Skip to Content

Data Sheet—Saturday, January 21, 2017

President Trump began his new job and, at the insistence of the Secret Service, finally ditched his old cell phone for something more secure. Trump’s reported reluctance to part with his Android device was not unusual—people in power, like most of us, prefer convenience over security.

The tech-loving President Obama, for instance, complained on TV that his POTUS-edition smartphone didn’t have popular Internet features. (As for Hillary Clinton, her IT operations included not just that infamous server but also aides who smashed her old BlackBerries with hammers).

When it comes to the U.S. president, though, there’s no room for balance between security and ease-of-operations: Security is paramount. But for almost everyone else, including the thousands of women descending on Washington D.C. to protest on Saturday, there’s a case for convenience.

Not everyone is willing to acknowledge this, however, and one result is misinformation among women in Washington about the popular messaging app WhatsApp. Specifically, an irresponsible news article has reportedly led protest leaders to warn that WhatsApp contains a “backdoor” and is not a secure way to communicate.

The WhatsApp allegation is false. While the app does contain a security hole—an “attack surface” in hacker parlance—it’s a tiny one that can only be exploited in very unusual circumstances. What’s more, the hole reflects a design decision by the makers of WhatsApp, who understood that eliminating the risk entirely would make the app less convenient to use, and that people would likely turn to a less secure form of messaging instead.

This is what we must understand when it comes to cyber security for ordinary people: Perfect must not be the enemy of the good. But for President Trump, the stakes are different and nothing less than perfect security will do. Let’s hope Trump, whose previous positions on “the cyber” can charitably be described as contradictory, by now understands that.

Thanks for reading — your usual round-up of cyber items below.

Jeff John Roberts

@jeffjohnroberts

jeff.roberts@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

To the heart of Mirai. This cyber-whodunit starts with extortion and ends with security journalist Brian Krebs pointing the finger at a Rutgers student for unleashing Mirai, the army of zombie IoT machines that wrecked havoc on websites worldwide. We’ll wager the student will soon be seeing a lot of the FBI. (Krebs on Security)

Coinbase cofounder dishes on departure: Fred Ehrsam shares some thoughts on why he left the well-known bitcoin shop, and what life after Coinbase will be. He promises not to name his next venture FredCoin. (Fortune)

A clear Signal for the Trump era. New data from Apptopia suggests Moxie Marlingspike’s tool—long the toast of the crypto crowd—is becoming mainstream. Telegram is still number one, but Signal use has shot up since the election. (Fortune)

It’s called “cartapping.” Services like satellite radio and OnStar are convenient for drivers—and for law enforcement. Court records show police have for years been getting warrants to force the likes of GM and SiriusXM to supply live-tracking of customer locations. (Forbes)

Facebook Forks Out. The social network paid its highest bug bounty ever this month, handing $40,000 to a white hat researcher who discovered an exploit in a third party photo editing tool. (Facebook)

Oh, and hey McDonald’s, Hacker One wants to know where’s your Security@?

Share today’s Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

The most popular item on Fortune’s site this week is a story by Robert about a sneaky Gmail scam that’s fooling all kinds of folks. Careful out there:

Here’s how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

Read more on Fortune.com.

FORTUNE RECON

If You Can’t Beat Russian Hackers, Hire One by Vivienne Walt

Stay Away From This Popular Selfie App by Jeff John Roberts

Oracle Issues ‘Massive’ Security Upgrade by Barb Darrow

Anonymous Tells Donald Trump “He Will Regret the Next 4 Years” by Jonathan Vanian

Wilbur Ross Confirmation: On Trump and Cyber Security by Jen Wieczner

ONE MORE THING

“I’ve got a picture of a dinosaur.” To finish the week on a lighter note, enjoy this video of a UK cyber-security expert trolling the bejesus out of a gang of tech support scammers who had the bad luck to call up and offer to fix his computer. (The Sun)