TIME Music

Madonna Calls New Album Leak ‘A Form of Terrorism’

56th GRAMMY Awards - Arrivals
Singer Madonna arrives at the 56th GRAMMY Awards at Staples Center on January 26, 2014 in Los Angeles, California. Axelle/Bauer—FilmMagic

The pop star took to social media to blast hackers

Madonna did not respond well to the news that eleven songs from her upcoming album had been leaked. The album, which was still without an official title or release date, was leaked earlier this week, prompting the pop star to vent on social media.

“This is artistic rape!! These are early leaked demos, half of which won’t even make it on my album,” Madonna wrote in a now-deleted Instagram post on Wednesday. “The other half have changed and evolved.” She continued: “This is a form of terrorism. Wtf!!!! Why do people want to destroy artistic process??? Why steal? Why not give me the opportunity to finish and give you my very best?”

She also posted a less angry message to Instagram, thanking fans for their “loyalty”:

[Billboard]

TIME Innovation

These Jeans Block Hackers From Stealing Your Stuff

BetaBrand RFID blocking pants
BetaBrand RFID blocking pants Jason Van Horn—Betabrand

Norton anti-virus technology is now available in stretch denim

A wearable tech firm has joined forces with Norton to develop a new pair of jeans that prevent “digital pickpockets” from scanning your credit cards and passports as you walk by.

The pockets in Betabrand’s “Ready Active Jeans” are lined with a specially designed fabric that blocks RFID (radio-frequency identification) signals, which are used in a growing number of credit cards and passports to enable secure wireless scanning. Betabrand, however, says identity thieves armed with handheld scanners have exploited the technology in upwards of 10 million heists a year.

“That’s why we partnered with with global information-protection authority Norton to create the world’s first RFID-blocking jeans,” Betabrand wrote in an announcement of the new jeans.

The jeans are currently selling for $151, and can be purchased with a matching, RFID-repellant blazer. Machine wash cold.

TIME hackers

Sony Was Also Hacked a Year Ago but Didn’t Say Anything

Sony Hack
The Sony Corp. logo is displayed outside the company's showroom in Tokyo on Oct. 30, 2013 Bloomberg/Getty

Sony kept mum about security vulnerabilities it noticed in February, almost a year before hackers began tossing large volumes of the company's private data around the Internet

Sony Pictures Entertainment appears to have known that its servers were vulnerable for at least a year before the recent hacking fiasco, Gawker reports.

In emails dated Feb. 12, 2014, Sony’s vice president of legal compliance, Courtney Schaberg, tells her colleagues that a Sony server may have been hacked. Yet Schaberg goes on to say in the email that she would “recommend against providing any notification to individuals.”

Anonymous hackers have been disseminating Sony’s corporate data since last month, including an embarrassing set of emails between Sony co-chairperson Amy Pascal and producer Scott Rudin. In the emails, Rudin calls Angelina Jolie a “minimally talented spoiled brat.”

Read more at Gawker

TIME cybersecurity

The 7 Most Outrageous Things We Learned From the Sony Hack

'The Interview' Barcelona Photocall
Seth Rogen (L) and Evan Goldberg pose during a photocall for their latest film 'The Interview' at the Hotel Mandarin on June 18, 2014 Robert Marquardt—Getty Images

From dissatisfaction with Adam Sandler to embarrassing gender statistics

The breach that crippled Sony at the end of November is not over yet. On Dec. 8, the aliases of 11 Hollywood celebrities were leaked, and internal information continues to leak about about the beleaguered company—from unreleased films to employee salaries to actors’ cover identities. And the hackers responsible are reportedly making increasingly threatening demands on Sony. Dubbed the Guardians of Peace, the hackers have allegedly called for monetary compensation, told Sony to stop the release of The Interview, and threatened employees’ families. Here are 7 of the craziest things hackers hitched from Sony.

Seth Rogen made more money than James Franco for The Interview. The hackers wormed into the studio’s movie budgets, and found that The Interview cost $44 million to make. Rogen is making $8.4 million and Franco is raking in $6.5 million. The two actors are co-stars, but Rogen (who is four years younger) also co-directed the film, which may be the reason for the salary differential.

Some people at Sony are not Adam Sandler fans. Based on a trove of workplace complaints discovered by Gawker, there’s some dissatisfaction with the 48-year-old comedian. “There is a general “blah-ness” to the films we produce. Althought [sic] we manage to produce an innovative film once in awhile, Social Network, Moneyball, The Girl with the Dragon Tattoo, we continue to be saddled with the mundane, formulaic Adam Sandler films,” said one Sony employee. “And will we still be paying for Adam Sandler? Why?”

Only one female Sony employee earns more than $1 million. The $1-million-and-over club at Sony is male and white. Just one woman, co-chair of Sony Pictures Entertainment Amy Pascal, is in the group.

You can watch unreleased Sony movies online. The hackers managed to leak files of major Sony films that are set to be released this year, including Annie, Mr. Turner and Still Alice.

Sylvester Stallone and Judd Apatow’s social security numbers are on the Internet as a result of the hack. So is their compensation, along with the salaries and personal information of a lot of other celebrities.

Tom Hanks, Jessica Alba and Natalie Portman have alter egos …and they sound kind of odd. The stars use aliases to do normal people things. Hanks is “Johnny Madrid,” Tobey Maguire is “Neil Deep,” Jessical Alba is “Cash Money,” Natalie Portman is “Lauren Brown” and Rob Schneider goes by “Nazzo Good.”

A script by the creator of “Breaking Bad” leaked, too. Vince Gilligan, the creator of “Breaking Bad” had an unreleased pilot of in the works, and hackers got a hold of that, too, according to Buzzfeed.

MONEY Workplace

Colleague or Criminal? The Sneaky New Cyberthreat You Face at Work

colleague in thief mask looking over cubicle wall
Ryan McVay—Getty Images

Criminals have upped their game to convincingly impersonate your colleagues via email.

The latest greatest swindlers in the cybercrime racket know you’re onto their digital three-card monte, and they’ve made a few adjustments, putting yet another wrinkle in the corporate-hacking game by targeting top-level employees for major profits.

These hackers appear to be based in North America or Western Europe, and they know a great deal about the companies and industries they’ve been cracking. They could be “white-collar hackers” or just good studies of character. It really doesn’t matter. Here’s what counts: They are hatching schemes so nuanced you may not see the hack that takes out your company till the smoke clears.

These hackers may have worked for your company, or one like it. They are going to know how your teams communicate. They’ll use the lingo and shorthand that you see every day. Emails may be super simple, like, “I need another pair of eyes on this spreadsheet about [term of art only people in your business would know].” They may know what you are likely to be talking about after certain kinds of industry news releases, and they’ll have a good idea of what times of day get busy for you so that you are more distracted and less likely to think before you click.

“The attacks are becoming much more sophisticated than anything we’ve seen before,” says Jen Weedon, a threat intelligence officer at the Silicon Valley-based cybersecurity firm FireEye.

The New York Times reported this week about one such group of hackers targeting senior executives at biotech companies with a goal of garnering insider information to game the stock market.

FireEye has been tracking the group, which they call Fin4—for a year and a half. (The “Fin” designation is assigned by the company to indicate groups where the main goal is to monetize proprietary information.)

“Fin4 has reached a threshold of capability that sets them apart,” Weedon told me during a phone conversation. “They are very thoughtful about who they target. They go after specific companies and are a lot more scoped in their approach.”

Attacks of this kind may start with the studied e-impersonation of trusted colleagues, business associates or anyone from a constellation of contacts—compliance officers, regulators, legal or financial advisers—with the single purpose of getting someone in a senior position to personally, unwittingly hand over the keys to the castle. Once they are in, sensitive—potentially lucrative—information can be accessed and put to use.

“They will send a very convincing phishing email,” Weedon said. “It may prompt a link that looks just like Outlook.” The target enters their credentials to see the attachment, not realizing that they were not in Outlook at all. There may even be a legitimate document on the other side of that fake login page, but it’s a trap. Once the hacker gets into a key person’s inbox, Outlook settings have been reset to send any messages containing the words “hacked” or “malware” directly to the user’s trash folder, thereby giving the cyber-ninja more time in the system to collect information about mergers and acquisitions, compliance issues, press releases, non-public market-moving information—anything that can be used to make a smarter stock market trade.

According to Weedon, the group has been able to infiltrate email accounts at the CEO level.

Once they’ve gained access, the hackers may simply collect everything in the CEO’s inbox or take an attachment found there and plant malware that then spreads throughout the company thereby exposing still more information. The difference here is that the hack relies on legitimate credentials to gain access, so it’s a much lighter touch with potentially much more information being comprised. If the hackers forgo malware, there aren’t necessarily any traces at all of the compromise.

The “old” way these breaches worked—one still very much practiced by Chinese and Russian groups—involved the use of general information, kinda-sorta knowledge of the target’s business and hit-or-miss English. Because there is often less specificity and more variables in these kinds of softer attacks, the dodge is easier to spot. It’s more likely to find a lower-level employee falling for it. In most cases, these targets don’t have the kind of access to information that can cause major damage. Having gained whatever access is possible through their mark, old-school hackers move laterally into the organization’s environment, whether by recording keystrokes to exploit privileged employee credentials or blasting a hole in the company firewall. They might as well be Bonnie and Clyde robbing a bank. The goal is to siphon off information that can be turned into an easy profit, but the process leaves traces.

What’s so worrisome about Fin4 is that they can come and go—gaining access to everything and anything pertaining to your company—and you may never know it. For the numerous healthcare and biotech companies that they targeted, the only real-life consequence could be an advantageous trade that somehow anticipated the announcement of a new drug, or shorted a stock associated with a failed drug trial.

If you are the target of choice, you will have to be exceptionally well trained by a cutting-edge information security professional and completely tuned in to the subtleties of your workflow to avoid getting got. These fraudsters will have at their fingertips the kinds of information that only an insider should know, and the bait they dangle in front of you will be convincing.

While the art is very different, the basic mechanism is the same. Company-killing compromises require human error. While more common hacks rely on a weakest link that can be exploited, the more hackers evolve, the more we all must evolve with them.

More from Credit.com

This article originally appeared on Credit.com.

TIME Innovation

Five Best Ideas of the Day: November 20

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

1. Hacking out of prison: San Quentin inmates are learning to code.

By Charley Locke in EdSurge

2. Your breath could reveal a fake: How a beetle’s camouflage trick might make money harder to counterfeit.

By James Urquhart in Chemistry World

3. Russia has learned there’s a great deal it can get away with in Ukraine.

By Amy Knight in the New York Review of Books

4. Protected areas like wetlands and coral reefs are at highest risk from climate change but can also be part of the solution.

By Adam Markham at the Union of Concerned Scientists

5. A U.S. deal with Iran could reset the Mideast balance of power.

By Patrick Smith in the Fiscal Times

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME Smartphones

U.S. Warns Apple Users About iOS ‘Masque Attack’

Security weakness allows a hacker to replace an iOS app with malware

The U.S. government warned Apple gadget owners Thursday to look out for hackers exploiting a newly revealed vulnerability in the mobile operating system iOS.

The so-called “Masque Attack” was disclosed earlier this week by the network security firm FireEye and allows a hacker to replace an iOS app with malware, according to an alert posted on the website of the U.S. Computer Emergency Readiness Team, which operates under the Department of Homeland Security.

MORE: How to Avoid the ‘Biggest’ iPhone Malware App Attack Yet

“This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data,” the warning states. “This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier.”

The agency warns iOS users not to install apps from sources other than Apple’s official app store or their own organizations, among other precautions.

MONEY identity theft

10 Easy Ways to Protect Your Data in the Cloud

Step up the security around data you upload to the cloud with these 10 useful tips.

While movies have portrayed hackers as both good (The Girl with the Dragon Tattoo) and evil (Live Free or Die Hard), the one thing that is clear is that they can do a good deal of damage.

Several female celebrities, such as Kate Upton, Jennifer Lawrence, and Hayden Panettiere, became victims of malicious hackers, who nabbed several intimate pictures from the celebrities’ cloud storage accounts.

And if you think that this just happens to celebrities, think again. Even common folks like you and me are being exploited by malicious hackers. It is time to step up the security of your data on the cloud with these 10 useful tips.

1. Create a Stronger Password

A strong password is your very first line of defense against anybody trying to hack your account. Unfortunately, your password is usually the weakest link. In fact, 76% of cyber attacks on corporate networks are due to weak passwords.

Strengthen your password using these security tips from Microsoft:

  1. Make the length of your password at least eight characters. If you want to make it absolutely uncrackable use 15 characters or more.
  2. Skip using your real name, last name, or company name.
  3. Don’t build entire words with only letters.
  4. Use a combination of numbers, uppercase and lowercase letters, and symbols (@, #, $, and %), if applicable.
  5. Update passwords regularly and make them significantly different from previous ones.

Using these guidelines, you can create a strong password like this one: ILuv2PlayB@dm1nt()n. By picking characters from the full set of allowed printable characters, you force hackers to guess from 645 trillion possible combinations.

2. Store Your Passwords Securely

That’s not a typo. Yes, you need several passwords. Hackers exploit the fact that about 55% of Internet users use the same password for several services. The last thing that you want is that after your Dropbox account gets hacked, your online banking account becomes the next target.

It goes without saying, keep your password to yourself. Don’t store it on visible places, such as taped to the back of your keyboard or smartphone.

In a perfect world, you would just memorize them. However, a more realistic approach is to keep an offline notebook in a secure place or use a password management application, such as KeePass Password Safe, LastPass, 1Password, or Password Safe.

3. Activate Two-Factor Authentication

On top of your password, you can often add an extra layer of security by activating two-factor authorization (also known as 2FA). Without 2FA, hackers only need your username and password to access your data.

Several cloud-based services, such as Dropbox and Office 365, offer 2FA by sending you a code via text or phone call that you need to access your account. It’s an extra step, but once you’ve set it up on all of your devices, you are good to go.

4. Keep Your Birth Date Private

But don’t just stop there.

  • The name of your first pet
  • Mom’s maiden name
  • Last four digits of your social security number
  • Name of the street that you grew up in

What do these have in common? They’re all potential answers to security questions to retrieve your password or access to your account. When selecting your security questions, make sure that their answers are not a simple Google search away.

Hide your birth date and any other private information from your bio section from any social media sites, online forums, or websites. The more private your personal information is, the less likely that a hacker can find it through search engines.

5. Learn the Process to Report Hackers

Almost every service has a way to submit a report when you think somebody else is using your account. Here is an example from Microsoft.

By investing the time in becoming familiar with the process of recovering access to your account, you are better prepared for the day that you have to rely on this process. This will help you keep some sanity during that stressful time and know what information is necessary.

6. Be Wary of Public Wi-Fi

Over 95% of American commuters use free public Wi-Fi to complete work on the go.

The problem is that about 60% of them admit they will utilize any free Wi-Fi source they can find. Data transfers happening over public Wi-Fi networks aren’t encrypted, so hackers can exploit these public networks to tap into tablets and smartphones.

By setting up “hot spot honeypots,” digital thieves tempt people with the offer of free Internet, and gain access to all kinds of private data. And they’re not doing anything too high tech: hackers just need a $100 device and can be up to 100 feet away from their victims.

Use these strategies when attempting to connect to a public Wi-Fi:

  • Verify the official name of the network with the place offering it. Don’t assume that every business or public space offers free Wi-Fi.
  • Only activate the Wi-Fi feature of your device, when you are about to access a Wi-Fi network that you have verified.
  • If planning to review work files, use your company Virtual Private Network (VPN) network, if one is available. VPN encrypts all your data during your session and and hides the identity of the servers to which you are connected. Depending on the nature of your industry, you may never want to risk viewing company files without a VPN connection.
  • Keep your device’s operating system up to date. For example, Apple is constantly releasing security updates to address system vulnerabilities for iPhones and iPads.

7. Prevent Automatic Upload of Media

If you keep the default settings from cloud storage services, such as iCloud or Dropbox, then all of your photos and videos may be automatically uploaded to the cloud.

If you’re planning to take some photos and videos that are meant for your eyes only, make sure to update the settings of your cloud storage accounts. Nobody can hack for intimate photos or videos if there are none available online in the first place.

  • iPhone Users: To prevent photos from automatically uploading from your iPhone or iPod to your iCloud account, you can go to Settings > iCloud > Photo Stream, and turn off My Photo Stream.
  • Android Users: You need to check any auto-backup settings you can find on individual apps. Some examples of apps uploading media automatically to the cloud are Facebook, Twitter, and Dropbox. Check the settings menu of your apps and disable any photo-syncing that you’re not comfortable with.

8. Backup Your Media Offline

While it is important to prevent undesired media from ending up in the cloud, it is equally important to backup the data that is important to you. An offline backup of your media is not only important for when your phone is lost, stolen, or severely damaged, but also for when somebody hacks into your cloud account and deletes all of your data!

Most smartphones provide a way to back up your device’s media that is not cloud-based and that can be stored in your personal computer. For example, Apple devices can leverage iTunes to create backups, and Samsung devices can backup through the Kies software.

9. Beware Fake Messages

If you use cloud based storage services, be on the lookout for phishing emails.

These emails may look like real messages from the developers of the service, but they are not. Hackers are trying to trick you into providing your personal information.

Here are some red flags to watch out for:

  • The spelling of the sender’s email is funny looking. For example, instead of xxx@dropbox.com, it reads xxx@dropboxx.com or xxx@drop-box.co.
  • The hyperlinked URLs have misleading domain names. For example, if you hover over a link, you notice that instead of going to the apple.com domain, it goes to apple-com.info.
  • The message contains plenty of misspellings or typos.
  • You are asked to submit your password or personal information, such as mailing address, phone number, or social security number, via email.
  • The message includes a form in Word or PDF format for you to fill out.
  • You’re asked for money to cover for expenses.

If you see any of these red flags, don’t click on any of the links, and delete the email immediately.

10. Delete What You Don’t Want Anybody to See

In an era of potentially unlimited storage through the cloud, we are tempted to keep everything.

  • THOSE pictures from your bachelorette party,
  • Intimate videos or sexts with your current or past partners,
  • Progress pictures when you started your diet,
  • Financial or tax documents over 5-years old, or
  • Scanned copies of IDs from several years ago.

If you don’t want anybody else getting their hands on your data, delete it. This is the only way that you can be sure.

Read more articles from Wise Bread:

MONEY identity theft

Here Are the Companies That Have Been Hacked — And What to Do If You’re a Customer

You're not just imagining it: Lately, a new data breach has been reported almost every week. Here's how to find out if your information has been exposed.

By mid-October, the Identity Theft Resource Center had already identified more data breaches this year than it had in all of 2013. In other words, it’s more likely than not that some of your personal information has been compromised. “There are two kinds of consumers — there are those who know they’ve been breached, and those who don’t,” says ITRC president and CEO Eva Velasquez.

Source: Identity Theft Resource Center. Data as of Oct. 30, 2014.

Many Americans are in the first camp. According to a new Gallup poll, 27% of Americans say their credit card information has been stolen in the past year, and 11% say their computer or smartphone has been hacked. And the rest are scared: Almost 70% of Americans worry that hackers will steal their credit card numbers from retailers, and 62% worry that hackers will target their personal devices.

It’s hard to say whether there has really been an increase in the number of data breaches, or we’ve just gotten better at detecting and reporting incidents, Velasquez says. Either way, the outdated magnetic stripe technology in the United States probably makes it too easy for hackers to run off with your credit card number.

“Thieves are going to go where it’s easiest to steal,” Velasquez says. “We’ve got the most antiquated technology protecting the actual cards, and we’re the biggest issuer of those cards – we’re a treasure trove.”

At MONEY, we’re tracking the major data breaches that may have exposed your personal information in recent months. Read on to see if you’ve been affected. If so, we’ll walk you through what you need to know about protecting yourself from identity theft.

 

TIME Know Right Now

Know Right Now: White House Computers Hacked

Hackers thought to be working for the Russian government are suspected of breaching White House computers

Russian hackers are suspected of breaching White House computers over the past few weeks, temporarily disrupting services.

The Washington Post reported Wednesday that the White House computer system had been infiltrated, but added that there’s no evidence the hackers had access to classified information or damaged any systems. The White House learned of the breach two to three weeks ago.

The FBI, Secret Service, and NSA are all investigating the breach which shut off Intranet or VPN access. The hack, however, did not manage to down the email system.

 

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser