Early this month, Google's Project Zero revealed a breathtaking attack on multiple OSes, including Apple's Ios, in which a website that served Uyghur people was found to be hosting at least five different kinds of Ios malware that exploited previously unknown defects in Apple's code (the attack is presumed to have been the work of the Chinese state, which has been prosecuting a genocidal campaign against Uyghurs, whose high-tech fillips have seen both cities and apps suborned to aid in the pogrom).
Alex Stamos (previously) is the former Chief Security Officer of Yahoo and Facebook. I've jokingly called him a "human warrant canary" because it seems that whenever he leaves a job, we later learn that his departure was precipitated by some terrible compromise the company was making — he says that he prefers to be thought of as "the Forrest Gump of infosec" because whenever there is a terrible geopolitical information warfare crisis, he's in the background, playing ping-pong.
The latest read from Alex Stamos bears an appropriately grim title.
Facebook's longtime Chief Security Officer Alex Stamos is quitting, as announced earlier this year. The company seems to think it doesn't need a new CSO, despite having just acknowledged Tuesday it is the subject of ongoing, sustained, coordinated information warfare attacks just ahead of the 2018 midterm elections.
Even before he took the job of Chief Security Officer of Yahoo, Alex Stamos had a reputation for being a badass: a thoughtful security ethicist who served as an expert witness in defense of Aaron Swartz, Stamos cemented his reputation by publicly humiliating the director of the NSA over mass surveillance.
Video-calling app Zoom has been on the end of sharp criticism for security weaknesses. In response, they announced today a plan to offer end-to-end encryption for all users, with a trial to begin next month.
You're browsing a news app on your phone in bed, alone, late at night. Did you know your physical location and IP address are being shared with the app maker?
In a year-in-review post, Facebook's Mark Zuckerberg said on Friday he is "proud of the progress we've made."
Yes, he really is that deluded.
Alex Stamos stepped down as CSO for Facebook in August, after a career in which he rather fearlessly and bluntly warned about deficiencies in Facebook's security (this was totally in keeping with Stamos's character; he seems to have walked out on his job running security for Yahoo rather than building an NSA backdoor for them, making him something of a human warrant canary).
Just when you thought that Facebook couldn't get any more greasy, they have outdone themselves in a manner that places them well beyond even the most succulent of French Chef finger-kisses: the phone numbers that many folks gave them in order to activate the service's two-factor authentication protection? — Read the rest
As Facebook users drift away from the platform, the company is becoming increasingly desperate to lure them back, doubling down on its obnoxious tactic of spamming users whose activity has fallen off with notifications intended to pique their interest in using the service again.
Earlier this month Facebook Chief Security Officer Alex Stamos threw a twittertantrum over accusations that Facebook's algorithms promoted fake news in its users' feeds: "I am seeing a ton of coverage of our recent issues driven by stereotypes of our employees and attacks against fantasy, strawman tech cos," he wrote. — Read the rest
A leaked recording of Facebook security chief Alex Stamos (who refused to help with an illegal NSA spying program when he was CSO for Yahoo) has him describing the company's IT culture as being "like a college campus, almost" while the company has the "threat profile of a Northrop Grumman or a Raytheon or another defense contractor."
A Russian government-affiliated troll farm called Internet Research Agency bought a Black Lives Matter ad on Facebook targeting Ferguson and Baltimore, reports CNN, with "the apparent goal of the Russian buyers to amplify political discord and fuel an atmosphere of incivility and chaos." — Read the rest
Joe Menn at Reuters reports that Facebook is pitching in an initial $500,000 in seed funding to launch a nonprofit that will work to protect American political parties, voting systems and information providers from malicious attacks by hackers and foreign nation-states. — Read the rest
Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources — at least one of whom worked on the security team — say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool.
Yahoo email accounts were scanned by the company on behalf of U.S. intelligence services from last year. This represents the first example of a U.S. service provider providing complete access to "all arriving messages," reports Reuters.
— Read the rest
It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters.
In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA.
Facebook says that starting today, they will notify users "if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state."
During Monday's Cybersecurity for a New America conference in DC, Yahoo's Chief Information Security Officer Alex Stamos stood up and had an intense verbal showdown with NSA director Mike Rogers about the NSA's plan to ban working crypto, in which the nation's top spook fumfuhed and fumbled to explain how this idea isn't totally insane.