ZDNet

DNS-over-HTTPS causes more problems than it solves, experts say

ZDNet

The DNS-over-HTTPS (DoH) protocol is not the privacy panacea that many have been advocating in recent months.

If we are to listen to networking and cybersecurity experts, the protocol is somewhat useless and causes more problems than it fixes, and criticism has been mounting against DoH and those promoting it as a viable privacy-preserving method.

The TL;DR is that most experts think DoH is not good, and people should be focusing their efforts on implementing better ways to encrypt DNS traffic — such as DNS-over-TLS — rather than DoH.

Full article

ZDNet

Mozilla to gradually enable DNS-over-HTTPS for Firefox US users later this month

ZDNet

Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.

The browser maker has been testing DoH support in Firefox since 2017. A recent experiment found no issues, and Mozilla plans to enable DoH in the main Firefox release for a small percentage of users, and then enable it for a broader audience if no issues arise.

“If this goes well, we will let you know when we’re ready for 100% deployment,” said Selena Deckelmann, Senior Director of Firefox Engineering at Mozilla.

What is DoH?

DoH (IETF RFC8484) allows Firefox to send DNS requests as normal-looking HTTPS traffic to special DoH-compatible DNS servers (called DoH resolvers). Basically, it hides DNS requests inside the normal deluge of HTTPS data.

By default, Firefox ships with support for relaying encrypted DoH requests via Cloudflare’s DoH resolver, but users can change it to any DoH resolver they want.

When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.

By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.

Full article

ZDNet

WordPress sites under attack as hacker group tries to create rogue admin accounts

ZDNet

A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet.

The attacks are an escalation part of a hacking campaign that started last month. During previous attacks, the hackers exploited vulnerabilities in the same plugins to plant malicious code on the hacked sites. This code was meant to show popup ads or to redirect incoming visitors to other websites.

However, two weeks ago, the group behind these attacks changed its tactics. Mikey Veenstra, a threat analyst with cybersecurity firm Defiant, told ZDNet today that starting with August 20, the hacker group modified the malicious code planted on hacked sites.

Full article

ZDNet

Moscow’s blockchain voting system cracked a month before election

ZDNet

A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election.

Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system’s private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.

Full article

ZDNet

Facebook files lawsuit against two Android app developers for click fraud

ZDNet

Facebook said it filed a lawsuit today against two Android app developers from Asia for orchestrating a “click injection fraud” scheme against Facebook ads.

The two app developers are LionMobi, based in Hong Kong, and JediMobi, based in Singapore. Facebook said the two companies created apps with malware-like features and made them available via the official Google Play Store.

Both LionMobi and JediMobi apps were using Facebook ads to monetize their apps. Once real users installed the apps on their phones, malicious code hidden inside the apps would generate fake user clicks on Facebook ads.

These fake clicks would give the Facebook advertising platform the false impression that real users had clicked on the ads.

Full article

ZDNet

Russia ‘probably’ probed voting processes in all 50 states in 2016 election: Senate Committee

ZDNet

The Senate Committee on Intelligence has released the first volume of its investigative report on Russian manipulation and interference of the 2016 US Election, revealing that all 50 states were probably targeted for attempted vote manipulation.

According to the heavily redacted, 67-page report [PDF], the Russian government conducted various intelligence-related activities against US election infrastructure at both state and local level, which began as early as 2014 and continued until at least 2017.

Full article

ZDNet

NSA to establish a defense-minded division named the Cybersecurity Directorate

ZDNet

The National Security Agency announced today plans to establish a new defense-minded cyber-security division that will focus on defending the US against foreign cyber-threats.

This new division, which will be named the Cybersecurity Directorate, will become operational on October 1, later this year.

Anne Neuberger will be the division’s first Director of Cybersecurity. She will report directly to General Paul Nakasone, the NSA’s Director.

Neuberger previous positions included NSA Chief Risk Officer; Deputy Director of Operations; and Lead of NSA’s Russia Small Group.

The Russia Small Group was a joint collaboration between the NSA and US Cyber Command to counteract Russian interference during the 2018 US midterm elections.

Full article

ZDNet

Mozilla: No plans to enable DNS-over-HTTPS by default in the UK

ZDNet

After the UK’s leading industry group of internet service providers named Mozilla an “Internet Villain” because of its intentions to support a new DNS security protocol named DNS-over-HTTPS (DoH) inside Firefox, the browser maker told ZDNet that such plans don’t currently exist.

“We have no current plans to enable DoH by default in the UK,” a spokesperson ZDNet last night.

Full article

ZDNet

Reports say China is installing surveillance apps on some visitors’ phones

ZDNet

It has been reported that China’s border guards are installing surveillance apps on the phones of some visitors as part of the government’s ever-increasing mass surveillance regime in the Xinjiang province.

According to an investigation by the Guardian, The New York Times, and Germany’s Süddeutsche Zeitung, the “secret” app allows for personal information to be downloaded. The app was discovered to be installed on the phones of visitors entering the country from Kyrgyzstan.

The report says people using the remote Irkeshtam border crossing into the country have routinely had their phones screened by guards. The Irkeshtam crossing is China’s most westerly border and is used by traders and tourists, some following the historic Silk Road.

The publication said specifically that the app extracts emails, text messages, contact information, as well as handset information. Visitors have not been informed this is happening.

Full article

ZDNet

Germany to publish standard on modern secure browsers

ZDNet

Germany’s cyber-security agency is working on a set of minimum rules that modern web browsers must comply with in order to be considered secure.

The new guidelines are currently being drafted by the German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik — BSI), and they’ll be used to advise government agencies and companies from the private sector on what browsers are safe to use.

A first version of this guideline was published in 2017, but a new standard is being put together to account for improved security measures added to modern browsers, such as HSTS, SRI, CSP 2.0, telemetry handling, and improved certificate handling mechanisms — all mentioned in a new draft released for public debate last week.

Full article