Speaking at the International Conference on Cyber Security in New York today, Wray complained that in the past year the Feds have seized 7,775 devices that they can't unlock and decrypt. He said the situation was ridiculous, and called on the technology industry to find a solution.

What Wray wants is a secure form of encryption that contains a flaw that only law enforcement can find and exploit. Trouble is, scumbags will no doubt find and leverage it, too.

The crowdsourced website DownDetector found the largest concentration of outages in portions of England, Germany, and virtually all of the Netherlands, as well as parts of Italy, Spain, and Central Europe.

Outages were also reported in many major cities around the world, from Rio de Janeiro to Kuala Lumpur, Tel Aviv, Dubai, Mumbai, and Toronto.

This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers, login managers that allow browsers to remember a user's username and password for specific sites and auto-insert it in login fields when the user visits that site again.

Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information.

The tech is pretty simple. Tracking clients embed a line of code in the body of an email—usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device.

According to OMC's data, a full 19 percent of all “conversational” email is now tracked. That’s one in five of the emails you get from your friends. And you probably never noticed.

The malicious script is being loaded from the "cloudflare.solutions" domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field.

The script is also dangerous when left to run on the frontend. While on most WordPress sites the only place it could steal user data is from comment fields, some WordPress sites are configured to run as online stores. In these instances, attackers can log credit card data and personal user details.

Imagine that all your programs and data were stored in the cloud and that even computationally intensive applications like multimedia editing ran just as well in your browser as they would if they had been installed locally.

Looking back to the original dream of allowing the Web to run all manner of programs just as well as if they had been installed locally, my colleagues and I can see there is still a lot of work left to do. But with WebAssembly, we’re happy to be one giant step closer to that goal.

According to a screenshot of the identity test shared on Twitter on Tuesday and verified by Facebook, the prompt says: “Please upload a photo of yourself that clearly shows your face. We’ll check it and then permanently delete it from our servers.”

“You Can’t Log In Right Now. We’ll get in touch with you after we’ve reviewed your photo. You’ll now be logged out of Facebook as a security precaution.”

Imgur said Friday it first learned of the years-old hack on Thursday from a security researcher.

Imgur said the hack is still under investigation but believes an older password encryption system in use at the time of the hack allowed hackers to breach the system using a brute force attack. The company said it updated its algorithm last year.

More and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.

Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior.

YouTube will implement a new policy in an attempt to make the whole of YouTube safer: it will age-restrict inappropriate videos masquerading as children's content in the main YouTube app.

Even though the new policy is geared toward making YouTube Kids a safer place, it does have implications for audiences of the main YouTube site as well.