As Internet enshittification marches on, here are some of the worst offenders
Ars staffers take aim at some of the web’s worst predatory practices.
Addded Feb 5, 2025
Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-verified advertiser + legit-looking URL + valid TLS cert = convincing lookalike.
Addded Oct 19, 2023
Zodiac Killer cipher is cracked after eluding sleuths for 51 years
Northern California serial murderer sent encoded messages that went uncracked until now.
Addded Mar 22, 2022
Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet
"Minecraft" is the first, but certainly not the last, app known to be affected.
Addded Dec 13, 2021
Google Play apps downloaded 300,000 times stole bank credentials
Crooks find new ways to prevent Google from detecting malicious packages.
Addded Nov 30, 2021
Apple brass discussed disclosing 128-million iPhone hack, then decided not to
Emails entered into Epic Games lawsuit show execs contradicting Apple talking points.
Addded May 9, 2021
When coffee makers are demanding a ransom, you know IoT is screwed
Watch along as hacked machine grinds, beeps, and spews water.
Addded Sep 27, 2020
A bevy of new features makes iOS 14 the most secure mobile OS ever
Behold: The useful and not-so-useful privacy features you've been waiting for.
Addded Sep 21, 2020
Bridgefy, the messenger promoted for mass protests, is a privacy disaster
Researchers notified the company in April of serious flaws that have yet to be fixed.
Addded Aug 24, 2020
Uncovered: 1,000 phrases that incorrectly trigger Alexa, Siri, and Google Assistant
“Election” can trigger Alexa; “Montana” can trigger Cortana.
Addded Jul 2, 2020
Medical device 'jailbreak' could help solve the dangerous shortage of ventilators
Manufacturer says conversion requires “significant rework.” Airbreak suggests otherwise.
Addded Apr 14, 2020
5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable
Converged Security and Management Engine flaw may jeopardize Intel's root of trust.
Addded Mar 6, 2020
Alexa and Google Home abused to eavesdrop and phish passwords
Amazon-- and Google--approved apps turned both voice-controlled devices into "smart spies."
Addded Oct 21, 2019
Vimeo collected detailed facial scans without consent, lawsuit alleges
Service Vimeo acquired in April allegedly collects facial data in violation of Illinois law.
Addded Sep 26, 2019
Protocol found in webcams and DVRs is fueling a new round of big DDoSes
WSD is supposed to be confined to local networks. It's not, and researchers are concerned.
Addded Sep 18, 2019
Airline tracks Twitter user's real-world ID, publishes her flight number
Southwest Airlines finally relents, after first insisting flight numbers aren't PII.
Addded Aug 9, 2019
My browser, the spy: How extensions slurped up browsing histories from 4M users
Have your tax returns, Nest videos, and medical info been made public?
Addded Jul 18, 2019
The radio navigation planes use to land safely is insecure and can be hacked
Radios that sell for $600 can spoof signals planes use to find runways.
Addded May 15, 2019
A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates
Certificates with 63-bit serial numbers touch off mass revocation blitz.
Addded Mar 12, 2019
Internet watchdog Citizen Lab targeted in comically inept undercover sting
Goons quiz researchers about their work exposing Israeli exploit seller NSO Group.
Addded Jan 28, 2019
Monster 773 million-record breach list contains plaintext passwords
Widely circulated "Collection #1" was used in automated credential stuffing attacks.
Addded Jan 17, 2019
Strange snafu misroutes domestic US Internet traffic through China Telecom
Telecom with ties to China's government misdirected traffic for two and a half years.
Addded Nov 6, 2018
In-vehicle wireless devices are endangering emergency first responders
Gateways are supposed to make cops safer. Many leak their locations in real time.
Addded Aug 9, 2018
Russia reportedly stole NSA secrets with help of Kaspersky--what we know now
Proven or not, the accusations almost certainly mean the end of Kaspersky as we know it.
Addded Oct 6, 2017
Wanted: Weaponized exploits that hack phones. Will pay top dollar
Exploit broker Zerodium ups the ante with $500,000 to target Signal and WhatsApp.
Addded Aug 23, 2017
Advanced CIA firmware has been infecting Wi-Fi routers for years
Latest Vault7 release exposes network-spying operation CIA kept secret since 2007.
Addded Jun 19, 2017
Forty years gone: I was 12 when a Led Zeppelin concert turned into a riot
Reliving my first rock concert four decades later.
Addded Jun 4, 2017
Spotify is writing massive amounts of junk data to storage drives
Streaming app used by 40 million writes hundreds of gigabytes per day.
Addded Nov 11, 2016
Why the silencing of KrebsOnSecurity opens a troubling chapter for the 'Net
“Free speech in the age of the Internet is not really free,” journalist warns.
Addded Sep 23, 2016
How the NSA snooped on encrypted Internet traffic for a decade
Exploit against Cisco's PIX line of firewalls remotely extracted crypto keys.
Addded Aug 22, 2016
Hackers invade Dems' servers, steal entire Trump opposition file
Intrusion was so thorough it exposed almost a year's worth of e-mail and chats.
Addded Jun 15, 2016
Why Algebraic Eraser may be the riskiest crypto system you've never heard of
Researchers say there's a fatal flaw in proposed "Internet of Things" standard.
Addded Nov 18, 2015
NSA Dreams Of Smartphones With 'Split' Crypto Keys Protecting User Data
National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones.
Addded Apr 14, 2015
Powerful worm on Twitter unleashes torrent of out-of-control tweets
Twitter on Wednesday was briefly overrun by a powerful computer worm that caused tens of thousands of users to tweet a message that contained self-propagating code exploiting a bug in the TweetDeck app. In less than an hour, the cross-site scripting (XSS) attack caused at least 37,000 users to retweet a single message originally transmitted by the user @derGeruhn.
Addded Jun 12, 2014
How Fandango and Credit Karma exposed millions of smartphone users’ data
Developers of two popular smartphone apps- Fandango and Credit Karma -have been caught transmitting passwords, social security numbers, birth dates, and other highly sensitive user data over the Internet without properly encrypting it first, officials with the Federal Trade Commission said.
Addded Mar 28, 2014
Addded Nov 28, 2013