ZDNet

Moscow’s blockchain voting system cracked a month before election

ZDNet

A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election.

Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system’s private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.

Full article

WIRED

Facebook’s New Privacy Feature Comes With a Loophole

WIRED

By default, Facebook tracks what you do even when you’re not on Facebook, like the products you shop for, the political candidates you donate to, and the porn you watch, using tools like Facebook Pixel, a small piece of code deposited on millions of websites across the internet. The social network uses that information to target you with personalized ads—a business model that is now worth billions of dollars.

But that model has also come under increased scrutiny as privacy advocates, lawmakers, and pundits continue to question why anyone should trust Facebook with their data. In the aftermath of the Cambridge Analytica scandal last year, Facebook promised that users would soon have more control over their information using a “Clear History” tool, which would delete people’s off-platform browsing records. More than a year later, the company finally announced Monday it’s rolling out the feature, now called “Off-Facebook Activity.” People in Ireland, South Korea, and Spain will have access to the long-anticipated tool first, and it will be rolled out in the coming months to all Facebook users.

Full article

Bloomberg

Facebook Paid Hundreds of Contractors to Transcribe Users’ Audio

Bloomberg

Facebook Inc. has been paying hundreds of outside contractors to transcribe clips of audio from users of its services, according to people with knowledge of the work.

The work has rattled the contract employees, who are not told where the audio was recorded or how it was obtained — only to transcribe it, said the people, who requested anonymity for fear of losing their jobs. They’re hearing Facebook users’ conversations, sometimes with vulgar content, but do not know why Facebook needs them transcribed, the people said.

Facebook confirmed that it had been transcribing users’ audio and said it will no longer do so. “We paused human review of audio more than a week ago,” the company said Tuesday. The company said the users who were affected chose the option in Facebook’s Messenger app to have their voice chats transcribed. The contractors were checking whether Facebook’s artificial intelligence correctly interpreted the messages, which were anonymized.

Full article

EFF

Victory! Lawsuit May Proceed Against Facebook’s Biometric Surveillance

Electronic Frontier Foundation

Biometric surveillance by companies against consumers is a growing menace to our privacy, freedom of expression, and civil rights. Fortunately, a federal appeals court has ruled that a lawsuit against Facebook for its face surveillance may move forward.

The decision, by the federal Ninth Circuit about an Illinois privacy law, is the first by an American appellate court to directly identify the unique hazards of face surveillance. This is an important victory for biometric privacy, access to the courts for ordinary people, and the role of state governments as guardians of our digital liberty.

Full article

EFF

How to: Use PGP for Linux

Electronic Frontier Foundation

To use PGP to exchange secure emails you have to bring together three programs: GnuPG, Mozilla Thunderbird and Enigmail. GnuPG is the program that actually encrypts and decrypts the content of your mail, Mozilla Thunderbird is an email client that allows you to read and write emails without using a browser, and Enigmail is an add-on to Mozilla Thunderbird that ties it all together.

What this guide teaches is how to use PGP with Mozilla Thunderbird, an email client program that performs a similar function to Outlook. You may have your own favorite email software program (or use a web mail service like Gmail or Outlook.com). This guide won’t tell you how to use PGP with these programs. You can choose either to install Thunderbird and experiment with PGP with a new email client, or you can investigate other solutions to use PGP with your customary software. We have still not found a satisfactory solution for these other programs.

Full article

ZDNet

Facebook files lawsuit against two Android app developers for click fraud

ZDNet

Facebook said it filed a lawsuit today against two Android app developers from Asia for orchestrating a “click injection fraud” scheme against Facebook ads.

The two app developers are LionMobi, based in Hong Kong, and JediMobi, based in Singapore. Facebook said the two companies created apps with malware-like features and made them available via the official Google Play Store.

Both LionMobi and JediMobi apps were using Facebook ads to monetize their apps. Once real users installed the apps on their phones, malicious code hidden inside the apps would generate fake user clicks on Facebook ads.

These fake clicks would give the Facebook advertising platform the false impression that real users had clicked on the ads.

Full article

Cybersecurity Insiders

Keyboard warriors to save Britain from Russian Cyber Threats

Cybersecurity Insiders

A special group of Britain’s military personnel dubbed as ‘Keyboard Warriors’ is reportedly being trained as tech-savvy soldiers to fight Russian Trolls and Twitter terrorists. And this news piece was shared by Lieutenant General Ivan Jones through a media update.

“The objective of establishing such a digital army is simple, to fight bad actors spreading fake news and to curb cyber-attacks on the UK’s digital infrastructure. Officially known as ‘Six Division’, members of the team will be recruited from special forces, Royal Air Force, Navy and Field Army” said Lieu. Jones in a recent interview to ‘Telegraph’.

And all these tech warriors will be professionally trained in Information Warfare, will have to pass all the standard physical and fitness tests like traditional soldiers and will also be trained in advanced weaponry along with covert surveillance added Mr. Jones.

Full article

Naked Security

GitHub ‘encourages’ hacking, says lawsuit following Capital One breach

Naked Security

GitHub has been named in a class action lawsuit because the hacker who allegedly stole data from more than 100 million Capital One users posted details about the theft onto the platform.

GitHub is a code hosting platform for software development version control that uses Git and which lets coders remotely collaborate on projects. Microsoft bought the open-source developers’ site for $7.5 billion in stock in 2018.

The lawsuit, filed in US district court for the Northern District of California, names Capital One as well.

The suit says that GitHub had an obligation under California law and industry standards to keep off or remove Social Security numbers (SSNs) and personal information from its site. It says that it should be easy to do, given that SSNs are all nine digits long, in the sequence of XXX-XX-XXXX, but that GitHub “nonetheless chose not to.” Ditto for the other sensitive information that was leaked and posted, such as individuals’ addresses, which are all “similarly readily identifiable.”

The information was available on GitHub for over three months, until a bug hunter spotted it and notified Capital One.

The lawsuit alleges that by allowing the hacker to store information on its servers, GitHub violated the federal Wiretap Act. It also alleges that GitHub is guilty of negligence, negligence per se, and violation of the California civil code.

Full article