Group items matching

in title, tags, annotations or url

"The organisation is a pioneer of the "ransomware as a service" model, whereby it outsources the target selection and attacks to a network of semi-independent "affiliates", providing them with the tools and infrastructure and taking a commission on the ransoms in return. As well as ransomware, which typically works by encrypting data on infected machines and demanding a payment for providing the decryption key, LockBit copied stolen data and threatened to publish it if the fee was not paid, promising to delete the copies on receipt of a ransom."

"This week, the tech giant announced it had begun rolling out automatic encryption for direct messages on its Facebook and Messenger platforms to more than 1 billion users. Under the changes, Meta will no longer have access to the contents of the messages that users send or receive unless one participant reports a message to the company. As a result, messages will not be subject to content moderation unless reported, which social media companies undertake to detect and report abusive and criminal activity. encryption hides the contents of a message from anyone but the sender and the intended recipient by converting text and images into unreadable cyphers that are unscrambled on receipt."

"The folks at Signal are taking one of the four post-quantum cryptography algorithms that have been chosen by the US National Institute of Standards and Technology to withstand attacks by quantum computers, but instead of using it to replace their existing public-key encryption system, they are layering the new algorithm on top of what they already have. "We are augmenting our existing cryptosystems," they say, "such that an attacker must break both systems in order to compute the keys protecting people's communications." And they will be rolling out this augmented system to all users in the next few months."

"If you use the default settings above, it would take millions of years to guess your master password using generally-available password-cracking technology. Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass' Zero Knowledge architecture. There are no recommended actions that you need to take at this time. "

"There will be more where that came from. So it's time for a reality check. Quantum computers are interesting, but experience so far suggests they are exceedingly tricky to build and even harder to scale up. There are now about 50 working machines, most of them minuscule in terms of qubits. The biggest is one of IBM's, which has - wait for it - 433 qubits, which means scaling up to 20m qubits might, er, take a while. This will lead realists to conclude that RSA encryption is safe for the time being and critics to say that it's like nuclear fusion and artificial general intelligence - always 50 years in the future."

"According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests - or those of tomorrow - an expert who reviewed the SIAM documents told The Intercept."

"Astonishingly, even as the UK government praises end-to-end encryption abroad, it is undermining it at home. The Online Safety Bill, which continues to proceed through parliament after being mentioned in the Queen's Speech, will target platforms that use end-to-end encryption by "placing a duty of care on service providers within the scope of the draft bill to moderate illegal and harmful content on their platforms, with fines and penalties for those that fail to uphold this duty". "

"The government is introducing some amendments in time for the report stage on 12 July, with another batch to be announced shortly after. Under one confirmed change, tech firms will be required to shield internet users from state-sponsored disinformation that poses a threat to UK society and democracy. This is a tightening of existing proposals on disinformation in the bill, which already require tech firms to take action on state-sponsored disinformation that harms individuals - such as threats to kill. Another confirmed amendment is equally incremental. A clause in the bill aimed at end-to-end encrypted services already gives Ofcom the power to require those platforms to adopt "accredited technology" to detect child sexual abuse and exploitation [CSEA] content. If that doesn't work, then they must use their "best endeavours" to develop or deploy new technology to spot and remove CSEA. This move appears to be aimed at Mark Zuckerberg's plans to introduce end-to-end encryption on Facebook Messenger and Instagram."

"Ransomware analysts offered several possible explanations for why the master key has now appeared. It is possible Kaseya, a government entity, or a collective of victims paid the ransom. The Kremlin in Russia also might have seized the key from the criminals and handed it over through intermediaries, experts said."

"But unbeknown to Real G and hundreds of criminals who until this week believed that ANOM was the best way to arrange drug deals, money laundering and murders away from the eyes of authorities, the FBI was also secretly copied in on every message. Indeed, in one of the most elaborate and sprawling honeypot traps known to date, the entire communications platform was being covertly operated by the FBI, marking a first for the agency."

"NFTs are created on Ethereum's blockchain, which is immutable, meaning it cannot be altered. No one can undo your ownership of an NFT or re-create that exact same one. They're also "permissionless," so anyone can create, buy, or sell an NFT without asking for permission. Finally, every NFT is unique, and can be viewed by anyone. "

"The software is made by BlackBag Technologies, an American company that was bought last year by Cellebrite of Israel. Both companies also make other sophisticated tools to infiltrate locked or encrypted devices and suck out their data, including location-tracking information."

"Bitcoin is stored on software known as a digital wallet that is secured through encryption. A password is used as a decryption key to open the wallet and access the bitcoin. When a password is lost the user cannot open the wallet. The fraudster had been sentenced to more than two years in jail for covertly installing software on other computers to harness their power to "mine" or produce bitcoin. When he went behind bars, his bitcoin stash would have been worth a fraction of the current value. The price of bitcoin has surged over the past year, hitting a record high of US$42,000 in January. It was trading at US$37,577 on Friday, according to cryptocurrency and blockchain website Coindesk."

"Employees worry that, should Signal fail to build policies and enforcement mechanisms to identify and remove bad actors, the fallout could bring more negative attention to encryption technologies from regulators at a time when their existence is threatened around the world. "The world needs products like Signal - but they also need Signal to be thoughtful," said Gregg Bernstein, a former user researcher who left the organization this month over his concerns. "It's not only that Signal doesn't have these policies in place. But they've been resistant to even considering what a policy might look like.""

X to doubt

"Telegram, a messaging app created by the reclusive Russian exile Pavel Durov, is suited to running protests for a number of reasons. It allows huge encrypted chat groups, making it easier to organise people, like a slicker version of WhatsApp. And its "channels" allow moderators to disseminate information quickly to large numbers of followers in a way that other messaging services do not; they combine the reach and immediacy of a Twitter feed, and the focus of an email newsletter. The combination of usability and privacy has made the app popular with protestors (it has been adopted by Extinction Rebellion) as well as people standing against authoritarian regimes (in Hong Kong and Iran, as well as Belarus); it is also used by terrorists and criminals. In the past five years, Telegram has grown at a remarkable speed, hitting 60 million users in 2015 and 400 million in April this year. "

"Lazada added that the information stolen was last updated in March 2019, and the affected RedMart-only database is not linked to any Lazada database."

"Service providers, including many ORG members, will be required to do this through the imposition of a "duty of care" - a concept awkwardly borrowed from health & safety - which will require them to monitor the integrity of their services not by objective technical standards, but by subjective "codes of practice" on both illegal and legal content. Although the framework has been drawn up with large American social media platforms in mind, it would apply to any site or service with UK users which hosts user-generated content. A blog with comments will be fair game. An app with user reviews will be fair game. "