Ubiquiti breach puts countless cloud-based devices at risk of takeover

Enlarge (credit: Getty Images) Network devices maker Ubiquiti has been covering up the severity of a data breach that puts customers’ hardware at risk of unauthorized access, KrebsOnSecurity has reported, citing an unnamed whistleblower inside the company. In January, the maker of routers, Internet-connected cameras, and other networked devices, disclosed what it said was “unauthorized …

How to achieve smart home nirvana (or, home automation without subscription)

What comes to mind when you think of a smart home? Wi-Fi enabled light bulbs, video doorbells, cloud-connected robot vacuums, or smart fridges perhaps? Brands like Google/Nest or everything enabled with Amazon’s Alexa? While often providing some genuine convenience, these devices are also usually designed to invite and lock users into manufacturers’ ecosystems. Create a …

Android sends 20x more data to Google than iOS sends to Apple, study says

Enlarge / Insomnia people and mobile-addiction concepts. (credit: Getty Images) This post has been updated to report objections researcher Doug Leith had to Google’s critique of his research. Whether you have an iPhone or an Android device, it’s continuously sending data including your location, phone number, and local network details to Apple or Google. Now, …

Nike sues over “Satan Shoe,” disavowing all connection to soul soles

Enlarge / The shoes—and the marketing for them—are definitely committed to their aesthetic. (credit: MSCHF) Nike is suing the company behind a viral, limited-edition custom shoe, arguing that the unauthorized custom work dilutes its brand and creates a false impression that Nike approves the controversial design. The Satan Shoe, a collaboration between a company called …

Hackers backdoor PHP source code after breaching internal git server

Enlarge (credit: BeeBright / Getty Images / iStockphoto) A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said. Two updates pushed to the PHP Git server over the weekend added …

The massive cargo ship that blocked the Suez Canal is now moving again

A handout picture released by the Suez Canal Authority on March 24, 2021 shows a part of the Taiwan-owned MV Ever Given, a 400-meter- (1,300-foot-) long and 59-meter-wide vessel, lodged sideways and impeding all traffic across the waterway of Egypt’s Suez Canal. [credit: Suez Canal Authority/HO/AFP via Getty Images ] After nearly a week of …

New Android malware with full range of spying capabilities has been found

Enlarge (credit: Getty Images) Researchers have discovered a new advanced piece of Android malware that finds sensitive information stored on infected devices and sends it to attacker-controlled servers. The app disguises itself as a system update that must be downloaded from a third-party store, researchers from security firm Zimperium said on Friday. In fact, it’s …

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

Enlarge / FreeBSD’s core development team, for the most part, does not appear to see the need to update their review and approval procedures. (credit: Aurich Lawson (after KC Green)) At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol, …

OpenSSL fixes high-severity flaw that allows hackers to crash servers

Enlarge (credit: Getty Images) OpenSSL, the most widely used software library for implementing website and email encryption, has patched a high-severity vulnerability that makes it easy for hackers to completely shut down huge numbers of servers. OpenSSL provides time-tested cryptographic functions that implement the Transport Layer Security protocol, the successor to Secure Sockets Layer that …