If you need to share documents and files with other people over the internet, you want to be able to do it quickly, securely, and with as little friction as possible. Thankfully, plenty of apps and services meet those three criteria.
Whether it’s tapping into the tools included with the cloud storage app you already use, or simply dragging files into an open browser window, you’ve got several options to weigh up.
All these services encrypt files in transit and when stored, stopping hackers and third parties from getting at them. However, only Firefox Send uses end-to-end encryption, which means not even Firefox can see the files. The others retain the right to access your data if compelled by law enforcement, or if it’s needed to manage the cloud services themselves. It’s also important to make sure the sharing links you generate are closely guarded, as these act as decryption keys giving access to your files.
Twitter on an official note declared yesterday that it has discovered attempts to data breach its database by some state-funded actors. The social media giant suspects that the infiltration was done to access phone numbers linked to the user account after a security researcher whistle blew a flaw hidden in the “contacts upload” feature in December last year.
As coronavirus infections spread this week, the World Health Organization classified the outbreak as a global emergency on Thursday. On Friday, United States officials placed 195 people in a two-week federal quarantine at a California military base after evacuating them from Wuhan, China. Amidst international efforts to contain transmission of the virus, online scammers have already begun exploiting the uncertainty and fear.
A sample phishing email from Tuesday, detected by security firm Mimecast, shows attackers disseminating malicious links and PDFs that claim to contain information on how to protect yourself from the spread of the disease. “Go through the attached document on safety measures regarding the spreading of corona virus,” reads message, which purports to come from a virologist. “This little measure can save you.”
The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’ fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public.
More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still having an impact on the modern encryption debate.
Known as Clipper, the encryption chipset developed and championed by the US government only lasted a few years, from 1993 to 1996. However, the project remains a cautionary tale for security professionals and some policy-makers. In the latter case, however, the lessons appear to have been forgotten, Matt Blaze, McDevitt Professor of Computer Science and Law at Georgetown University in the US, told the USENIX Enigma security conference today in San Francisco.
In short, Clipper was an effort by the NSA to create a secure encryption system, aimed at telephones and other gear, that could be cracked by investigators if needed. It boiled down to a microchip that contained an 80-bit key burned in during fabrication, with a copy of the key held in escrow for g-men to use with proper clearance. Thus, any data encrypted by the chip could be decrypted as needed by the government. The Diffie-Hellman key exchange algorithm was used to exchange data securely between devices.
On November 8, 2018, Amazon CEO Jeff Bezos received an unexpected text message over WhatsApp from Saudi Arabian leader Mohammed bin Salman. The two had exchanged numbers several months prior, in April, at a small dinner in Los Angeles, but weren’t in regular contact; Bezos had previously received only a video file from the crown prince in May that reportedly extolled Saudi Arabia’s economy. The November text had an attachment as well: an image of a woman who looked like Lauren Sanchez, with whom Bezos had been having an unreported affair.
That message appears to have been a taunt; American Media Inc., publisher of The National Inquirer, would several months later make details of the affair public. But it’s the initial contact, in May, that has set off another firestorm with MBS at the center. That video file was likely loaded with malware, investigators now say. The crown prince’s own account had been used to hack Bezos’ phone.
Such brazen targeting of a private citizen—the richest man in the world, no less—is alarming to say the least. It underscores the dangers of an unchecked private market for digital surveillance, and raises serious questions about other prominent US figures who have known relationships with the crown prince, like White House adviser Jared Kushner and President Donald Trump himself.
Google security researchers have published details about the flaws they identified last year in Intelligent Tracking Protection (ITP), a privacy scheme developed by Apple’s WebKit team for the company’s Safari browser.
In December, Apple addressed some of these vulnerabilities (CVE-2019-8835, CVE-2019-8844, and CVE-2019-8846) through software updates, specifically Safari 13.0.4 and iOS 13.3. Those bugs could be exploited to leak browsing and search history and to perform denial of service attacks.
Microsoft has today announced a data breach that affected one of its customer databases.
The blog article, entitled Access Misconfiguration for Customer Support Databases, admits that between 05 December 2019 and 31 December 2019, a database used for “support case analytics” was effectively visible from the cloud to the world.
Microsoft didn’t give details of how big the database was. However, consumer website Comparitech, which says it discovered the unsecured data online, claims it was to the order of 250 million records containing “logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019“.
According to Comparitech, that same data was accessible on five Elasticsearch servers.