Human rights coalition to DHS: don't demand social media passwords from people entering the USA

A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly's remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry. Read the rest

It's very hard to maintain an anonymous Twitter account that can withstand government-level attempts to de-anonymize it

It's one thing to set up an "anonymous" Twitter Hulk account whose anonymity your friends and colleagues can't pierce, because the combination of your care not to tweet identifying details, the stilted Hulk syntax, and your friends' inability to surveil the global internet and compel phone companies to give up their caller records suffice for that purpose. Read the rest

Amnesty: hackers spent months building personas used to phish Qatari labor activists

In a new report, Amnesty International summarizes the security research they did on the victims of a sophisticated phishing attack aimed at Qatari labor activists, dubbed "Operation Kingphish." Read the rest

Anonymous infiltrated the KKK by friending Blue Lives Matter supporters on Facebook

The Anonymous activists behind "OpKKK" -- which infiltrated and unmasked Klan members, including many in US military and police departments -- began by creating thin-but-plausible fake identities on Facebook that signalled support for "Blue Lives Matter." By friending other accounts that indicated support for Blue Lives Matter, they found themselves being auto-suggested friendships with KKK members. Read the rest

Trump blabbed about response to North Korean missile launch in the Mar A Lago dining room while diners listened in

After a day of engaging in the most irresponsible activity a president can undertake (according to Donald Trump, anyway), President Trump and Japanese Prime Minister Shinzo Abe went to the Mar A Lago dining room with Steve Bannon and Michael Flynn, when Trump got a phone call about North Korea's missile tests. Read the rest

How to keep your secret activist Twitter account a secret

Despite his widely read criticism of Tor, The Gruqq -- a legendary, pseudonymous security expert -- uses it as first and last line of defense in keeping your secret, activist Twitter account a secret. Read the rest

It's awesome to see all these "rogue" government agency Twitter accounts, but what about hoaxes?

In the immediate aftermath of the Trump administration's gag orders on government employees disclosing taxpayer-funded research results, a series of high-profile "rogue" government agency accounts popped up on Twitter, purporting to be managed by civil servants who are unwilling to abide by the gag order. Read the rest

Bible references make very weak passwords

An analysis of passwords found in the 2009 breach of Rockyou -- 32 million accounts -- finds a large number of Biblical references ("jesus"," "heaven", "faith", etc), including a number of Bible verse references ("john316"). Read the rest

Autoexec.bat: the tee-shirt

Adam "Ape Lad" Koford writes, "Last Wednesday night as I was falling asleep, an idea came to me. The next morning I drew it and posted it online, not thinking much else of it. Then it started to go viral, and now it's on a shirt. Of all the drawings I've posted online over the past ten+ years, I guess I'm the autoexec.bat guy now." Read the rest

Feminist cybersecurity 101

The DIY Feminist Guide to Cybersecurity, available in Spanish and English, is designed to be a quickstart for "gendered, racialized, queerphobic, transphobic, ableist, and classist" threats to digital autonomy, created because "companies and developers frequently ignore or underestimate the digital threats to these spaces and their users." Read the rest

Digital self-defense for journalists

The Opennews project has published a set of annotated links to digital operational security tutorials that are relevant to journalists looking to defend themselves against various kinds of attacks, covering two-factor authentication, password managers, phishing, first aid for malware infections, and related subjects. (via 4 Short Links) Read the rest

Filmmakers want cameras with encrypted storage

Documentarians and news-gatherers who record sensitive material from confidential sources live in terror of having their cameras seized and their storage-cards plundered by law-enforcement; they struggle to remember to immediately transfer their files to encrypted laptop storage and wipe their cards while dodging bombs in conflict zones, or simply to remember to have robotically perfect operational security while they are trying to get a movie made. Read the rest

12 days of two-factor authentication: this Xmas, give yourself the gift of opsec

The Electronic Frontier Foundation has launched a new series, 12 Days of 2FA, in which every installment explains how to turn on two-factor authentication for a range of online services and platforms. Read the rest

Learning about the internal culture of the NSA from 262 leaked articles from its internal employee newsletter

The Intercept continues its work analyzing SID Today, the NSA's internal employee newsletter, with a fresh release of 262 articles -- these are in addition to the 166 articles published last spring. Read the rest

How governments and cyber-militias attack civil society groups, and what they can do about it

The University of Toronto's Citizen Lab (previously) is one of the world's leading research centers for cybersecurity analysis, and they are the first port of call for many civil society groups when they are targeted by governments and cyber-militias. Read the rest

Reflectacles get a new feature: CCTV-blinding infrared reflectors

Reflectacles, the hyper-reflective Ray Ban-style $75 glasses frames that Scott Urban is Kickstarting have a new feature: now you can get ones doped with materials that reflect the infrared light that CCTVs kick out to let them capture images in low light, which blind cameras' sensors. Cool! Read the rest

Digital Defenders: a free open-licensed booklet for kids about privacy and crypto

European Digital Rights has created a free, CC-licensed kids' booklet about privacy called Digital Defenders. Read the rest

More posts