Image
Our new weekly security roundup series covers the week’s trending topics in the world of information security. In this compilation, we’ll let you know of the latest announcements, reports and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of July 27, 2015:
- A major password-reset exploit was discovered in Valve's Steam, leading to the compromise of numerous accounts, including those of gaming professionals and well-known streamers. The highly popular online gaming platform used by millions across the world acknowledged the "bug" and resolved the issue days later. Valve stated that while account passwords were potentially modified, no passwords were actually revealed.
- After two years, the White House finally responded to – and rejected – a petition calling for President Obama to pardon NSA whistleblower Edward Snowden. The "We the People" petition launched after Snowden's revelations on US government surveillance was signed by more than 167,000 people, surpassing the 100K signatures required to garner a response from the White House. "He should come home to the United States, and be judged by a jury of his peers," said Lisa Monaco, the president's homeland security and terrorism adviser, in a statement.
- President Obama has signed an executive order establishing the National Strategic Computing Initiative (NSCI) to research and develop a supercomputer that is estimated to surpass the world's current leading machine in China. The supercomputer would become the first machine to hit 1 exaflop, equivalent to 1,000 petaflops, and is expected to go online by 2025. The White House said the new initiative "is designed to advance core technologies to solve difficult computational problems and foster increased use of the new capabilities in the public and private sectors."
- A DDoS attack took down New York Magazine's website for nearly 12 hours just after it had published a groundbreaking cover story featuring 35 victims of alleged assault by Bill Cosby. According to the Daily Dot, the cyber attack was carried out by a self-proclaimed hacker calling himself ThreatKing. He told the publication his motivations were not to silence the women or the magazine; he just really dislikes the people of New York City. A NY mag publicist said it estimates to have lost more than 500,000 page views during the site crash.
- A politically-motivated hacking group known as 3301 compromised the website of Planned Parenthood not once, but twice this week. The distributed denial of service (DDoS) attacks took down the site momentarily, as the "anti-abortion extremists" leaked a list of credentials, including hashed passwords, online. Planned Parenthood chose to take its site back offline for a day to "ensure they were fully protected," stated Executive Vice President Dawn Laguens. The act is one of many controversies the organization has been facing lately.
- The newly debuted Windows 10 automatically makes Microsoft Edge the default browser, even for users updating from a system that previously used Firefox or Chrome. This didn't sit well with Mozilla CEO Chris Beard, who called the new browser experience "very distributing." In an open letter to Satya Nadella, Microsoft's CEO, Beard claimed that the aggressive move stripped users of their choices, and ignored Mozilla's previous calls for keeping the default during the upgrade process.
- Security researchers discovered two critical vulnerabilities affecting Android phones this week. The "Stagefright" vulnerability, present in Nexus devices, could allow hackers to remotely execute code using a specially crafted message delivered via MMS. Soon after Google issued a security update, a new bug capable of rendering an Android device unresponsive (silent and unable to make calls, with a lifeless screen) was reported. The vulnerability is said to be present from Android 4.3 Jelly Bean to the current 5.1.1 Lollipop version.
- In other Internet giant news, Google announced a countrywide roadshow across London, Leeds, Boston, Birmingham and Manchester aimed to teach more than 10,000 British internet users how to stay safe and secure online. Hosted by the company's security experts, the free workshops will take place in 30 UK schools beginning this September, covering topics such as safeguarding passwords, updating account settings, finding stolen devices, checking were data is being shared, and more.
