Group items tagged

The US National Security Agency (NSA) knew of the Heartbleed flaw in the widely used OpenSSL security tool and exploited it for year - instead of blowing the whistle so that the patch could be flawed."

"Facebook said on Thursday it had taken down about 200 accounts run by a group of hackers in Iran as part of a cyber-spying operation that targeted mostly US military personnel and people working at defense and aerospace companies. The social media company said the group, dubbed "Tortoiseshell" by security experts, used fake online personas to connect with targets, build trust - sometimes over the course of several months - and drive them to other sites, where they were tricked into clicking malicious links that would infect their devices with spying malware."

"A promo video from Pinkroccade, a prominent IT contractor to Dutch local governments, makes the case for spying on wearables (if your heart-rate rises because you're about to be mugged, the police could be alerted, and get GPS from your phone, find nearby phones belonging to people with criminal records, check the view from your Google Glass, and respond -- case closed). "

"After getting caught breaking its own laws with a mass surveillance program, the French government has introduced legislation that mirrors the NSA's rules, giving it the power to spy on all foreigners -- and any French people who happen to be swept up in the dragnet."

"GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security." But a close examination of MIKEY-SAKKE reveals some serious deficiencies. The system is designed from the ground up to support "key escrow" -- that is, the ability of third parties to listen in on conversations without the callers knowing about it."

"The document dump reveals that the spies hold data on millions of Britons who are suspected of no wrongdoing, including records on dead people who cannot possibly pose a threat to national security. These records, which include "private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities," are safeguarded through self-regulating systems that are laughable in their tragic lack of seriousness. "

"India has started using a system that allows security agencies and income tax officials to directly intercept phone calls and emails without any court or legislative oversight, Reuters reported this summer."

""Privacy Not Included" is Mozilla's Christmas shopping (anti)-guide to toys and gadgets that spy on you and/or make stupid security blunders, rated by relative "creepiness," from the Nintendo Switch (a little creepy) to the Fredi Baby monitor (very creepy!). Mozilla's reviews include a detailed rationale for each ranking, including whether the product includes encryption, whether it forces a default password change, how easy to understand the documentation is, whether it shares your data for "unexpected reasons," whether it has known security vulnerabilities, whether it has parental controls and more."

"This RFID-enabled device allowed its proud new owners to do things such as log into their computer, open doors and purchase food in the office cafeteria with a flick of the wrist. Nearly half of the company's 85 workers had the device implanted when the firm held a "chip party". YIKES!

"UK's electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world's biggest internet companies through a covertly run operation set up by America's top spy agency, documents obtained by the Guardian reveal."

"Up to 10 million Android smartphones have been infected by malware that generates fake clicks for adverts, say security researchers. The software is also surreptitiously installing apps and spying on the browsing habits of victims. The malware is currently making about $300,000 (£232,000) a month for its creators, suggests research."

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "

""Mexico's capacity to spy on its citizens is immense. [And] it's extremely easy for the technology and the information obtained through the spyware to fall into private hands - be it organised crime or commercial," said Jorge Rebolledo, a Mexico City security consultant. "What we know about is only the tip of the iceberg." Andrés Manuel López Obrador Andrés Manuel López Obrador. The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as belonging to people of interest by government clients of NSO Group."

"Russian state-linked hackers have targeted the WhatsApp accounts of government ministers and officials around the world with emails inviting them to join user groups on the messaging app. The WhatsApp tactic marks a new approach by a hacking unit called Star Blizzard. Britain's National Cyber Security Centre (NCSC) has linked Star Blizzard to Russia's domestic spy agency, the FSB, and has accused it of seeking to "undermine trust in politics in the UK and likeminded states"."

"The NSA has a tool that records and analyzes all the flow of data that the spy agency collects around the world. Think of it as a global data-mining software that details exactly how much intelligence, and of what type, has been collected from every country in the world. It's aptly called "Boundless Informant." "

"But TURBINE, which was carried out with other "Five Eyes" spy agencies as part of the NSA's $67.6M "Owning the Net" plan, is intended to automate the infection process, allowing for "millions" of infections at once. "

"Like China's Great Firewall, the UK firewall is a patchwork of rules and filters that are opaque to users and regulators. Every ISP uses its own censorship supplier to spy on its customers and decide what they're allowed to see, and they change what is and is not allowed from moment to moment, with no transparency into how, when or why those decisions are being made. "

"A duo of researchers at the University of Waterloo and the University of Illinois Urbana-Champaign have turned this old assumption of impracticality on its head with their description of a Wi-Fi localization exploit they call Wi-Peep. They have outlined how an inconspicuous and inexpensive device can locate hidden Wi-Fi devices without their cooperation."