More stories

  • in

    Yikes: Jailbroken Grok 3 can be made to say and reveal just about anything

    J Studios/Getty Images Just a day after its release, xAI’s latest model, Grok 3, was jailbroken, and the results aren’t pretty.  On Tuesday, Adversa AI, a security and AI safety firm that regularly red-teams AI models, released a report detailing its success in getting the Grok 3 Reasoning beta to share information it shouldn’t. Using three […] More

  • in

    I tried Norton Private Browser to see how it compares to Tor – here’s what I found

    ZDNETIn today’s crazy world of constant schemes, hacks, breaches, and invasions of privacy, everyone should be using a measure of caution as they browse the web, shop, click links from emails (don’t do this without trusting the link), and do business.Also: 5 great Chrome browser alternatives that put your privacy firstTo get the highest level of browser privacy and security, you’ll either need to install a few extensions/add-ons to your current browser, adopt Tor Browser as your default, or go with an option like Norton Private Browser. Tor Browser is a great option, but it doesn’t always work with every website, and some might find it a bit too complicated. If that sounds like you, Norton Private Browser includes privacy that would normally require the addition of extensions or add-ons. What can you do with Norton Private Browser?Norton Private Browser More

  • in

    How to turn on Private DNS Mode on Android – and why it matters for privacy

    Kerry Wan/ZDNETNearly everything you do on your desktop, laptop, phone, and tablet begins with a Domain Name System (DNS) query. Essentially, DNS turns domain names (such as ZDNET.com) into an IP address so web browsers and apps know where to get the information you want. Also: I tried a new anti-stress browser to see if it could really help me relax – and it actually worksWithout DNS, you’d have to type 34.149.132.124 every time you wanted to go to ZDNET.com. Even by simply running a Google search, DNS is at work. The problem is that standard DNS isn’t encrypted, meaning all your queries are sent over the network as plain text.Why is non-encrypted DNS a problem?Let’s say you’re on a public network  — like a coffee shop — and you start searching for things on your Android device. Or maybe you have to access a CMS or another work tool, and you don’t want the public to know the address you’re typing. If someone else is on the same network and has the skills, they could intercept your non-encrypted search queries (or the URLs you visit) and know exactly what you’re looking for.That’s where Private DNS Mode comes into play. Once you enable this feature, all of your DNS queries are encrypted, so any bad actors won’t be able to view them (even if they capture those packets). In other words, Private DNS Mode should be an absolute must for anyone who values their privacy and security.Also: How to easily use Cloudflare’s secure DNS on your Mac and why it even mattersBut how do you enable Private DNS Mode on Android? It’s actually pretty simple. Let me show you how.How to enable Private DNS mode on AndroidWhat you’ll need: The only thing you need to enable Private DNS Mode is an Android device running at least Version 9 of the operating system (which released in 2018). I’m using a Pixel 9 Pro but have used the feature going way back in the Android release cycle. Pretty much every modern Android phone is capable of enabling Private DNS. More

  • in

    Why rebooting your phone daily is your best defense against zero-click attacks

    ZDNETIn the last decade, spyware tools have been repeatedly found on the phones of journalists, activists, and politicians, including US officials, raising concerns over the unprecedented proliferation of spyware technologies and, subsequently, the lack of protections within the tech space amid growing threats.Also: Google releases responsible AI report while removing its anti-weapons pledgeLast Friday, Meta’s WhatsApp revealed that it had discovered a hacking campaign targeting about 90 users, mostly journalists and civil society members across two dozen countries. According to a WhatsApp spokesperson, the Israeli spyware company Paragon Solutions — now acquired by Florida-based private equity firm AE Industrial Partners — was behind the attack.What is a zero-click capability? Graphite, Paragon’s spyware, was found to have infiltrated WhatsApp groups by simply sending users a malicious PDF attachment. Without users’ knowledge, it can access and read messages on encrypted applications like WhatsApp and Signal.This is also known as a zero-click attack, which means that targets do not have to take any actions for their devices to become compromised. In contrast, phishing or one-click attacks require user interaction with a malicious link or attachment. Once a phone is infected with a zero-click capability, the operator of the attack can secretly gain total access to the phone by exploiting a security vulnerability.Also: How to turn on Private DNS Mode on Android – and why it’s a must for securityIn an interview with ZDNET, Rocky Cole, co-founder of mobile threat protection company iVerify, said that “in the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims’ devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone.”While public reporting does not specify “whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible,” Cole said.iVerify has uncovered instances where “a number of WhatsApp crashes on [mobile] devices [they’re] monitoring with iVerify” have appeared to be malicious in nature, leading the iVerify team to believe that the malicious attacks are “potentially more widespread” than just the 90 people reported to have been infected by graphite.While the WhatsApp attack was predominantly launched against members of civil society, mobile spyware is an emerging threat against everyone because mobile exploitation is more widespread than one might think, Cole said. Moreover, “the result is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are ‘under pressure to become profitable enterprises,'” he said.This ultimately “creates marketing competition” for spyware merchants and “lowers barriers” that would deter these mobile exploitation attacks.Also: The top 10 brands exploited in phishing attacks – and how to protect yourselfJust a month ago, WhatsApp won a lawsuit against NSO after a federal judge in California found that NSO was exploiting a security vulnerability within the messaging app to deliver Pegasus. The infamous NSO Group — known for infecting the phones of journalists, activists, and Palestinian rights organizations — has used similar zero-click capabilities through their Israeli-made Pegasus spyware, a commercial spyware and phone hacking tool.Historically, the NSO Group has avoided selling to US-based clients and has also been banned by the US Commerce Department under the Biden administration for allegedly supplying spyware to authoritarian governments. However, “shifting political dynamics [under the Trump administration] raises the possibility that spyware may become more prevalent in the United States” — exacerbating mobile exploitation.”And the world is totally unprepared to deal with that,” Cole said. More

  • in

    These nations are banning DeepSeek AI – here’s why

    wildpixel/Getty Images Regulators across the world are increasingly taking action against DeepSeek AI, the controversial Chinese startup behind two open-source models that have shaken up the industry.  Also: What is DeepSeek? Here’s what you should know On Tuesday, South Korea’s Personal Information Protection Commission (PICP) announced it was removing DeepSeek’s chatbot app from Google Play and […] More

  • in

    Get the best best Wyze Cam alternative I’ve tested for only $20 through Presidents’ Day

    <!–> ZDNET’s key takeaways The Blink Mini 2 is available for $40 on its own or bundled with a weather-resistant power adapter for $50 With a stronger construction, improved video quality, a new spotlight, person detection, and weather resistance for outdoor use, the Blink Mini 2 is a definite upgrade from the first generation As […] More

  • in

    How to find your BitLocker recovery key – and save a secure backup copy before it’s too late

    JuSun/Getty Images Windows 11, like its predecessor, includes easy options to encrypt your system drive. With BitLocker device encryption turned on for your PC’s system drive, your personal data is safe if your laptop is lost or stolen.  Also: How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11 If Windows determines that boot integrity has been […] More

  • in

    I tested 10 AI content detectors – and these 3 correctly identified AI text every time

    diyun Zhu/Getty Images When I first examined whether it’s possible to fight back against AI-generated plagiarism, and how that approach might work, it was January 2023, just a few months into the world’s exploding awareness of generative AI.  This is an updated version of that original January 2023 article. When I first tested GPT detectors, […] More