Amid major breaches at DoorDash, Logitech, and Microsoft Azure, the FCC has rolled back rules meant to keep telecom networks secure—right when we need them most.
It’s not often we see such a stark contrast between the urgent need for better security and the people in charge choosing to ignore it, yet here we are. In the same week that DoorDash was breached, Logitech customer data was compromised, and a 15.7 Tbps DDoS attack targeted Microsoft Azure, the FCC decided to rescind rules requiring telecoms to secure their networks.
If that’s confusing to you, well, it’s confusing to us, too. The usual semantics are at play in the FCC’s decision, so definitely check out the whole story, but the bottom line is that in a time where security is more important than ever, regulators charged with making sure tech companies actually care about it are less interested in doing so.
We’ve also seen how lax security at the platform or telecomm level can have real-world consequences. For example, DDoS attacks like the one that hit Azure this week (traced back to the Aisuru botnet, which targeted Cloudflare with a record-breaking 22 Tbps attack in September) or ransomware attacks can seem impossible to fight, but that’s not the case for people impacted by them. For example, we reported that a beloved community movie theater in Portland was hit with a ransomware attack this week, not because it was specifically targeted, but because ransomware attacks exploit any vulnerability they can find.
Meanwhile, have you updated Chrome recently? You should. Google has warned of a “high-severity bug” affecting the browser and has issued an immediate update. While there’s no evidence that the vulnerability has been exploited, it has been circulating on forums discussing how to do so. Therefore, it is recommended to protect yourself now and update. Also, if your passwords are as bad as the ones in this recent report, it’s time for you to get a password manager and fix that. Having a password like “12345” or “admin” is as bad as having no password at all.
Finally, AI-powered age verification is being introduced to the platforms and services you use, despite warnings from users and privacy experts against it. In our story, we spoke to representatives from Spotify and YouTube, two companies planning to use it, as well as privacy experts from the EFF and other companies (including Aylo, owners of Pornhub) who think users would be better served by using on-device age verification and content filtering instead.
