Shocker: Americans Don’t Think Their Data Can Stay Private

So many hacks, so few days in the week to write alarming stories about every one.

So many hacks, so few days in the week to write alarming stories about every one.

This weekend the big news was that the Senate failed to follow the House's lead to pass a bill reforming NSA surveillance. Instead, they squabbled at the absolute last minute until the early hours of the night, and eventually achieved nothing. As a result, the NSA's bulk collection of telephone data from US telecoms is actually on hold, in anticipation of parts of the Patriot Act sunsetting next week. So even if they didn't mean to, the Senate managed to curb NSA spying....for a few days. But there was lots of other news this week, big and small. Every weekend, WIRED Security roundups the security vulnerabilities and privacy updates that didn’t quite rise to our level for in-depth reporting this week, but deserve your attention nonetheless.

To read the full story linked in each summarized post below, click on the headlines. And be safe out there!

Talk about a breach of personal information. Britain's Channel4 news revealed Thursday that the often-NSFW dating site Adult Friendfinder was hit by hackers in March, who stole nearly 4 million users' information and leaked it on an underground forum. No credit card data seems to have been taken in the breach, but the exposure for many users is even more sensitive. The data reveals not only the users' email addresses and username, but their sexual orientation, advertised fetishes, and in some cases even whether they're attempting to cheat on a spouse. The data, according to Channel4, even includes that of users who thought they had previously deleted their account.

Have you visited Kim Kardashian's personal Web site lately? No? Congratulations. Not only does that mean you probably make generally wise life choices, you were also not potentially a target for malware that was reportedly infesting her site due to its use of an outdated Word Press plug-in. The Daily Dot reports that researchers in April uncovered over a dozen troubling security holes in the reality TV star's site that could have enabled suspicious files to be downloaded from the site. Our advice? Maybe just don't download stuff from Kim Kardashian's web site as a rule.

The Intercept reported this week that the NSA, along with counterpart spy agencies in tCanada, the United Kingdom, New Zealand and Australia, had plans to hijack the apps stores of Samsung and Google in order to infect smartphones with spying software. The news comes by way of a top secret document given to The Intercept by whistleblower Edward Snowden. The Intercept writes:

The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.

The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. ... They were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries.

Just when it seems Americans don't want to pay attention to the privacy concerns raised by Edward Snowden, Pew comes out with a series of surveys finding that, in fact, 93-percent of people in the US care deeply about being control of their own data and that only 6 percent believe the government is able to keep their information secure. Other interesting takeaways? "Sixty-five percent of American adults believe there are not adequate limits on the telephone and internet data that the government collects." Though it's clearly upsetting news that people in the U.S. can't trust government agencies to protect their privacy, it isn't news, and it's comforting on some level that at least people are paying attention.

For years, many American hackers have run a tidy side business in selling their secret intrusion techniques known as zero-days to governments---including foreign ones. Now the Commerce Department may be clamping down on that underground industry. Through new regulations it's proposed as changes to the international agreement called the Wassenaar Arrangement, the government agency may be adding hacking tools to the list of "weapons" that Americans can't legally export without special approval. Selling zero-days to "Five Eyes" countries like Australia, Canada and Britain would be less strictly regulated. And the Commerce Department has given the public two months to comment on the proposed new regulations. Expect plenty of hackers to cry foul, arguing that the new regulations would restrict not only security research but also their First Amendment right to free speech.