Several Logitech keyboards, mice and wireless presenters suffer from security vulnerabilities, Not only can attackers eavesdrop on keystrokes, they can even infect the host system. c’t has established which products are affected and what you should do now.
A large range of Logitech wireless input devices is vulnerable to wireless attacks and can pose a security risk. That is the conclusion of security expert Marcus Mengs, with whom c’t has been in touch for quite some time. Mengs investigation of the wireless connections of several Logitech devices has uncovered numerous weaknesses. They affect keyboards and mice as well as remote controls known as wireless presenters.
The vulnerabilities allow an attacker to eavesdrop on keystrokes from wireless keyboards. Everything an affected user types, from e-mails to passwords, is readily available to the adversary. But it gets worse: An attacker can send any command to the victim’s computer if a vulnerable Logitech-device is installed. And that makes it easy to infect the computer with malicious code without the rightful owner taking notice.
Mengs demonstrates how to infect a system with a backdoor (remote shell) through which he can control the system remotely by radio. In a way, it’s an elegant hack, because he simply piggybacks on the wireless Logitech connection to infect the system and to communicate with the backdoor. That means even computers who are not online are ripe for the hack.
YouTube is currently under investigation by the Federal Trade Commission following complaints that the platform improperly collected data from young users. It’s unclear how much data this might be, but there’s reason to believe it could be a lot. For many kids, YouTube has replaced television; depending on how parents use online platforms, children could begin to amass data even before birth.
After the UK’s leading industry group of internet service providers named Mozilla an “Internet Villain” because of its intentions to support a new DNS security protocol named DNS-over-HTTPS (DoH) inside Firefox, the browser maker told ZDNet that such plans don’t currently exist.
“We have no current plans to enable DoH by default in the UK,” a spokesperson ZDNet last night.
It has been reported that China’s border guards are installing surveillance apps on the phones of some visitors as part of the government’s ever-increasing mass surveillance regime in the Xinjiang province.
According to an investigation by the Guardian, The New York Times, and Germany’s Süddeutsche Zeitung, the “secret” app allows for personal information to be downloaded. The app was discovered to be installed on the phones of visitors entering the country from Kyrgyzstan.
The report says people using the remote Irkeshtam border crossing into the country have routinely had their phones screened by guards. The Irkeshtam crossing is China’s most westerly border and is used by traders and tourists, some following the historic Silk Road.
The publication said specifically that the app extracts emails, text messages, contact information, as well as handset information. Visitors have not been informed this is happening.
Ransomware has no shortage of cautionary tales and wakeup calls from the past decade. But for local governments, this past year has been a particularly brutal reminder of the threat. Following a 2018 attack that paralyzed the City of Atlanta for weeks, more than half a dozen cities and public services across the country have fallen to ransomware so far in 2019, on a near-monthly basis; the Administrative Office of the Georgia Courts became the latest victim on Saturday, when an attack knocked its systems offline.
Germany’s cyber-security agency is working on a set of minimum rules
that modern web browsers must comply with in order to be considered
The new guidelines are currently being drafted by the German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik — BSI), and they’ll be used to advise government agencies and companies from the private sector on what browsers are safe to use.
A first version of this guideline was published in 2017, but a new standard is being put together to account for improved security measures added to modern browsers, such as HSTS, SRI, CSP 2.0, telemetry handling, and improved certificate handling mechanisms — all mentioned in a new draft released for public debate last week.
On June 12th 2019 we wrote a blog post about a new GnuPG server being launced (keys.openpgp.org).
Yesterday Robert J Hansen published a text about vulnerabilities in the widely used SKS keyserver network. As far as we understand the new key server at keys.openpgp.org will solve many of the vulnerabilities found in the SKS keyservers.
We guess we will publish more posts on this subject the coming days! Until then it is up to each and one to read the text by Robert and to take action acordingly! If you are not subscribing to the email@example.com e-mail list we strongly recommend you to do so now to get updates on the subject!
Google (n) – The privacy-devouring tech company that does everything that Facebook does, but manages to get away with it, largely because its products are useful instead of just depressing. (v) – To make the bare minimum effort to inform oneself about something. What a tech bro did before he insisted on explaining your area of expertise to you.
privacy (n) – Archaic. The concept of maintaining control over one’s personal information.
Twitter (n) – A mid-sized business with outsized importance due to its three primary users: Donald Trump, Elon Musk and journalists. A useful tool for journalists to gauge public opinion by talking to other journalists, and for Elon Musk to provoke lawsuits and federal investigations into security fraud.
Communities and lawmakers across the country are waking up to the fact that using face recognition for government surveillance is a troubling trend, particularly when used with cameras that police officers wear. On Thursday, Axon—a major police body-worn camera maker—added its voice to calls to press the pause button on this type of face surveillance, saying it will no longer be “commercializing face matching products on our body cameras at this time.”
Axon’s decision follows strong opposition to government use of face surveillance. San Francisco in May banned city use of face surveillance. This month, Oakland, California and Somerville, Massachusetts have both taken crucial steps toward adopting similar bans, with both measures now headed for full city council votes.