Data Sheet—Saturday, December 3, 2016
Over the course of Black Friday weekend, I received a couple of strange calendar invites on my personal phone.
The summonses appeared, conveniently, as push notifications linked to my Apple iCal calendar. They read “19.99 Ray-ban&Oakley Black Friday In-Store & Online” and “$49 Michael Kors Black Friday Sale 2016.” Compelling prospects, yes.
Not one to neglect the itch of consumerism during the kickoff of shopping season, I pored over the promotions’ details. A variety of unrelated Gmail, iCloud, Comcast, and MSN email addresses were included on both notes, all alphabetically similar to my own contact information. The appointments came as blasts then. I had not been the only recipient of said “deals.”
One invitation, I noticed, arrived from a fellow called “qcjfu.” The other solicitor was yclept “满咳,” a pair of Chinese characters that Google Translate informed me means, in English, “full cough.” By then I had become, ahem, suspicious.
Responding to an email inquiry, Apple finally burst my bubble. “We are sorry that some of our users are receiving spam calendar invitations,” a spokesperson told me. “We are actively working to address this issue by identifying and blocking suspicious senders and spam in the invites being sent.” Shucks! Junk after all.
If you received similar sham promotions on your iPhone, a word of warning: neither “accept,” nor “decline,” nor reply with a namby-pamby “maybe.” Reacting will only alert the senders that you maintain an active account, opening you to future unwanted solicitations. Instead, disregard them. (Or, if the alerts really bother you, follow the instructions here for a temporary workaround.)
Though Cyber Monday has passed, I share this anecdote to urge you, dear reader, to remain vigilant about online scams during the holidays. Not even this essayist is exempt from targeting.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Meet Trump's security picks. President-elect Donald Trump has begun selecting candidates to serve in his upcoming administration. Those whose mandate falls within the security bailiwick include James Mattis, a retired Marine Corps. General nicknamed "Mad Dog," for Defense Secretary; Michael Flynn, a retired lieutenant general who served briefly under President Barack Obama, for National Security Advisor; and Mike Pompeo, a Kansas congressman on the House Intelligence Committee, for CIA Director. (Associated Press, Reuters)
Millions of Google cloud credentials breached. Fraudsters stole authentication tokens for 1.3 million Android mobile software users, researchers at the Israeli cybersecurity firm Check Point Software Technologies found. The security breach occurred after people downloaded benignly-disguised malicious apps on unauthorized third party app stores. (Fortune)
"Avalanche" halted. Police in 10 countries raided the suspected operators of "Avalanche," one of the world's biggest botnets, or networks of hijacked computers, on Wednesday. Officials said the army of zombie machines, active since 2009, had sent more than a million spam or phishing emails per week. (Reuters)
FBI gains hacking powers. The Federal Bureau of Investigation has been granted new authority to search (read: hack) computers across U.S. jurisdictions with a single warrant. Civil libertarians have decried Rule 41, as the law is known, for its expansion of government surveillance powers. (Fortune)
By the way, we've found the perfect stocking stuffer.
Share today's Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Fortune contributor and IMD business school professor Georges Haour sorts through the controversy over China's new cybersecurity bill—and what it means for U.S. businesses.
China’s new cybersecurity law, expected to take effect next June, could hurt any foreign firm looking to do business in the world’s second-largest economy. Though the law is intended to fight non-Chinese and Chinese hackers, it also requires that foreign companies provide China’s government with potentially sensitive information about network equipment and software. Given the weaknesses of China’s enforcement of laws around intellectual property, it’s easy to see how trade secrets can fall into the hands of Chinese competitors at the expense of the best interests of foreign firms. Read more on Fortune.com
Why Every CEO Should Be Moonlighting as a Hacker, by Valentina Zarya
This Famous iPhone Hacker Is Releasing His Self-Driving Software into the Wild, by Kirsten Korosec
San Francisco Railway 'Never Considered Paying the Ransom' to Hackers, by Robert Hackett
Are Blockchain Patents a Bad Idea?, by Jeff John Roberts
Tech Giants Push Back Against China's New Cybersecurity Bill, by Tekendra Parmar
ONE MORE THING
Fortune's investment advice: Buy cyber. A couple of portfolio managers who spoke to my colleague Jen Wieczner for the latest issue of the magazine, our annual investor's guide, pointed to a handful of tech stocks they believe are relatively cheap and poised for growth next year. Two of their four picks are cybersecurity companies; shoutout to Palo Alto Networks (PANW) and Check Point Software Technologies (CHKP). (Fortune)