Welcome to The Dashlane Tech Check for June 9, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful life hack that will keep you safe and secure all year long.
What in the (security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
iOS 11 will have “Password Autofill for Apps” but it won’t work with password manager apps
During Apple’s annual Worldwide Developers Conference (WWDC), the company unveiled the latest version of its iOS operating system, iOS 11. They also introduced a new feature called “Password Autofill for Apps” which is designed to give you access to passwords right from the app’s login screen.
But there’s a catch. According to TechCrunch, the feature will not work with your preferred password manager, like Dashlane, but it’ll work for passwords stored in Apple Keychain–for now. Dashlane’s CEO Emmanuel Schalit said to TechCrunch: “Because Apple’s keychain has similar functionality in the sense that it stores credentials, we expect them to eventually open their platform to third-party password managers and the massive cross-platform convenience and security advantages that come with them”.
Google developed a school curriculum to help children fight trolls and hackers
Google launched a new educational program called “Be Internet Awesome”, which is designed to help teach kids about internet safety risks, including phishing, online harassment, password management, and more. According to The Verge, the free program includes both a classroom curriculum and a video game called “Interland.”
Twitter users blocked by President Trump seek reprieve and cite the First Amendment
Lawyers for Twitter users blocked by President Trump claim that he doesn’t have a right to exclude them from engaging with his posts under the First Amendment. According to The New York Times, the issues stems from Trump’s use of his Twitter account to make public statements. Lawyers for the blocked Twitter users say that Trump’s Twitter account “operates as a ‘designated public forum’ for First Amendment purposes, and accordingly the viewpoint-based blocking of our clients is unconstitutional,” they wrote in a letter to the president. “We ask you unblock them and any others who have been blocked for similar reasons.”
The blinking lights on your wi-fi router could leak your data
Those blinking lights on your router may not be as benign as they seem. According to Forbes, a team of researchers from Ben-Gurion University in Israel discovered that malware designed to infect a router can modify how the lights blink on your router to transmit a kind of Morse code a hacker can use to steal your data. That malware can also be used to transmit your data via an Internet connection using Tor. If you’re worried about this kind of attack, just make sure to update the firmware on your router or cover up the lights with thick tape.
Russian election hacking was far more widespread than originally known
According to a leaked U.S. intelligence document published by The Intercept, Russian Military Intelligence targeted at least 100 state and local voting officials, and at least one U.S. voting software supplier in spear phishing attacks weeks before Election Day. Although there is no evidence Russian hackers were able to affect the election’s outcomes, it “raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.” According to InfoSecurity Magazine, the document was published just hours before the U.S. Justice Department charged government contractor, Reality Winner, for leaking the information.
Over 60,000 U.S. Department of Defense files found on a publicly accessible Amazon server
InfoSecurity Magazine reports that more than 60,000 U.S. Department of Defense files were publicly accessible in an Amazon S3 repository due to an “unintentional mistake” by a contractor at Booz Allen Hamilton (BAH). Cyber resilience analysts, Dan O’Sullivan, said the data was not password protected, was visible in plaintext, and contained what appeared to be “the Secure Shell (SSH) keys of a BAH engineer, as well as credentials granting administrative access to at least one data center’s operating system.” However, BAH claimed that no classified data was stored in that repository.
Putin suggests “patriotically minded” Russian hackers meddled with the U.S. presidential election
Last week, Russian President Vladimir Putin suggested that “patriotically minded” Russian hackers were involved with meddling in the 2016 presidential election. As The New York Times has pointed out, Putin’s statements are a departure the Kremlin’s previous position: “that Russian had played no role whatsoever in the hacking of the Democratic National Committee and that, after Donald J. Trump’s victory, the United States has become the victim of anti-Russia hysteria among crestfallen Democrats.”
OneLogin’s security chief reveals new information about its data breach
Alvaro Hoyos, One Login’s chief information security officer, answered key questions about its recent data breach to ZDNet. According to ZDNet, a hacker “obtained and used highly-sensitive keys for its Amazon-hosted cloud instance from an immediate host–effectively breaking into its service using its front-door key,” giving the attacker the ability to potentially compromise keys and other secret data, like passwords. The company has advised users to change their passwords, generate new OAuth tokens, new API keys, and new security certificates.
This Week’s Lifehack to Improve Your Security
Following the OneLogin breach, you may have some questions or concerns about the safety and security of password manager in general. We understand, and at Dashlane, we’ve already come up with a better answer: Trust No One. Learn more about how our “trust no one” approach to security will always keep your data safe in the event of a security incident.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.
Also, don’t forget to follow us on Twitter to always be in the know! In our last Tech Check, The U.S. Federal Trade Commission (FTC) did some research on how long it would take for hackers to attempt to use data stolen from a data breach, and the results are shocking!