The US Could Finally Ban Inane Forced Password Changes

Researchers recovered a vulnerability successful a Kia web portal that allowed them to way millions of cars, unlock doors, honk horns, and adjacent commencement engines successful seconds, conscionable by speechmaking the car's licence plate. The findings are the latest successful a drawstring of web bugs that person impacted twelve of carmakers. Meanwhile, a fistful of Tesla Cybertrucks person been outfitted for war and are virtually being-battle tested by Chechen forces warring successful Ukraine arsenic portion of Russia’s ongoing invasion.

As Israel escalates its attacks connected Lebanon, civilians connected some sides of the struggle person been receiving ominous substance messages—and authorities successful each state are accusing the different of intelligence warfare. The US authorities has progressively condemned Russia-backed media outlets similar RT for moving intimately with Russian intelligence—and galore integer platforms person removed oregon banned their content. But they’re inactive influential and trusted alternate sources of accusation successful galore parts of the world.

And there's more. Each week, we circular up the privateness and information quality we didn’t screen successful extent ourselves. Click the headlines to work the afloat stories. And enactment harmless retired there.

New Digital Identity Guidelines Strike Back astatine Dreadful Password Policies

A caller draught of the US National Institute of Standards and Technology's “Digital Identity Guidelines” yet takes steps to destruct reviled password absorption practices that person been shown to bash much harm than good. The recommendations, which volition beryllium mandatory for US national authorities entities and service arsenic guidelines for everyone else, prohibition the signifier of requiring users to periodically alteration their relationship passwords, often each 90 days.

The argumentation of regularly changing passwords evolved retired of a tendency to guarantee that radical weren't choosing easy guessable oregon reused passwords; but successful practice, it causes radical to take elemental oregon formulaic passwords truthful they volition beryllium easier to support way of. The caller recommendations besides prohibition “composition rules,” similar requiring a definite fig oregon premix of superior letters, numbers, and punctuation marks successful each password. NIST writes successful the draught that the extremity of the Digital Identity Guidelines is to supply “foundational hazard absorption processes and requirements that alteration the implementation of secure, private, equitable, and accessible individuality systems.”

DOJ Indicts Alleged Iranian Hackers Over Trump Campaign Breach

The US Department of Justice unsealed charges connected Friday against 3 Iranian men who allegedly compromised Donald Trump’s statesmanlike run and leaked stolen information to media outlets. Microsoft and Google warned past period that an Iranian state-sponsored hacking radical known arsenic APT42 had targeted some the Joe Biden and Donald Trump statesmanlike campaigns, and successfully breached the Trump campaign. The DOJ claims the hackers compromised a twelve radical arsenic portion of its operation, including a journalist, a quality rights advocate, and respective erstwhile US officials. More broadly, the US authorities has said successful caller weeks that Iran is attempting to interfere successful the 2024 election.

“The defendants’ ain words made wide that they were attempting to undermine erstwhile President Trump’s run successful beforehand of the 2024 U.S. statesmanlike election,” Attorney General Merrick Garland said astatine a property league connected Friday. "We cognize that Iran is continuing with its brazen efforts to stoke discord, erode assurance successful the US electoral process, and beforehand its malign activities.”

Irish Regulator Fines Meta More Than $100 Million Over 2019 Password Lapse

The Irish Data Protection Commission fined Meta €91 million, oregon astir $101 million, connected Friday for a password retention lapse successful 2019 that violated the European Union's General Data Protection Regulation. Following a report by Krebs connected Security, the institution acknowledged successful March 2019 that a bug successful its password absorption systems had caused hundreds of millions of Facebook, Facebook Lite, and Instagram passwords to beryllium stored without extortion successful plaintext successful an interior platform. Ireland's privateness watchdog launched its probe into the incidental successful April 2019.

“It is wide accepted that idiosyncratic passwords should not beryllium stored successful plaintext, considering the risks of maltreatment that originate from persons accessing specified data," Irish DPC lawman commissioner Graham Doyle said successful a statement. “It indispensable beryllium borne successful caput that the passwords, the taxable of information successful this case, are peculiarly sensitive, arsenic they would alteration entree to users’ societal media accounts.”

The Tor Project and the Tails Privacy Operating System Are Merging

The integer anonymity nonprofit the Tor Project is merging with privacy- and anonymity-focused Linux-based operating strategy Tails. Pavel Zoneff, the Tor Project’s communications director, wrote successful a blog station connected Thursday that the determination volition facilitate collaboration and trim costs, portion expanding some groups' reach. “Tor and Tails supply indispensable tools to assistance radical astir the satellite enactment harmless online,” helium wrote. “By joining forces, these 2 privateness advocates volition excavation their resources to absorption connected what matters most: ensuring that activists, journalists, different at-risk and mundane users volition person entree to improved integer information tools.”