What a week! On Monday, police arrested 26-year-old Luigi Mangione and charged him in the murder of UnitedHealthcare CEO Brian Thompson. Mangioneâs five-day run from authorities ended after he was spotted eating at a McDonaldâs in Altoona, Pennsylvania, about 300 miles from Manhattan, where Thompson was gunned down on the morning of December 4. Authorities say they found Mangione carrying fake IDs and a 3D-printed âghost gun,â the model of which is known as the FMDA, or âFree Men Donât Ask.â
Meanwhile, a flood of mysterious drone sightings across New Jersey and neighboring states caused so much havoc, it quickly gained federal attention. While many people wondered why the US military couldnât just shoot down the drones, the FBI, Department of Homeland Security, and independent experts say the drone mystery may not be much of a mystery, and the drones are probably mostly just airplanes.
As for more terrestrial threats, we dove into the far-right realm of âActive Clubs,â small groups of young, fitness-focused men who are steeped in extremist ideology and linked to several violent attacks. While the man who helped invent the Active Club network, Robert Rundo, was sentenced in federal court this week, Active Clubs around the world are proliferating.
Finally, we investigated cheating schemes that use tiny cameras to gain an illicit edge in poker, and we interrogated the ways humans will use generative AI to make the world a more dangerous place.
But thatâs not all. Each week, we round up the privacy and security news we didnât cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Back in May, Microsoft jubilantly announced Recall, an AI feature for some Windows PCs that silently takes screenshots every five seconds and then allows you to easily search through the resulting digital footprint. Forgotten where you saw a recipe online? Tapping a couple of keywords into Recall could, in theory, find the dish again. It didnât take long for the privacy and security community to find gaping holes in the feature.
In response, Microsoft delayed Recallâs launch and eventually made some significant changesâsuch as making Recall opt-in rather than on by default, better encrypting information captured by Recall, and adding authentication to access data that it stored. Recall finally launched for some users this month.
However, this week, testing of Recall by Tomâs Hardware demonstrated that a key safeguard put in place by Microsoft can still fail. With a Recall setting called âfilter sensitive informationâ turned on, Tomâs Hardwareâs tests found that it still took screenshots of some sensitive informationâsuch as credit card numbers and Social Security numbers. When the publication typed a credit card number and a username and password into a Notepad window, they were gathered in the screenshots. âSimilarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that,â Avram Piltch writes. The tool, however, didnât record details when they were entered on a couple of online stores.
