Quotes

Bruce Schneier on NSA and WannaCry

People inside the NSA are quick to discount these studies, saying that the data don’t reflect their reality. They claim that there are entire classes of vulnerabilities the NSA uses that are not known in the research world, making rediscovery less likely. This may be true, but the evidence we have from the Shadow Brokers is that the vulnerabilities that the NSA keeps secret aren’t consistently different from those that researchers discover. And given the alarming ease with which both the NSA and CIA are having their attack tools stolen, rediscovery isn’t limited to independent security research.

Bruce Schneier in Foreign Affairs: Why the NSA Makes Us More Vulnerable to Cyberattacks »

UK to move against end-to-end encryption after general election

Once again there are indications the UK government intends to use the law to lean on encryption. A report in The Sun this week quoted a Conservative minister saying that should the government be re-elected, which polls suggest it will, it will move quickly to compel social media firms to hand over decrypted data.

Techcrunch: Could the UK be about to break end-to-end encryption? »

When subtitles attack

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.

Checkpoint: Hacked in Translation – from Subtitles to Complete Takeover »

»Theresa May to shut down the internet as we know it«

“Some people say that it is not for government to regulate when it comes to technology and the internet,” it states. “We disagree.”

The Independent: Theresa May to Crete New Internet that would be Controlled and Regulated by Government »

Pull the various tech-related manifesto pledges together and – if the polls are correct and May wins a majority in next month’s election – the Conservatives could have a mandate from the British public for a significant extension of internet regulation, all based on the idea that a government’s duty to protect citizens exists just as much on the internet as it does in the real world.

Buzzfeed: Theresa May Wants To Regulate The Internet »

“Balances” freedoms? Freedoms aren’t supposed to be “balanced.” They’re supposed to be supported and protected. And when you have your freedoms protected, that also protects users. Those two things aren’t in opposition. They don’t need to be balanced. As for “obligations for businesses and platforms” — those five words are basically the ones that say “we’re going to force Google and Facebook to censor stuff we don’t like, while making it impossible for any new platform to ever challenge the big guys.” It’s a bad, bad idea.

Techdirt: Theresa May Plans To Regulate, Tax And Censor The Internet »

The future of profiling

Even worse, profiling and similar techniques are increasingly used not just to classify and understand people, but also to make decisions that have far-reaching consequences, from credit to housing, welfare and employment. Intelligent CCTV software automatically flags “suspicious behaviour”, intelligence agencies predict internet users’ citizenship to decide they are foreign (fair game) or domestic (usually not fair game), and the judicial system claims to be able to predicts future criminals.

As someone once said: it’s Orwell when it’s accurate and Kafka when it’s not.

Privacy International » Cambridge Analytica Explained: Data and Elections »

Is EU slowly killing the Internet?

Article 13 (in the European Union’s draft Copyright Directive), fewer than 250 words, is designed to provoke such legal uncertainty that internet companies will have no option other than to block, filter and monitor our communications, if they want to have any chance of staying in business. Ultimately, only the current internet giants, shedding crocodile tears at the prospect, will be able to survive. From global internet to “Googlebook”.

Joe McNamee, EDRi: Killing parody, killing memes, killing the internet? »

Microsoft on NSA and the WannaCrypt exploits

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

Microsoft: The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack »

US to demand social media handles (for some) when applying for visa

US demands to get access to some travelers social media handles has been in force at border controls for some time now. The latest is that this also will apply at visa applications, but still not for all.

Affected applicants would have to provide their social media handles and platforms used during the previous five years, and divulge all phone numbers and email addresses used during that period. U.S. consular officials would not seek social media passwords, and would not try to breach any privacy controls on applicants’ accounts, according to the department’s notice.

Phys.org: US to seek social media details from certain visa applicants »

No reasonable ground to uphold arrest warrant for Assange

It is now the last day in April, five months since Assange was questioned about the rape allegations in Britain. However there is no word from Sweden either of the case against him being dropped or of the rape charges against him being pressed.

Meanwhile the European arrest warrant been not been cancelled, and the extradition request to Britain has not been dropped, even though their purported purpose – to have Assange questioned about the rape allegations – has been fulfilled in Britain.

Meanwhile the British authorities have taken no steps to review their grant of the Swedish extradition request notwithstanding that the purported purpose of that request – to return Assange to Sweden so that he could be questioned about the rape allegations there – has been fulfilled in Britain.

The Duran: The Swedish and British case against Julian Assange grossly abuses his human rights and basic principles of justice »