"joseph menn"

Google users in UK will soon lose EU data protection: Report

Post-Brexit, Google plans to move UK user accounts out of the control of European Union privacy regulators, and will place them under U.S. jurisdiction instead, where privacy protections are weaker, reports Joseph Menn at Reuters. Read the rest

The FBI doesn't need Apple to give it a backdoor to encryption, because it already has all the access it needs

Once again, the FBI is putting pressure on Apple to help them break into the phone of a mass shooter. And once again, Apple has been largely resistant to the effort. Which is good, because a government having control over a private company that gives them secret backdoor access into people's personal technology devices is an authoritarian wet dream waiting to happen.

It also doesn't matter anyway because — as Reuters pointed out this week — Apple already buckled under FBI pressure a few years and cancelled their plans to add end-to-end encryption to all iPhone backups in iCloud:

The company said it turned over at least some data for 90% of the requests it received [from the FBI]. It turns over data more often in response to secret U.S. intelligence court directives, which sought content from more than 18,000 accounts in the first half of 2019, the most recently reported six-month period.

But what if the FBI wants access to someone's locked iPhone, and they haven't backed it up to iCloud? They still don't need Apple's help, because — as with the San Bernardino shooting — there are plenty of third-party companies that can and will gladly solve the problem in exchange for money.

From OneZero:

Over the past three months, OneZero sent Freedom of Information Act (FOIA) requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones.

Read the rest

Security researcher cracks high-security lock used for ATMs, Air Force One, military bases

At this year's Defcon Lock Picking Village, Ioactive's Mike Davis will present a method for cracking high-security locks made by Dormakaba Holding, a Swiss company. The locks are used in very high-stake applications, from security ATMs to Air Force One, as well as guarding classified and sensitive materials on US military bases. Read the rest

Cult of the Dead Cow: the untold story of the hacktivist group that presaged everything great and terrible about the internet

Back in 1984, a lonely, weird kid calling himself Grandmaster Ratte' formed a hacker group in Lubbock, Texas. called the Cult of the Dead Cow, a name inspired by a nearby slaughterhouse. In the decades to come, cDc would become one of the dominant forces on the BBS scene and then the internet -- endlessly inventive, funny and prankish, savvy and clever, and sometimes reckless and foolish -- like punk-rock on a floppy disk. Read the rest

Beto O'Rourke was in the Cult of the Dead Cow and his t-files are still online

Investigative tech journalist Joseph Menn's (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be "America's oldest hacking group." Read the rest

Feds ask court to force Facebook to break Messenger's end-to-end voice encryption for MS-13 gang probe

In secret court proceedings, the U.S. government is trying to force Facebook to help wiretap Messenger. Facebook has declined, so the Justice Department is asking a judge for an order of contempt. Read the rest

Zuckerberg: Facebook will not stop spying on Americans to comply with EU privacy law

The imminent implementation of the EU's General Data Protection Regulation (GDPR) has been hailed as a victory for global privacy advocates; since the regulation severely limits the collection of data on Europeans -- even when they're communicating with non-Europeans -- services like Facebook would risk running afoul of the GDPR if they collected data on anyone in a way that violated EU rules, and since the penalties for violating the GDPR are incredibly draconian, the benefits of such surveillance would surely be outweighed by the risk of getting it wrong. Read the rest

Yahoo didn't install an NSA email scanner, it was a "buggy" NSA "rootkit"

Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest

Yahoo secretly built a tool to scan all email in realtime for US spies

In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA. Read the rest

Congress wants to know if agencies were compromised by the backdoor in Juniper gear (and where it came from)

The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines. Read the rest

Juniper blinks: firewall will nuke the NSA's favorite random number generator

In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA. Read the rest

New NYT editor spiked NSA spying story

Mostly lost in the past week's media gossip around NYT executive editor Jill Abramson's ouster, and Dean Baquet's promotion to her role: Baquet is the former LA Times editor who killed the biggest NSA leak pre-Edward Snowden. Read the rest

NSA had secret deal on back-doored crypto with security firm RSA, Snowden docs reveal

"As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry," reports Joseph Menn at Reuters in an exclusive today:

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

"Secret contract tied NSA and security industry pioneer" [Reuters.com] Read the rest

New Skype malware threat reported: Poison Ivy

Dancho Danchev reports an incident in which a friend pinged him at an odd hour on Skype "with a message pointing to what appeared to be a photo site with the message 'hahahahaha foto' and a link to hxxp://random_subdomain.photalbum.org." Yup, malware. The Poison Ivy trojan is spreading across Skype. [webroot via Joseph Menn] Read the rest

Why the world fears Anonymous: Joe Menn in the FT

(photo: Demonstrators wearing "Anynomous" masks protest in Madrid. REUTERS.)

Joseph Menn has a must-read analysis piece in the Financial Times today, mercifully freed from the paywall, about why the world fears so-called "hacktivists" like Anonymous. Everyone with a computer connected to the internet should read this piece.

To admirers, the hacktivism trend reflects the increased importance of technology in more and more aspects of life. The net is now democratising both legitimate political expression and hacking in the same way it once democratised media, allowing anyone to blog or publish an electronic book.

But others, including the companies that have lost business due to web outages or been robbed of customer information by hacktivists, believe Anonymous sets a dangerous precedent. “Motivation-wise, I think these guys are on a massive power trip. There is definitely some criminal element,” says Karim Hijazi, founder of tech security start-up Unveillance, which had its internal e-mails published by hackers with Lulz Security (commonly known as LulzSec), an Anonymous offshoot.

Even some supporters worry that if the group continues on its current path, it could trigger a legislative backlash that would bring heightened monitoring at the expense of the privacy that Anonymous prizes.

Steven Chabinsky, FBI deputy assistant director, says the bureau is placing “a lot of emphasis and focus on Anonymous and other groups that would be like them. These organisations have managed to use new technologies to connect to otherwise disenfranchised hackers to gather force and momentum in a way we have not seen before.”

Read the rest

Two veteran Anonymous members say group is responsible for Sony attacks

Anonymous officially denies that it is responsible for the recent hacking attacks on Sony—well, to the extent that an entity like Anonymous is capable of doing anything "officially," or with one voice. But two hackers identified as veterans of Anonymous tell the Financial Times that the cyber-activist group, or at least cells of the group, are probably behind it.

One Anonymous member told the FT that he saw technical details of a vulnerability in Sony's network that enabled the break-in discussed on an Anonymous chatroom, shortly before the intrusion.

"The hacker that did this was supporting OpSony's movements," the Anonymous activist told the FT.

Another established member of Anonymous who participated in the hacking of security firm HBGary Federal, said it could well have been other members who subsequently hacked Sony.

"If you say you are Anonymous, and do something as Anonymous, then Anonymous did it," said the hacker, who uses the online nickname Kayla. "Just because the rest of Anonymous might not agree with it, doesn't mean Anonymous didn't do it."

Hackers admit Anonymous likely behind Sony attacks (FT, thanks Joseph Menn)

 

Sony PlayStation network targeted in massive customer data breach ... Sony: PSN intruder may have taken credit card info Embattled PS3 hacker raises big bank to fight Sony Sony: We wuz robbed. Again. Sony hack timeline Read the rest

Reports of a new virus, "Stars," hitting Iran: son of Stuxnet?

The government of Iran said today it has been targeted by a new computer virus dubbed "Stars." From a blog post by Joris Evers for computer security firm Macafee:

Stars would be the second malware infestation targeted at Iran within a years time, following the discovery of Stuxnet in July last year.

Outside of the published news reports, McAfee has no information on "Stars" at this time. That's different from Stuxnet, where international cybersecurity companies knew of the malware and were able to investigate it through customary sharing of malware samples.

We currently have no way of verifying the attack the Iranian government is reporting, nor do we have any way of identifying who might be behind the attack or what the target could be.

(via Joseph Menn) Read the rest

Next page

:)