Zack Whittaker ( @zackwhittaker ) Twitter Profile

zackwhittaker

Zack Whittaker

Security editor @TechCrunch • +1 646.755.8849 • https://t.co/0VXTq7epky • zack.whittaker@techcrunch.com

New York, NY

Joined on 6 August, 2008

http://this.weekinsecurity.com

  • 227 Tweets
  • 64k Followers
  • 993 Following

My boy in his natural habitat: in a box, kicking the shit out of a flapping fish toy.

 68  1  2  Download

Replying to @JA_Davids: Sneezing is one of the most painful things you can do when your spine is messed up. Which is why, when I’m trying not to sne…

 0  0  2

Sneezing is one of the most painful things you can do when your spine is messed up. Which is why, when I’m trying not to sneeze, @zackwhittaker jumps in front of me and claps in my face like he does to our cat when it jumps on the counter.

 33  2  2

Quoted @zseano

How is *no one* questioning @twittersecurity over verified accounts *still* being hijacked? Especially after the previous breach!

Everyday a new account is stolen. 😑

A lot of folks have long advocated Twitter to force all verified accounts to enable two-factor, and yet every day another verified account gets hacked to spread a cryptocurrency scam. (Twitter didn't even force Trump's account to use two-factor, and was hacked — twice.)

 30  3  12

A shout out to @dellcam, @dmehro, @riptari, @josephfcox, @lorenzofb, @yaelwrites, @jeffstone500, @lilyhnewman, @snlyngaas, @campuscodi, and @dangoodin001 who powered the newsletter this week.

 18  0  1

A new edition of ~this week in security~ is out.

• Parler data scraped after Capitol attack
• NSA cyber chief to NSC, Rob Joyce back to NSA
• Muslim prayer app location leaks
• Sex toy hack, ransom
• A new cyber cat

Sign up:

 73  4  24

Replying to @yaelwrites: I profiled security researcher and @WireGuardVPN creator Jason A. Donenfeld (@zx2c4) for @businessinsider.
https://t.co/Gn…

 0  0  51

I profiled security researcher and @WireGuardVPN creator Jason A. Donenfeld (@zx2c4) for @businessinsider.

 123  4  51

Replying to @snlyngaas: .@RGB_Lights coming back Stateside. Read it here first, from @shanvav:

 0  0  10

Replying to @zackwhittaker: New: In December, a critically important domain name used to power the Congo's country top-level domain (.cd) expired. L…

 0  0  65

This should be construed as nothing short of a catastrophic communications failure by Facebook. It has nobody to blame but itself.

 52  5  24

.@RGB_Lights coming back Stateside. Read it here first, from @shanvav:

 24  0  10

If the domain fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites. Clearly, a domain of such importance wasn’t supposed to expire; someone probably forgot to renew it. But nobody ever did.

More:

 18  1  2  Download

New: In December, a critically important domain name used to power the Congo's country top-level domain (.cd) expired. Luckily, a security researcher bought the domain to prevent it falling into the hands of hackers.

 152  6  65

Replying to @NoahShachtman: EXCLUSIVE: Palantir built a COVID-tracker for the Trump admin. But it “had problems from the very beginning. It never fu…

 0  0  307

EXCLUSIVE: Palantir built a COVID-tracker for the Trump admin. But it “had problems from the very beginning. It never functioned in the way we thought it was going to,” said one official. Now, Team Biden may start again from scratch.

 815  83  307

Wow, this kid is awesome. Made even this wizened grumpy fuck smile.

 33  0  7

Replying to @ericgeller: The Labor Department was breached as part of the SolarWinds campaign, but its 12/23 announcement seems to have escaped noti…

 0  0  14

Quoted @ThatEricAlper

When you're overqualified for the job

This never, ever fails to make me laugh.

 123  6  25

The Labor Department was breached as part of the SolarWinds campaign, but its 12/23 announcement seems to have escaped notice. (h/t @snlyngaas)

 26  0  14

Replying to @JennaMC_Laugh: NEW from me: On December 8, a foreign account sent multiple prominent rightwing figures a large Bitcoin donation. Fundin…

 0  0  3,728

NEW from me: On December 8, a foreign account sent multiple prominent rightwing figures a large Bitcoin donation. Funding, including from overseas, a subject of interest to U.S. law enforcement post U.S. Capitol riot:

 5,980  276  3,728

Quoted @TechJournalist

While this is an interesting flaw.. the more important point is that @ring fixed the issue rapidly and there is little if any information the flaw was ever broadly exploited in the wild.
Bugs happen.. what’s more important IMHO is how fast they are found and fixed.

This would be true if Ring bothered to fix the issue a year ago when @dellcam and @dmehro found what appears to be the same flaw (or very similar). Instead, Ring slapped a technical band-aid on the app to simply make the leaking data more difficult to detect.

 24  2  9

Quoted @zackwhittaker

Although users' posts are public, the app doesn't display people's names or precise locations. But the bug made it possible to retrieve the location data and home addresses on users who posted to the app including those who are reporting crimes.

More:

While this is an interesting flaw.. the more important point is that @ring fixed the issue rapidly and there is little if any information the flaw was ever broadly exploited in the wild.
Bugs happen.. what’s more important IMHO is how fast they are found and fixed.

 0  1  1

New: A security bug in Amazon's Ring Neighbors app was exposing the precise location and home address of users who had posted to the app.

 240  9  165

End of content

No more pages to load