EFF

In Ecuador, Political Actors Must Step Away From Ola Bini’s Case

EFF

After spending nearly a week in Ecuador to learn more about the case against Swedish open source software developer Ola Bini, who was arrested here in April, EFF has found a clear consensus among the experts: the political consequences of his arrest appear to be outweighing any actual evidence the police have against him. The details of who stood to benefit from Bini’s prosecution varied depending on who we spoke with, but overall we have been deeply disturbed by how intertwined the investigation is to the political effects of its outcome. Ola Bini’s innocence or guilt is a fact that should be determined only be a fair trial that follows due process; it should in no way be impacted by potential political ramifications.

Full article

Naked Security

Five Eyes nations demand access to encrypted messaging

Naked Security

An alliance of national intelligence partners known as the Five Eyes – Australia, Canada, New Zealand, the UK and the US – is demanding encryption backdoors in apps such as Facebook’s WhatsApp.

As reported by the Telegraph on Wednesday, the UK’s new Home Secretary, Priti Patel, accused Facebook of helping out child abusers, drug traffickers and terrorists plotting attacks with its plans to help them hide messages behind the end-to-end encryption it plans to spread across all of its messaging services.

Full article

Our comment

Saying that Facebook, by offering encryption in their apps, is helping criminals is just stupid. We say “up yours, Priti Patel“!

When can we expect mrs Patel to accuse manufacturers of security doors for helping perverse people and terrorist to commit crimes in apartments by making it more difficult for the police to enter the apartment?

Again – “up yours, Priti Patel“!

Naked Security

Hackers target Telegram accounts through voicemail backdoor

Naked Security

As politicians should know by now, secure messaging apps such as Telegram can quickly become a double-edged sword.

On the one hand, a growing number of governments are so worried about its security capabilities, they try to ban the app. On the other, politicians who use the app themselves on the assumption of privacy can find their conversations exposed in the media.

The Brazilian Government’s Justice Minister Sergio Moro announced on 5 June 2019 that his smartphone had been hacked, four days before the politically compromising contents of his Telegram chats with a senior prosecutor started turning up as source material for articles in the media.

Since then, it has emerged that other Brazilian politicians, including President Jair Bolsonaro, and Economy Minister Paulo Guedes were also among a total of 1,000 other Telegram accounts targeted, which led to the arrest on 23 July 2019 of four suspects accused of being behind the attacks.

Full article

Naked Security

NAS targeted by brute force ransomware attacks

Naked Security

Network Attached Storage (NAS) company Synology has issued an urgent warning for owners to check their box’s security settings after it emerged cybercriminals are targeting numerous NAS vendors with a new wave of ransomware.

At first it was thought that recent attacks could be exploiting an unknown software vulnerability in Synology’s products, but according to the company it has since been established that the attackers’ method is a much simpler but still effective brute-forcing of admin credentials.

We believe this is an organised attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP.

Synology’s Manager of Security Incident Response Team, Ken Lee

Spotted on 19 July 2019, the campaign involves trying lots of commonly used passwords on internet-connected NAS boxes. The attackers hope that eventually they’ll hit on a password that allows them the access necessary to encrypt the data on it.

Full article

WIRED

Security News This Week: WannaCry Hero Marcus Hutchins Won’t Go to Jail for Old Hacking Crimes

WIRED

Chris Ratcliffe/Bloomberg/Getty Images
Follow the entire thread!

In May 2017, a young hacker who goes by the sobriquet MalwareTech singlehandedly saved the world from the devastating WannaCry ransomware outbreak. Three months later, police arrested MalwareTech—real name Marcus Hutchins—over his involvement in creating a piece of malware that helped cybercriminals steal from banks. Hutchens had pleaded guilty to the charges in April. But at a sentencing hearing Tuesday, Judge J.P. Stadtmueller made clear that Hutchins’s WannaCry heroics far outweighed the crimes of his youth, letting him off with a sentence of time served. In other words, Hutchins is free to return to his home in the UK. For a fuller account, and some invaluable insights from Stadtmueller, read Marcy Wheeler’s thread on Twitter.

Full article

ZDNet

Russia ‘probably’ probed voting processes in all 50 states in 2016 election: Senate Committee

ZDNet

The Senate Committee on Intelligence has released the first volume of its investigative report on Russian manipulation and interference of the 2016 US Election, revealing that all 50 states were probably targeted for attempted vote manipulation.

According to the heavily redacted, 67-page report [PDF], the Russian government conducted various intelligence-related activities against US election infrastructure at both state and local level, which began as early as 2014 and continued until at least 2017.

Full article

EFF

Fixed? The FTC Orders Facebook to Stop Using Your 2FA Number for Ads

EFF

Since academics and investigative journalists first reported last year that Facebook was using people’s two-factor authentication numbers and “shadow” contact information for targeted advertising, Facebook has shown little public interest in fixing this critical problem. Subsequent demands that Facebook stop all non-essential uses of these phone numbers, and public revelations that Facebook’s phone number abuse was even worse than initially reported, failed to move the company to action.

Yesterday, rather than face a lawsuit from FTC, Facebook agreed to stop the most egregious of these practices.

Full article

EFF

Thank Q, Next

EFF

In its next release, Android plans to up its privacy game. But the operating system still caters to ad trackers at its users’ expense.

The newest release of Android, dubbed “Q,” is currently in late-stage beta testing and slated for a full release this summer. After a year defined by new privacy protections around the world and major privacy failures by Big Tech, this year, Google is trying to convince users that it is serious about “protecting their information.” The word “privacy” was mentioned 22 times during the 2019 Google I/O keynote. Keeping up that trend, Google has made—and marketed—a number of privacy-positive changes to Android for version Q.

Many of the changes in Q are significant improvements for user privacy, from giving users more granular control over location data to randomizing MAC addresses when connecting to WiFi networks by default. However, in at least one area, Q’s improvements are undermined by Android’s continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps. Furthermore, Android still doesn’t let users control their apps’ access to the Internet, a basic permission that would address a wide range of privacy concerns.

Full article

EFF

EFF Extensions Recommended by Firefox

EFF

Earlier this month, Mozilla announced the release of Firefox 68, which includes a curated “list of recommended extensions that have been thoroughly reviewed for security, usability and usefulness”. We are pleased to announce that both of our popular browser extensions, HTTPSEverywhere and PrivacyBadger, have been included as part of the program. Now, when you navigate to the built-in Firefox add-ons page (URL: about:addons), you’ll see a new tab: “Recommendations,” which includes HTTPS Everywhere and Privacy Badger among a list of other recommended extensions. In addition, they will be highlighted in Add-ons for Firefox and in add-on searches.

Full article