, and smart TVs.
  • The CIA allegedly developed multi-platform malware targeting Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools.
  • The CIA allegedly did not disclose serious security flaws to manufacturers like Apple, Microsoft, Google, and other US-based manufacturers, breaking a commitment made from the Obama administration. 
  • CIA hackers allegedly operated a “hacker base” out of the Frankfurt consulate in Germany
  • The CIA allegedly laid out rules on how the “CIA, US government, or its witting partner companies” can avoid being implicated in a “forensic review”.

For more information, click here to read the Hacker News’ breakdown of the 10 things you should know about the Vault 7 cache.

There is no absolute right to privacy” says FBI Director 

In a keynote speech at the Boston Conference on Cyber Security, FBI Director James Comey avoided questions about the CIA leak, but did discuss his views on strong encryption. In response to secure messaging applications like Signal and WhatsApp gaining in popularity, Comey said: “These apps are now a default feature of much less sophisticated actors, drug dealers, bank robbers, pedophiles, some terrorists. Their shadow is spreading across more of our work.” He also defended the U.S Government’s right to invade one’s privacy–with good reason. “There is no absolute right to privacy,” Comey said, adding, “with respect to default, strong encryption, it changes that bargain, and shatters it, in my view.” Read more.

Fortune 1,000 companies are twice as likely to be breached, says new study

Infosecurity Magazine covered a new study from BitSight researchers, which found that least one out of every 20 Fortune 1,000 companies has experienced a data breach in the last 15 months. The study also found the security performance of those Fortune 1000 companies’ has declined overall. Learn more.

Employees are still not aware of the security risks associated with BYOD devices in the workplace 

 

Infosecurity Magazine also covered a study from Symantic, that found that approximately three in four British workers use their personal devices for work, but 13 percent of them have no idea what the security status of their device is and only 15 percent enable automatic security settings updates. Read more.

Breach Alerts

One Million Gmail and Yahoo credentials are for sale on the dark web

 

According to Computer Weekly, roughly one million Gmail and Yahoo credentials are up for sales on the dark web. The data up for sale includes usernames, email addresses, and plaintext passwords for over a million accounts, sourced from various data breaches in recent years. Learn more.

#Spammergate: A spam list leaked almost 1.4 billion emails and IP addresses

Ever wondered how those robotic spam emails manage to get your information? “Automation, years of research, and fair bit of illegal hacking techniques” says a team of investigators from the MacKeeper Security Research Center, CSOOnline, and Spamhaus. MacKeeper released information about the sketchy marketing firm River City Media’s failure to secure a database containing almost 1.4 billion email accounts, full names, IP addresses, and often physical addresses. Learn more.

Dashlane News You Shouldn’t Snooze

Snapchat star recommends Dashlane after his account gets hacked 

Photo credit: Frockadvisor

Snapchat star and co-founder of Currabinny James Kavanagh spoke to Xpose about his social media profile being hacked. He admits that he protected his Snapchat account with a weak password and his entire account was dissolved “in the blink of an eye.” In the wake of the incident, Kavanagh has learned to change his passwords monthly and use a password manager! “Also, I downloaded Dashlane for free for my laptop and phone, he said” “It’s a fab password manager that works from a master password. Give it a whirl.” Read more.

Dashlane is one of 6 tools recommended for “Digital Nomads”

Fast Company writer Tiffany Sun recommended 6 tools she simply can’t live without as a “digital nomad”. Number four on her list: Dashlane! Sun says that she looked for and tried dozens of apps to boost her productivity, but struggled to remember her passwords for all of them. “Don’t be like me and wreck your brain,” she says. “Get Dashlane. It stores all of your passwords and automatically fills them in for you”. Read more.

This Week’s Lifehack to Improve Your Security

This Thursday was International Women’s Day! To celebrate, the women of Dashlane got together to discuss many important issues, including one we’re uniquely passionate about–security. To spread awareness about the unique security risks women face online, we wrote a blog post made for women (by women) on with tips and tools to protect yourself on and offline. We highly recommend sharing this with your friends, family, and close colleagues!


Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.

Also, don’t forget to follow us on Twitter to always be in the know! In our last Tech Check, we told you about the Yahoo breach you didn’t hear about in the news and tell you what caused the Amazon AWS S3 outage that caused major headaches for several websites and apps.

Here’s more news you can use:
ZDNet wants you to stop calling everything a “hack!” Here’s why.
Would you give the feds access to your encrypted messages? 46 percent of Americans said…
Would you give the fed access to your encrypted messages? 46 percent of Americans said…
The Mozilla dinosaur is officially extinct! See their geeky new logo.
  • Jean Rhoades

    I’m deleting my Dashlane account and asking for a refund. I joined in January and used the Premium trial subscription for 1 month. I logged into Dashlane successfully the entire time. The trial period runs out and what do you know! I can no longer log into my account. I didn’t change the Master PW, I entered it correctly and tried about 100 times. Support at Dashlane is no help. And of course, I’ll loose about 30 different passwords and will need to start over. I’m getting out and getting a refund.

    • Hi Jean,

      I’m so sorry about this issue, and I’ll do what I can to help. Since you purchased Premium, can you try accessing the Web App and let me know if you can access your account that way? This will help us figure out the status of your account: https://www.dashlane.com/app/#signin

      Please let me know how that goes.

      -Malaika

      • Jean Rhoades

        I’ve tried accessing my account using the web app while on my PC, Ipad and Iphone. I’ve tried it from my home PC and my work PC – nothing is working. I’ve just tried again using your link. After entering my email address, it continues to take me back to the same window asking for me to login with the email address assoicated with my account
        *~Jean*

        • Thanks for the info. And to rule out the possibility of this being a bug, when you attempted to login, did you see a “upgrade to Premium” message? Or would Dashlane prevent you from going past the login screen?

          -Malaika

          • Jean Rhoades

            Dashlane prevents me from going past the login screen

          • Thanks for following up Jean.

            So the good news is that we’ve ruled out the possibility of this being a bug in the system. I’ve also confirmed with our Support team that you did upgrade to Premium a few days ago, however, we do believe that the problem lies in your Master Password. Since we don’t store or have access to anyone’s Master Password, there’s not much we can do on our end to retrieve or reset it.

            To be absolutely sure, I checked with our Engineering team and confirmed that we haven’t had any reported bugs or issues related to users’ Master Passwords upon upgrading their account.

            I know this news is frustrating, but before attempting to reset your account, try logging into our Web app again on different devices. I know you’ve tried this before, but since your account is Premium, you should be able to access our Web App on any device. If you can’t get past the login screens, that’s a sign that the issue is an incorrect Master Password.

            If all else fails, you can reset your account. Instructions on how to do so are here: https://support.dashlane.com/hc/en-us/articles/202698981 I’d be more than happy to spend some time helping you get your account up and running again, and give you some tips to make sure you’ll never forget your Master Password again.

            Please keep me posted.

            -Malaika

          • Jean Rhoades

            I appreciate your attempt to resolve my issue. How do I go about getting a refund and closing my account?

          • I’m really sorry I couldn’t help. I’ll have someone on my Support team send you an email about receiving a refund and closing your account.

            -Malaika