Tech and AIThe Official DOGE Website Launch Was a Security Mess

The Official DOGE Website Launch Was a Security Mess

-


As well as being insecure, the DOGE website heavily leans on X, the social media platform owned by Musk. DOGE’s homepage is a feed of its own X posts, but it also uses code that directs search engines to X.com instead of DOGE.gov, a WIRED review of the site found. “This isn’t usually how things are handled, and it indicates that the X account is taking priority over the actual website itself,” one developer told WIRED.

Chinese TikTok alternative RedNote gained around 700,000 US users and courted American influencers when the ban on TikTok loomed in January. While many of those people may have only used RedNote for a few days, a new analysis from the University of Toronto’s Citizen Lab has highlighted how a lack of encryption could have opened up US users to “surveillance by any government or ISP [Internet Service Provider], and not just the Chinese government.”

The analysis of RedNote found a host of network security issues in both its Android and iOS apps. RedNote fetched images and videos using HTTP connections, not the industry standard and encrypted HTTPS; some versions of the app contained a vulnerability that allows an attacker to have “read” permissions on a phone; and it “transmitted insufficiently encrypted device metadata.” The flaws were contained in RedNote’s app and several third-party software libraries that it uses. Citizen Lab reported the issues to the companies starting in November 2024 but has not heard back from any of them.

The security researchers say that the vulnerabilities could risk surveillance for all users, including those in China. “As the Chinese government might already have mechanisms to lawfully obtain detailed data from RedNote about their users, the issues that we found also make Chinese users especially vulnerable to surveillance by non-Chinese governments,” the research says.

It underscores that within China even widely used apps may not meet the same security standards as those developed outside the country. “Applications that are popular in China often use no encryption, proprietary encryption protocols, or use TLS without certificate validation to encrypt sensitive data,” the analysis says.

Over the last two weeks, US spy planes have flown at least 18 missions around the Mexico border, analysis from CNN has shown. The flights mark a “dramatic escalation in activity,” the publication reports, and come as the Trump administration has designated drug cartels as terrorist organizations and has turned the nation’s security apparatus toward deporting millions of migrants. According to CNN, various military planes, including Navy P-8s and a U-2 spy plane, were used in the operations and are capable of collecting both imagery and signals intelligence. Also this week, US Immigration and Customs Enforcement has advertised new contracts that would allow it to monitor “negative” social media posts that people make about it.

Last month, the UK government hit Apple with a secret order demanding the company create a way to access data stored in encrypted iCloud backups. The order, called a Technical Capability Notice and issued under the UK’s controversial 2016 surveillance law, was first reported by The Washington Post last week. Since then, there’s been a growing backlash against the demands from the UK government, with many highlighting how a change would impact the security of millions around the world.

US senator Ron Wyden and representative Andy Biggs have sent a letter to Tulsi Gabbard, the new director of national intelligence, saying the order undermines trust between the US and UK. “If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK,” the pair said, drawing comparisons to the Chinese-linked Salt Typhoon hacks of US telecom firms that utilized a surveillance “backdoor.” Since details of the order emerged, Human Rights Watch has called it an “alarming overreach,” while 109 civil society organizations, companies, and other groups signed an open letter saying the “demand jeopardizes the security and privacy of millions.”



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Taking A Look At 2 Underdog Cryptos: When Will Crypto Go Back Up?

When will crypto go back up? Bitcoin, Ethereum, and Cardano consistently rank as the top cryptocurrencies by market...

Donald Trump Held Another Million-Dollar ‘Candlelight’ Dinner—With Elon Musk in Tow

An invitation to a “candlelight” dinner held this past Saturday at President Donald Trump’s Mar-a-Lago club asked prospective...

Poll: Low Support for Federal Crypto Spending; White House Fact Sheet Contradicts Survey

A recent survey by Data for Progress found that only about 10% of US voters want the Trump...

No Strategic Bitcoin Reserve in South Korea: Report

The United States government may be keen on owning and maintaining a digital asset stockpile, but not all...

Advertisement

Google revives talks to acquire Wiz at higher valuation

Google’s parent company Alphabet is again in advanced talks to acquire cloud cybersecurity startup Wiz, a person familiar...

Solana’s 5th birthday highlights explosive growth and trading activity: Mercuryo

As Solana celebrates its fifth anniversary,...

Must read

Taking A Look At 2 Underdog Cryptos: When Will Crypto Go Back Up?

When will crypto go back up? Bitcoin, Ethereum,...

Donald Trump Held Another Million-Dollar ‘Candlelight’ Dinner—With Elon Musk in Tow

An invitation to a “candlelight” dinner held this...

You might also likeRELATED
Recommended to you