Time To Clip The Wings Of NSO And Its Pegasus Spyware

from The Observer What’s the most problematic tech company in the world? Facebook? Google? Palantir? Nope. It’s a small, privately held Israeli company called NSO that most people have never heard of. On its website, it describes itself as “a world leader in precision cyberintelligence solutions”. Its software, sold only to “licensed government intelligence and law-enforcement agencies”, naturally, helps them to “lawfully address the most dangerous issues in today’s world. NSO’s technology has helped prevent terrorism, break up criminal operations, find missing people and assist search and rescue teams.” So what is this magical stuff? It’s called Pegasus and it […]

Continue reading

The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough?

from Lawfare The Biden administration formally accused the Chinese government this week of carrying out the hacks of the Microsoft Exchange email server software, the details of which came to light in early March. In a joint statement with the European Union, NATO and several other U.S. allies, the White House placed blame for the hacks squarely on the shoulders of the contractors of China’s civilian intelligence agency, the Ministry of State Security (MSS), and accused the Chinese government of supporting “irresponsible and destabilizing behavior in cyberspace.” In conjunction with the White House’s statement, the Justice Department on July 19 […]

Continue reading

Zoom Finally Has End-to-End Encryption.

from Wired ZOOM HAS GONE from startup to verb in record time, by now the de facto video call service for work-from-home meetings and cross-country happy hours alike. But while there was already plenty you could do to keep your Zoom sessions private and secure, the startup has until now lacked the most important ingredient in a truly safe online interaction: end-to-end encryption. Here’s how to use it, now that you can, and why in many cases you may not actually want to. It’s been a long road to get here. This spring, as Zoom rode the pandemic to video […]

Continue reading

Study Shows Which Messengers Leak Your Data, Drain Your Battery, And More

from ars technica Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked. Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews. More here.

Continue reading

Taking Back Our Privacy

from The New Yorker Walking down Abbot Kinney Boulevard, the retail strip in Venice, California, can feel like scrolling through Instagram. One afternoon this July, people sat at outdoor tables beneath drooping strings of fairy lights, sipping cocktails and spearing colorful, modestly dressed salads. The line for Salt & Straw, a venture-funded, “chef-driven” ice-cream shop, stretched up the block, and athleisure-clad twentysomethings photographed themselves eating waffle cones, fabric masks pulled down around their chins like turkey wattles. A month earlier, Abbot Kinney had become a central gathering place for protesters during the mass demonstrations against police brutality and systemic racism. […]

Continue reading

How Internet-Connected Voter Check-In Devices Can Create Election Chaos

from ars technica A federal judge in Georgia has ordered election officials to print paper backups of voter data so that voting can proceed even if the digital system for checking in voters fails. This is a win for plaintiffs who have argued that flaws in Georgia’s electronic-poll-book (EPB) system hampered voting in the June primary and could do so again in November. Over the last 20 years, a lot of discussion has revolved around the risk that electronic voting machines pose to the security and integrity of elections. But there has been less attention paid to electronic poll books—another […]

Continue reading

Why Online Voting Is Harder Than Online Banking

from ars technica For a feature last week, I talked to a number of election experts and computer security researchers who argued that secure Internet voting isn’t feasible today and probably won’t be for many years to come. A common response to this argument—one that came up in comments to last week’s article—is to compare voting to banking. After all, we regularly use the Internet to move money around the world. Why can’t we use the same techniques to secure online votes? But voting has some unique requirements that make secure online voting a particularly challenging problem. Every electronic transaction in the […]

Continue reading

The Safest Ways to Log In to Your Computer

from Wired Whether your computer runs Windows, macOS, or Chrome OS, you have options for how you log in. And your choice doesn’t only affect how convenient it is for you to get into your laptop or desktop; it also affects how easily someone else can gain access. These are the different login options that are available and that you need to be aware of, so make sure you choose wisely. The right one for you will depend on how your computer is set up and just how cautious you’d like to be. More here.

Continue reading

Zoombombing Is A Crime, Not A Prank, Prosecutors Warn

from ars technica Coronavirus-related social distancing measures have given a big popularity boost to Zoom, a video conferencing platform that’s known for its ease of use but not necessarily strong security or privacy protections. Internet trolls and other troublemakers have responded with “Zoombombing”: joining Zoom meetings uninvited and disrupting them. Zoombombers have exposed themselves to schoolchildren and shouted racial slurs. In a Friday statement, federal prosecutors in Michigan warned the public that Zoombombing isn’t a harmless prank; it’s a crime. “Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language,” wrote the US Attorney’s Office […]

Continue reading

Hacker Eva Galperin Has a Plan to Eradicate Stalkerware

from Wired Over the last year, Eva Galperin says she’s learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they’ve called, texted, and even what they discussed in their most private conversations. How their abusers seem to know where they’ve been and sometimes even turn up at those locations to menace them. How they flaunt photos mysteriously obtained from the victim’s phone, sometimes using them for harassment or blackmail. And how none of the usual remedies to suspected hacking—changing passwords, setting up two-factor authentication—seem to help. The reason those […]

Continue reading

FCC Accuses Carriers Of Being “Gateways” For Foreign Robocallers

from ars technica The Federal Communications Commission is asking phone carriers for help blocking robocalls made from outside the US and is implementing a congressionally mandated system to trace the origin of illegal robocalls. The FCC yesterday sent letters to seven US-based voice providers “that accept foreign call traffic and terminate it to US consumers.” Tracebacks conducted by the USTelecom trade group and the FCC found that each of these companies’ services is “being used as a gateway into the United States for many apparently illegal robocalls that originate overseas,” the FCC’s letters to the companies say. The FCC letters […]

Continue reading

New Ransomware Doesn’t Just Encrypt Data. It Also Meddles With Critical Infrastructure

from ars technica Over the past five years, ransomware has emerged as a vexing menace that has shut down factories, hospitals, and local municipalities and school districts around the world. In recent months, researchers have caught ransomware doing something that’s potentially more sinister: intentionally tampering with industrial control systems that dams, electric grids, and gas refineries rely on to keep equipment running safely. A ransomware strain discovered last month and dubbed Ekans contains the usual routines for disabling data backups and mass-encrypting files on infected systems. But researchers at security firm Dragos found something else that has the potential to […]

Continue reading

Whatsapp ‘Hack’ Is Serious Rights Violation, Say Alleged Victims

from The Guardian More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones. The individuals received alerts saying they were among more than 100 human rights campaigners whose phones were believed to have been hacked using malware sold by NSO Group, an Israeli cyberweapons company. WhatsApp launched an unprecedented lawsuit against the surveillance company earlier this week, claiming it had discovered more than 1,400 of its users were targeted by NSO technology in a two-week period in May. […]

Continue reading

Recent Decision: D.C. Circuit Rules That OPM Breach Victims Have Standing to Sue

from Lawfare With data breach incidents on the rise, federal courts are grappling with the issue of standing in class action lawsuits arising from data breaches. As Lawfare has covered previously, there is arguably a circuit split over whether plaintiffs can establish an “injury in fact,” one of three constitutional standing requirements, on the grounds that a breach has put them at a heightened risk of identity theft. In a 2-1 decision this past summer titled In re: U.S. Office of Personnel Management Data Security Breach Litigation, the U.S. Court of Appeals for the D.C. Circuit weighed in on that […]

Continue reading

Encrypted DNS Could Help Close the Biggest Privacy Gap on the Internet. Why Are Some Groups Fighting Against It?

from EFF Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption. Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a […]

Continue reading

The Biggest Hacking Risk? Your Employees

from readwrite This January, a hacker broke into Ethereum Classic, one of the more popular cryptocurrencies, and began rewriting transaction histories. Until recently, blockchains were considered unhackable, but it’s clear that cybercriminals always find vulnerabilities. Here’s the lesson: If a blockchain can be hacked, no one is immune to the threat of cybercrime. And businesses are frequently exposed in unexpected ways. One of the easiest vectors for a cyberattack is employee negligence. Easily avoidable mistakes, such as using the same passwords at home and at work, put company data at risk. According to a report from information security company Shred-it, […]

Continue reading

Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis

from NYTs Sheryl Sandberg was seething. Inside Facebook’s Menlo Park, Calif., headquarters, top executives gathered in the glass-walled conference room of its founder, Mark Zuckerberg. It was September 2017, more than a year after Facebook engineers discovered suspicious Russia-linked activity on its site, an early warning of the Kremlin campaign to disrupt the 2016 American election. Congressional and federal investigators were closing in on evidence that would implicate the company. But it wasn’t the looming disaster at Facebook that angered Ms. Sandberg. It was the social network’s security chief, Alex Stamos, who had informed company board members the day before […]

Continue reading

Security in a World of Physically Capable Computers

from Schneier on Security It’s no secret that computers are insecure. Stories like the recent Facebook hack, the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they’re just the newsworthy tip of a very large iceberg. The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space. The primary reason computers […]

Continue reading

A Breach That Ripples Far Beyond Facebook

from NYTs If I did not need Facebook to do my job, I would be deleting it right now. While everyone was riveted by the drama over Judge Brett M. Kavanaugh’s potential confirmation to the Supreme Court, Facebook dropped a bombshell: Hackers had broken into at least 50 million of its accounts. The company’s chief executive, Mark Zuckerberg, and his deputy, Sheryl Sandberg, were among the victims, according to my colleagues Mike Isaac and Sheera Frenkel. For the past year, I have been covering technology in India, which has more Facebook users than any other country. Before that, I was […]

Continue reading