Archive | IT security

Make your voice heard!

EDRi on EU public consultations on Internet and Big Brother issues:

Public consultations are an opportunity to influence policy-making at an early stage, and to help to shape a brighter future for your digital rights.

Below you can find the public consultations which EDRi finds relevant in 2017. (…) We will update the list on an ongoing basis, adding our responses to the consultations and other information that can help you get engaged.

EDRi: Important Consultations for your Digital Rights! »

0

Dumbo – How the NSA can destroy digital evidence

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Wikileaks: Dumbo »

0

Does your robot vacuum cleaner spy on you?

Over the past couple of years, Roombas haven’t just been picking up dust and chauffeuring cats around, they’ve also been mapping the layout of your home. Now, Colin Angle, the chief executive of Roomba maker iRobot, has said he wants to share the data from these maps in order to improve the future of smart home technology.

The Verge: Roombas have been busy mapping our homes, and now that data could be shared »

0

Electronic voting is a bad idea

We already knew U.S. voting systems had security flaws ― the federal government put that nail in the coffin when it repeatedly confirmed that Russian hackers breached systems in at least 21 states during the election last year.

But on Friday, hackers stateside showed us just how easily some of the electronic voting machines can be cracked.

Those who attended DEF CON, a 25-year-old hacking convention held in Las Vegas, were given physical and remote access to voting machines procured from eBay and government auctions.

Yahoo News: Hackers Crack Voting Machines Within Minutes At DEF CON In Vegas »

0

Public sector IT-security

The Swedish leak where classified data and networks were outsourced outside the European Union was not an isolated incident, but a pervasive pattern where things are kept safe mostly by good luck and the occasional person who knows their stuff fixing things properly out of pure subordination.

Falkvinge: This is how absolutely headdeskingly clueless politicians are at anything IT security related «

0

Meanwhile, in Australia…

“The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia”, said Australian Prime Minister Malcolm Turnbull today. He has been rightly mocked for this nonsense claim, that foreshadows moves to require online messaging providers to provide law enforcement with back door access to encrypted messages.

EFF: Australian PM Calls for End-to-End Encryption Ban, Says the Laws of Mathematics Don’t Apply Down Under »

0

Australia leading new »Five Eyes« attack on encryption

Ars Technica: Australia advocates weakening strong crypto at upcoming “Five Eyes” meeting »

Two top Australian government officials said Sunday that they will push for “thwarting the encryption of terrorist messaging” during an upcoming meeting next week of the so-called “Five Eyes” group of English-speaking nations that routinely share intelligence.

Techcrunch: Australia wants Five Eyes to squeeze tech firms on encryption »

“I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption,” Australian Attorney General Senator Brandis is quoted as saying, ahead of the meeting of the group next week.

“These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.”

The Five Eyes countries are: the US, the UK, Canada, Australia and New Zealand.

Techdirt: Australia To Push For Encryption Backdoors At Next ‘Five Eyes’ Meeting »

So far, there’s very little real evidence criminals and terrorists are using encrypted services at a higher rate than non-criminals/terrorists. There have been several statements made to that effect and backed by public displays of devices law enforcement officials claim can’t be unlocked, but most post-attack investigations show terrorists are still mostly using unencrypted communications platforms. Available evidence also shows investigations of normal criminal activity is rarely thwarted by device encryption. At this point, backdoors are a “solution” in need of a problem.

0