BBC

Rape victims among those to be asked to hand phones to police

BBC

Victims of crimes, including those alleging rape, are to be asked to hand their phones over to police – or risk prosecutions not going ahead.

Consent forms asking for permission to access information including emails, messages and photographs have been rolled out in England and Wales.

It comes after a number of rape and serious sexual assault cases collapsed when crucial evidence emerged.

Victim Support said the move could stop victims coming forward.

Full article

EFF

Google’s Sensorvault Can Tell Police Where You’ve Been

EFF:

Do you know where you were five years ago? Did you have an Android phone at the time? It turns out Google might know—and it might be telling law enforcement.

In a new article, the New York Times details a little-known technique increasingly used by law enforcement to figure out everyone who might have been within certain geographic areas during specific time periods in the past. The technique relies on detailed location data collected by Google from most Android devices as well as iPhones and iPads that have Google Maps and other apps installed. This data resides in a Google-maintained database called “Sensorvault,” and because Google stores this data indefinitely, Sensorvault “includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade.”

Full article

News

Nitrokey partners with Gentoo Foundation to equip developers with USB keys

The Gentoo Foundation has partnered with Nitrokey to equip all Gentoo developers with free Nitrokey Pro 2 devices. Gentoo developers will use the Nitrokey devices to store cryptographic keys for signing of git commits and software packages, GnuPG keys, and SSH accounts.

Thanks to the Gentoo Foundation and Nitrokey’s discount, each Gentoo developer is eligible to receive one free Nitrokey Pro 2. To receive their Nitrokey, developers will need to register with their @gentoo.org email address at the dedicated order form.

Full article

Miscellanious

UK train passengers offered smart tickets

According BBC more UK train passengers will have the option to use paperless tickets.

From a privacy perspective it is very important you can buy these tickets using cash and without any registration needed. If not, please remember that information being stored not only can but for sure will be hacked.

There is no reason for a public transportation company to know who is traveling, the only thing you have to prove is that your ticket is paid.

In case you say something like I have nothing to hide and therefore accept being registered, please remember that history will repeat. Who could in the 1880’s imagine what would happen in Germany 50 years later. Who could think that it would be life-threatening to say that you were Jewish?

Please remember that privacy and integrity is a human right according UN!

WIRED

Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years

WIRED

It’s not every day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who’s kept those tricks under wraps for more than five years.

In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm’s discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it’s calling TajMahal. The TajMahal framework’s 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of “files of interest,” automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.

Full article

Miscellanious

Best VPN?

Mullvad Logo

We’ve just found another web site putting a Best VPN 2019 label on a VPN service. The new thing about this site is that they even mention “Best alternatives to Mullvad VPN”.

Affiliate Programs

When you visit one of all those sites giving you recommendations what VPN service to use, please take into consideration why the site recommends either this or that service.

Many VPN services offer so called Affiliate Programs meaning they give a kick-back to companies selling their services.

Money talks?

Could it be so that money talks when a site gives a recommendation? We expect that it’s technical and integrity aspects but we can’t be sure, can we?

News sites

Even serious(?) news sites use those Best VPN sites when they publish articles about what VPN service to use.

Mullvad

We strongly recommend Mullvad VPN. On their site they publish their privacy policy.

News

Do you dare to use Facebook?

According an article at nikkasystems.com Facebook has done it again!

The normal way to verify an e-mail address is to get a mail with either a link or a code to your inbox. By clicking on the link in the mail or by copy-paste the code you could have your e-mail address verified.

Facebook have had a page where they asked for the password to your e-mail account.

This is, as you might have guessed, a very big no-no!

Do you ever trust Facebook from now on?

News

New Apache Web Server Bug Threatens Security of Shared Web Hosts

The Hacker News

Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software.

The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet.

The vulnerability, identified as CVE-2019-0211, was discovered by Charles Fol, a security engineer at Ambionics Security firm, and patched by the Apache developers in the latest version 2.4.39 of its software released today.

The flaw affects Apache HTTP Server versions 2.4.17 through 2.4.38 and could allow any less-privileged user to execute arbitrary code with root privileges on the targeted server.

Full article

Miscellanious

Is it over with satire now?

Perhaps you have heard that the EU decision on Article 11 and Article 13 means that the satire on the Internet is over.

We have higher thoughts about internet users. The filters that Google, Facebook and other actors will be forced to use will of course be circumvented.

Imagine what good it would be if the EU did not have agree to the two articles, but at the same time you have to respect those who want to publish their works with copyright instead of making them freely available to everyone to use. No, Article 11 and Article 13 is not the optimal for the free speech.