French presidential candidate Emmanuel Macron has become the latest high-profile European politician to threaten U.S. tech companies over their use of end-to-end encryption, and for how digital platforms enable the spread of terrorist propaganda online.
Techcrunch: French presidential candidate Macron talks tough on tech firms over terrorism »
The security of the facial recognition feature on Samsung’s new Galaxy S8 smartphone has come into question, after a video was shared online that appears to show one of the handsets being unlocked by waving a photo of the user’s face in front of the camera.
MacRumors: Facial Recognition Feature on Galaxy S8 Bypassed Using Just a Photo »
Last week, the UK’s Home Secretary Amber Rudd said that WhatsApp risked becoming a “place for terrorists to hide.” Then, like many others that have used this tired old trope, she went on to call for the development of some magic unicorn key to unlock all encrypted communications, one that was somehow available only to those on the side of truth, beauty, law and order, and not to the other lot. In doing so, her cluelessness was particularly evident, as her invocation of the “necessary hashtags” emphasized, but she’s not alone in that. Despite the chorus of experts pointing out for the thousandth time why it’s not possible, the EU Justice Commissioner has just said that the EU must have magic unicorn keys, too.
• Techdirt: EU Plans To Weaken Encrypted Communications Despite Countless Warnings It Can’t Be Done Safely »
• Ars Technica: Cryptic crypto clash: EU justice chief holds “intensive talks” with IT giants »
• Euractiv: EU to propose new rules targeting encrypted apps in June »
That a major U.S. company had to rely on WikiLeaks to learn about security problems well-known to U.S. intelligence agencies underscores concerns expressed by dozens of current and former U.S. intelligence and security officials about the government’s approach to cybersecurity. (…)
Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters.
Reuters: A scramble at Cisco exposes uncomfortable truths about U.S. cyber defense »
Ars Technica: Activists want to know why feds are searching more devices at the border »
Rand Corporation: Zero Days, Thousands of Nights – The Life and Times of Zero-Day Vulnerabilities and Their Exploits
Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.
Falkvinge:
An appeals court has denied the appeal of a person who is jailed indefinitely for refusing to decrypt files. The man has not been charged with anything, but was ordered to hand over the unencrypted contents on police assertion of what the contents were. When this can result in lifetime imprisonment under “contempt of court”, the United States has effectively outlawed file-level encryption – without even going through Congress.
Falkvinge: With appeals ruling, the United States has effectively outlawed file encryption »
Ars Technica: Man jailed indefinitely for refusing to decrypt hard drives loses appeal »
The Hacker News: 10 Things You Need To Know About ‘Wikileaks CIA Leak’ »
Wired: The fallout from the CIA’s zero-day stash will impact everyone »
WikiLeaks will give technology companies access to information it has about the CIA’s hacking tools, WikiLeaks founder Julian Assange said Thursday.
Assange said the organization will give details to let technology companies “develop fixes” before the information is published more widely, USA Today reported.
The Hill: WikiLeaks will give info on CIA hacking to tech companies »
