COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED

COMPUTERS/INTERNET/SECURITY

Aug 30 08:14

Security Expert: Microsoft Suffers ‘Worst Cloud Vulnerability You Can Imagine’

Microsoft has warned customers of its Azure cloud computing service that major vulnerabilities in the company’s systems have left user data completely exposed for the last two years. The CTO of the security company that discovered the massive flaw commented: “This is the worst cloud vulnerability you can imagine. This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

The Verge reports that tech giant Microsoft has warned users of its Azure cloud computing service that their data has been exposed online for the last two years. Microsoft recently revealed that an error in its Azure Cosmos DB database product left more than 3,300 Azure customers’ data completely exposed.

Aug 29 19:26

The Internet of Bodies Ends Bodily Autonomy

By Matt

Our interconnected globalized world runs on the Internet. Not that long ago, connecting to the Internet required accessing a computer that was physically connected to a router. Then things went wireless and the rise of the smartphone put the Internet in everyone’s pocket. On top of this was built the so-called Internet of Things (IoT) which was comprised of things ranging from home appliances to munitions with sensors, software, and other technologies to connect to and exchange data with other devices and systems over the Internet wirelessly. The same technologies and concepts which underpin the IoT are entering a new arena called the Internet of Bodies where the human body itself will be online, potentially ending the concept of bodily autonomy as we know it.

Aug 29 17:26

Alex Berenson Perma-Banned From Twitter For Highlighting Big Pharma's Failures

Former New York Times reporter Alex Berenson revealed Saturday that he was perma-banned from Twitter for sharing "entirely accurate" information on the failure of Big Pharma's experimental shots.

Aug 29 10:02

What Are The Best Privacy Coins?

What are privacy coins sometimes also called anonymity enhanced cryptocurrencies (AEC)? They are digital cash alternatives that seek to recreate cash’s anonymity in a world of digital payments.

Why would anyone need privacy or anonymity in their transactions? In today’s world who doesn’t shred their important documents to protect themselves from identity thieves?

Every government, corporation, website, and ecommerce store is collecting more and more metadata on everyone they interact with. All this metadata is sold, bartered and traded so you can be advertised out of your last penny and so your friends, hobbies and patterns can be analyzed to manipulate you in a myriad of ways...

Aug 28 17:09

VR Headsets Being Used to Train American Emergency Responders, Gov’t Workers Despite Health Risks, Recalls

By B.N. Frank

It’s really not surprising that complaints from Virtual Reality (VR) users are increasing. Research has proven that using VR headsets can cause behavioral changes, balance issues, cognitive problems, eye problems (soreness, vision changes), headaches, and MORE.

Last month, Facebook recalled millions of VR face liners due to users reporting rashes and hives. Got kids? Research has determined that children absorb 2-5 times more harmful radiation than adults while wearing VR headsets.

Despite all of this, tech companies continue to create, promote and sell VR products for a variety of purposes other than recreational. Of course, they wouldn’t be doing this if everybody stopped buying and using these dangerous products...

Aug 27 19:01

A.I. “ShotSpotter” Conviction Overturned Due to “Scant Evidence” After Man Spends Almost One Year in Prison

By B.N. Frank

Artificial Intelligence (A.I.) is NOT always accurate. Examples continue to be reported. There is even an A.I. “Hall of Shame”. Experts frequently warn about using this technology and rightfully so. Some have been accused and convicted of crimes based on inaccuracies and “scant evidence”. A new report from Associated Press exposes more...

Aug 27 10:38

Microsoft reveals thousands of cloud database customers were vulnerable to data breach

Microsoft has warned thousands of its business customers this week that a vulnerability left their cloud databases exposed and susceptible to edits.

The company told thousands of Microsoft Azure customers on Thursday that the security firm Wiz was able to access private Azure databases earlier this month, where they could then read, edit, and delete data at will. No other party is believed to have gained access to the databases through the flaw, however.

Microsoft told Reuters that it “fixed this issue immediately to keep our customers safe and protected” after the vulnerability was pointed out. Wiz was reportedly paid $40,000 for discovering the flaw and reporting it to Microsoft.

Aug 27 10:36

School District Pilots Extracurricular Drone Club

By B.N. Frank

Despite crashes, privacy invasiveness, and other complaints about drones, they seem to be getting more popular with businesses who want to use them for delivering orders and for people who want to use them recreationally. Now one school district is partnering with a university to start a drone club for students...

Aug 27 10:28

iPhone 12 and Apple Watch 6 can interfere with pacemakers and defibrillators, study warns as experts urge patients to keep devices at least six inches away

Researchers at the US Food and Drug Administration conducted an investigation into Apple's devices, which were released in autumn last year.

The experts found they emit powerful magnetic fields that can change how implanted devices work and could result in 'life-threatening' situations.

People should keep any consumer electronic devices that may create magnetic interference, including cell phones and smart watches, at least six inches away from implanted medical devices, in particular pacemakers and cardiac defibrillators.

Aug 27 10:17

Ragnarok ransomware releases master decryptor after shutdown

Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.

The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files.

Aug 27 07:21

Lithium-metal battery with capacity retention of 88% over 1,000 cycles

German scientists have applied a new combination of cathodes and electrolytes to improve the stability of lithium-metal batteries. They fabricated a device with an energy density of 560 watt-hours per kilogram and a Coulombic efficiency of 99.94%.

Aug 27 06:26

The slippery slope into conspiracy: Apple's neuralhash reverse engineered?

Aug 27 05:59

NSA whistleblower Edward Snowden warns Apple program that scans iPhones for child porn will ultimately be used to spy on owners and opt-out will be axed

NSA whistleblower Edward Snowden has issued a chilling warning about Apple's plans to begin scanning iPhone photos of users, saying the proposal will give governments terrifying access to citizen's private data.

Snowden, a former computer intelligence consultant, who in 2013 leaked classified documents to show the scale of government snooping on U.S. citizens, condemned the new plans in strong terms, and says they set a precedent which will ultimately be abused by corrupt politicians to destroy individual privacy.

He said that Apple had chosen a dangerous path with their scheme to access users' photos, and that governments will manipulate the rule to give them greater access to data they claim they need access to - such as a phone owner's presence at a protest.

Aug 26 18:04

U.S. Navy Asks Sailors to Wear Smart Watches and Rings for Sleep Monitoring Despite Health Risks from “Wearables”

By B.N. Frank

Over the years, smart watch (aka activity tracker) owners have reported burns, rashes, shocks, and other undesirable symptoms while wearing these devices. Some complaints have led to recalls. In 2020 IEEE recommended that people avoid wearing both smart watches (aka activity trackers) and wireless earphones unless absolutely necessary because of harmful radiation exposure. Nevertheless, the U.S. Navy is asking some sailors to wear smart watches and rings in order to monitor their sleep...

Aug 26 12:26

Planned Expansion of Facial Recognition by US Agencies Called “Disturbing”

By Julia Conley

Digital rights advocates reacted harshly Thursday to a new internal U.S. government report detailing how ten federal agencies have plans to greatly expand their reliance on facial recognition in the years ahead.

The Government Accountability Office surveyed federal agencies and found ten have specific plans to increase their use of the technology by 2023—surveilling people for numerous reasons including to identify criminal suspects, track government employees’ level of alertness, and match faces of people on government property with names on watch lists...

Aug 26 09:45

TSA Controls Public Transit: Orders Americans To Wear Masks On Buses And Trains

By MassPrivateI

Last week, the San Francisco Chronicle reported that the TSA is requiring Americans to wear masks on public transit.

“Passengers will be required to wear masks on the nation’s trains, buses, airplanes and airports through Jan. 18 under a federal mandate extended Tuesday by the Biden administration.”

This is a privacy advocate’s worst fear. What was once considered “fake news” by our mass media is now a reality. This is not a CDC request, it is a TSA federal mandate, which essentially means that the TSA is now in control of America’s public transit...

Aug 26 06:37

REVEALED: Naturalized Americans could have their citizenship revoked if secret DHS program hosted by Amazon flags their social media or other personal data as a threat

Naturalized Americans could have their citizenship revoked thanks to a computer program that searches for concerning activity - with broad categories including anything deemed 'derogatory'.

The program, called ATLAS, is used by the Department of Homeland Security (DHS), and is hosted on servers owned by web e-commerce giant Amazon.

DHS stated on their website in a November update that ATLAS was created 'to automate, streamline, and support accurate exchange of data' among immigration authorities and the DHS, and 'to support biometric and biographic-based screening and vetting of immigration requests.'

Aug 25 12:35

Steve Wozniak Says Apple Is Turning Into Microsoft

here would be no Apple without Steve Wozniak.

Wozniak, who co-founded Apple over 40 years ago with the late Steve Jobs, remains a revered figure in Silicon Valley. Although he is no longer connected with Apple, he keeps busy making appearances at big tech conferences to inspire inventors, serves as chief scientist for the enterprise data storage startup Primary Data, and even found time to cha-cha-cha on the TV show Dancing With The Stars a few years ago.

On Friday, Wozniak returns to the upcoming Silicon Valley Comic Con event where pop culture fans, celebrities, and technologists will celebrate “the nerd side of things,” as he put it. In this edited interview with Fortune, Wozniak discusses how his former company is acting like Microsoft, the influence of money in Silicon Valley, and being an introvert in the social networking era.

Aug 25 12:02

Webcams, Baby Monitors, and More: Flaw on 83 Million Devices Allows Hackers to Eavesdrop and Take Over Devices

By B.N. Frank

Internet of Things (IoT) technology has been described as the “Internet of Vulnerable Things” for good reason. So far its vulnerability has compromised hundreds of millions of critical devices and infrastructure.

Thanks to Threatpost for reporting another unfortunate situation...

Aug 25 10:42

Chicago Inspector General: Police Use ShotSpotter to Justify Illegal Stop-and-Frisks

By Matthew Guariglia and Adam Schwartz

The Chicago Office of the Inspector General (OIG) has released a highly critical report on the Chicago Police Department’s use of ShotSpotter, a surveillance technology that relies on a combination of artificial intelligence and human “acoustic experts” to purportedly identify and locate gunshots based on a network of high-powered microphones located on some of the city’s streets. The OIG report finds that “police responses to ShotSpotter alerts rarely produce evidence of a gun-related crime, rarely give rise to investigatory stops, and even less frequently lead to the recovery of gun crime-related evidence during an investigatory stop.” This indicates that the technology is ineffective at fighting gun crime and inaccurate. This finding is based on the OIG’s quantitative analysis of more than 50,000 records over a 17-month period from the Chicago Police Department (CPD) and the city’s 911 dispatch center.

Aug 25 10:05

Linux turns 30: Celebrating the open source operating system

It’s time to party. Linux is 30 years old. What started as a student project by a young Linus Torvalds studying computer science at the University of Helsinki, has become an open source operating system that enterprise businesses around the globe depend on.

It’s massive. It’s crucial. And without Linux, most businesses wouldn’t be nearly as agile, flexible, and reliable.

To wish Linux a 30th birthday, Jack Wallen describes how the operating system changed his life and the business landscape in this free TechRepublic PDF download.

Aug 25 08:52

Hacker gets 500K reward for returning stolen cryptocurrency

The saga of what has been dubbed the biggest hack in the world of decentralized finance appears to be over as Poly Network recovered more than $610 million in cryptocurrency assets it lost two weeks ago and the hacker received a $500,000 bounty for returning the money.

Today, the hacker, referred to as Mr. White Hat, gave Poly Network access to the last tranche of stolen digital assets in their wallet, worth about $141 million.

Aug 25 08:49

CISA warns admins to urgently patch Exchange ProxyShell bugs

The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.

"Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207," CISA warned over the weekend.

"CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft's Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks."

Aug 25 08:48

Botnet targets hundreds of thousands of devices using Realtek SDK

A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel.

The security flaw that IoT Inspector security researchers found is now tracked as CVE-2021-35395 and was assigned a 9.8/10 severity rating.

It impacts many Internet-exposed wireless devices ranging from residential gateways and travel routers to Wi-Fi repeaters, IP cameras, and smart lightning gateways or connected toys.

Aug 25 08:45

Windows 10 KB5005932 fixes devices that can't install new updates

Microsoft has released the Windows 10 KB5005932 setup update to fix '"PSFX_E_MATCHING_BINARY_MISSING" errors when attempting to install the latest cumulative updates.

After installing the May 25, 2021 (KB5003214) and June 21, 2021 (KB5003690) cumulative updates, some Windows 10 21H1, 20H2, and 2004 users have been unable to install the latest cumulative updates (LCU) released as a preview or on Patch Tuesday.

...

Microsoft recommends users perform an in-place upgrade to automatically install the latest cumulative update as part of the installation process to resolve this issue.

Aug 24 13:20

A new NSO zero-click attack evades Apple’s iPhone security protections, says Citizen Lab

ABahraini human rights activist’s iPhone was silently hacked earlier this year by a powerful spyware sold to nation-states, defeating new security protections that Apple designed to withstand covert compromises, say researchers at Citizen Lab.

The activist, who remains in Bahrain and asked not to be named, is a member of the Bahrain Center for Human Rights, an award-winning nonprofit organization that promotes human rights in the Gulf state. The group continues to operate despite a ban imposed by the kingdom in 2004 following the arrest of its director for criticizing the country’s then-prime minister.

Aug 24 12:13

Same Story, Different Decade: WSJ Reports “Digital Addictions Are Drowning Us in Dopamine”

By B.N. Frank

Over the years, tech insiders (also referred to as “Silicon Valley Parents”) have gone to great lengths to protect their kids’ use and exposure to screens. This includes sending them to private low-tech or no-tech schools, requiring nannies to sign “No Screens” contracts, and spying on nannies to make sure they don’t break these contracts. Additionally over the years, experts have warned about symptoms and long-term adverse effects from screen use.

Regardless, even before COVID, screens were heavily endorsed for other people’s kids as well as for everyone else for business, education, medical, and recreational purposes. This includes Virtual Reality (VR) headsets which are being increasingly being promoted despite serious side effects...

Aug 23 17:54

The Dangers of Going Back to School After a Year of COVID-19 Lockdowns

By John W. Whitehead and Nisha Whitehead

“Every day in communities across the United States, children and adolescents spend the majority of their waking hours in schools that have increasingly come to resemble places of detention more than places of learning.”—Investigative journalist Annette Fuentes

Once upon a time in America, parents breathed a sigh of relief when their kids went back to school after a summer’s hiatus, content in the knowledge that for a good portion of the day their kids would be gainfully occupied, out of harm’s way and out of trouble.

Aug 23 10:57

Apple, Google, and Samsung move to normalize vaccine passports with wallet function

Apple, Samsung, and Google want to make it possible for users to store their vaccination status in the phones’ digital wallet, a scenario that would make vaccination verification simpler. However, the developments raise concerns for privacy and civil liberties advocates and the Big Tech support will further normalize the invasive practice.

Google, Samsung, and Apple have announced such plans.

Samsung, on Wednesday, announced that it was partnering with the Commons Project, the developer of CommonHealth, a vaccine verification app. The partnership would enable users to verify their vaccination status using the digital wallet Samsung Pay.

“Rather than having to pull up CommonHealth — which is a personal health records app, which isn’t really designed for walking into a grocery store and showing a QR code — now you can store this in a much more convenient place,” said JP Pollak, CommonHealth’s chief architect.

Aug 23 08:47

Beijing Considers Making US Listed Companies Hand Over Data Control To Chinese State Firms

On Friday, Chinese tech stocks swooned for the nth time, sending the Hang Seng index into bear market territory, after Beijing approved a new privacy law to prevent data collection by domestic technology companies. As we reported then, China's most powerful legislative body, the Standing Committee of the National People's Congress, passed the Personal Information Protection Law that will go into effect on Nov.1. The move sent tech stocks plunging and leaving investors bewildered over the intensity of Beijing's regulatory crackdown that has slammed countless sectors.

It turns out that when it comes to control over data, Beijing is nowhere near done and late on Friday Reuters reported that as part of Beijing's unprecedented scrutiny of private sector firms, Chinese regulators are considering pressing data-rich companies "to hand over management and supervision of their data to third-party firms" if they want to list in the U.S.

Aug 22 11:35

American Local, State, and National Parks Provide Wi-Fi to Visitors at Expense of Wildlife

By B.N. Frank

Decades of peer-reviewed published research has determined that wireless “Wi-Fi” radiation is biologically and environmentally harmful. Despite this, parks across the U.S have installed it, continue to install it, and also use it as a “selling point” to attract visitors. A Wisconsin resident has asked for this to stop...

Aug 21 05:45

90 Policy Groups Call On Apple To "Abandon" '1984'-Style Surveillance Tool

More than 90 civil society organizations wrote an open letter to Apple, demanding the company abandon its surveillance tool that plans to be integrated into iPhones, iPads, and other Apple products that will scan images before they are uploaded to iCloud for child pornography.

"Though these capabilities are intended to protect children and to reduce the spread of child sexual abuse material (CSAM), we are concerned that they will be used to censor protected speech, threaten the privacy and security of people around the world, and have disastrous consequences for many children," the open letter wrote, which was organized by the US-based nonprofit Center for Democracy & Technology (CDT).

Aug 21 05:44

GOOGLE HAS BEEN PAYING WIRELESS CARRIERS BILLIONS TO NOT DEVELOP COMPETING APP STORES

To be clear, wireless carrier app stores have always kind of sucked. Verizon's efforts to create its own app store were shut down in 2012, after underwhelming consumers for years. At the time, the narrative was that Verizon just didn't find it worth the trouble in the face of Google domination and innovation. And while that's still largely true (wireless carriers are utterly unfamiliar with competition and therefore historically suck at innovation and adaptation), it turns out there was another reason.

Namely, that Google was paying Verizon and other major wireless companies a big chunk of money to not compete with the Android marketplace. And they were paying smartphone manufacturers to ship devices without competing app stores installed. Both nuggets were buried in a freshly unredacted copy of Epic's antitrust complaint (pdf) against Google, first spotted by Jeremy Owens:

Aug 20 17:55

Vietnam Issuing 50 Million Chip-based Digital ID Cards with Embedded Biometrics in 2021

By Chris Burt

Vietnam began to issue 50 million chip-based digital ID cards with embedded biometrics to eligible citizens beginning in February of this year, and Entrust has been revealed as a provider of issuance systems and software for the project, along with strategic partner MK Group.

The new national digital ID cards replace versions issued in 1999, 2012, and 2016 with 9-digit numbers, 12-digit numbers and barcodes respectively. The biometric chip version is expected to provide more secure and standardized authentication. The card can be used to log into government and private services, for authentication to government entities and banks, and for digital signing...

Aug 20 10:25

“Disinformation Dozen”: A “Faulty Narrative” With No Evidence, Says Facebook, Despite 16,000 News Headlines

By Sayer Ji, Founder, GreenMedInfo

In an unexpected turn of events, Facebook has called out The Center for Countering Digital Hate (CCDH) for manufacturing a “faulty narrative” without “any evidence” against the 12 individuals it has repeatedly defamed and labeled as the “disinformation dozen.”

Facebook has had enough of CCDH and is now pushing back. After months of accusations that it is allowing 12 “super spreaders of misinformation” on its platform to cause serious harm to the public health, it now alleges that CCDH’s report titled, The Disinformation Dozen: Why platforms must act on twelve leading online anti-vaxxers has no real factual basis...

Aug 20 08:45

Notorious ‘joker virus’ that subscribes you to paid services back on Android devices, Belgian police warn

Belgium’s Police Fédérale released a statement on Friday morning warning people that the joker virus is back for Android. The announcement reported the malware has been spotted on eight different apps on Google Play Store.

The police say Google has since deleted the infectious apps from the Play Store but warned Belgium citizens that if they had downloaded one of them already, to delete it as soon as possible.

The following applications were noted as corrupted with the Joker virus:

Auxiliary Message
Element Scanner
Fast Magic SMS
Free CamScanner
Go Messages
Super Message
Super SMS
Travel Wallpapers

According to cybersecurity company Quick Heal Security Lab, the malware can infiltrate your text messages, contacts, and other sensitive information on your smartphone, and subscribe you to websites offering paid services.

“You risk a big surprise at the end of the month on your bank account or your credit card,” wrote the Belgian police.

Aug 20 08:31

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019.

Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

...

The issue impacts the following products —

RV110W Wireless-N VPN Firewalls
RV130 VPN Routers
RV130W Wireless-N Multifunction VPN Routers
RV215W Wireless-N VPN Routers

In the absence of a patch, Cisco recommends customers to disable UPnP on the LAN interface.

Aug 20 08:24

New unofficial Windows patch fixes more PetitPotam attack vectors

Due to the critical nature of this attack, Microsoft released a security update as part of the August 2021 Patch Tuesday that attempted to fix the PetitPotam vulnerability, tracked as CVE-2021-36942.

"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM," explains Microsoft in the CVE-2021-36942 advisory.

Unfortunately, Microsoft's update is incomplete, and it is still possible to abuse PetitPotam.

See also:

Windows PetitPotam attacks can be blocked using new method
https://www.bleepingcomputer.com/news/microsoft/windows-petitpotam-att...

Aug 20 08:21

AT&T denies data breach after hacker auctions 70 million user database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.

The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.

From the samples shared by the threat actor, the database contains customers' names, addresses, phone numbers, Social Security numbers, and date of birth.

A security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples were confirmed to have accounts on att.com.

Other than these few details, not much is known about the database, how it was acquired, and whether it is authentic.

Aug 20 07:58

Elon Musk Unveils Humanoid Robot to Take Over ‘Boring’ Work

As Elon Musk stood in the wings at Tesla Inc.’s AI day, a person dressed in a skintight white suit and black helmet did a jerky robot dance across the stage.

And with that, Musk flagged a move into a new realm of science fiction: life-like humanoid robots designed to take the drudgery out of everyday life.

The Tesla Bot, a prototype of which should be available next year, is designed to eliminate “dangerous, repetitive and boring tasks,” like bending over to pick something up, or go to the store for groceries, Musk said. “Essentially, in the future, physical work will be a choice.”

“Tesla is arguably the world’s biggest robotics company,” Musk said. “Our cars are basically semi-sentient robots on wheels.”

Aug 19 13:23

Mob Rule? Twitter Rolls Out New Tools For Speedy Reporting Of COVID "Misinformation"

Big Tech and big social media have already tried censorship by committee with Facebook's oversight board and the decision to permanently bar former President Trump from the platform. Now, they're circling back to good old fashioned mob rule.

Twitter on Tuesday announced that it's preparing to test a new feature that will allow users to report any COVID misinformation they spot on the platform. Users can already flag content they deem inappropriate (including misinformation). This new feature will allow them to specify the type of misinformation (is it political, perhaps COVID related?). All of this information will help twitter's algorithms justify its removal from the platform more expeditiously, saving more readers from being exposed to harmful information that might lead them to question the official narrative.

Aug 19 10:46

iOS 14.7.1 users complain about ‘No service’ bug after updating their iPhones

A few weeks ago, Apple introduced iOS 14.7.1 with a fix for Apple Watch unlock bug and addressed a security vulnerability that may have been actively exploited. Now, some iPhone users in this version are experiencing a “No Service” coverage message from their carriers.

Users are saying that restarting the phone, removing the SIM, and even resetting network settings didn’t help. As you can see in Apple’s Developer Forum and Discussion forum, this problem is occurring for at least a couple of weeks.

One of the users on iOS 14.7.1 writes:

After I update my iPhone 11 to iOS 14.7.1 I lost signal. Carrier is not found. No service is flashing on upper screen.

Users with an iPhone 6s, iPhone 7, iPhone 8, and iPhone 11 reported similar complaints. One of the users wrote:

Same problem. iPhone 6S, despite doing all the ons and offs, resetting the network settings, my phone is no longer a phone. This is great.

Aug 19 10:40

US Senate bill would legally require Apple to build a backdoor into iPhones

Update: This bill did not get as far as a vote.

This bill was introduced on June 23, 2020, in a previous session of Congress, but it did not receive a vote.

Although this bill was not enacted, its provisions could have become law by being included in another bill. It is common for legislative text to be introduced concurrently in multiple bills (called companion bills), re-introduced in subsequent sessions of Congress in new bills, or added to larger bills (sometimes called omnibus bills).

A bill proposed in the US Senate would effectively make it a legal requirement for Apple to build a backdoor into iPhones. It would make it illegal for Apple and other tech giants to use strong encryption for either devices or cloud services …

It would force Apple to have a means of accessing customer data on both the devices it sells and the cloud services it operates.

Dave Mark drew my attention to The Lawful Access to Encrypted Data Act.

Aug 19 10:37

Deepfakes Are Now Making Business Pitches

NEW WORKPLACE TECHNOLOGIES often start life as both status symbols and productivity aids. The first car phones and PowerPoint presentations closed deals and also signaled their users’ clout.

Some partners at EY, the accounting giant formerly known as Ernst & Young, are now testing a new workplace gimmick for the era of artificial intelligence. They spice up client presentations or routine emails with synthetic talking-head-style video clips starring virtual body doubles of themselves made with AI software—a corporate spin on a technology commonly known as deepfakes.

The firm’s exploration of the technology, provided by UK startup Synthesia, comes as the pandemic has quashed more traditional ways to cement business relationships. Golf and long lunches are tricky or impossible, Zoom calls and PDFs all too routine.

Aug 19 10:30

SOTN Hacked Right After Posting This Blockbuster, Further Posting Being Prevented

With the advent of the COVID-19 Super Vaccination Agenda, it has become apparent to every rational and righteous U.S. citizen that the nation has been completely taken over by an incorrigible cabal of criminally insane psychopaths.

Given this indisputable reality, there is only one way to right the ship of state: We the People must act decisively — POST-HASTE — to take back the American Republic.

It ought to be evident by now that only the U.S. Citizenry can forever terminate the genocidal OPERATION COVID-19.

There are no leaders anywhere in sight who are capable of, or courageous enough, to shut down the Covid juggernaut rolling across the 50 states. This stark reality must be faced head-on if the Republic is to be saved.

In view of this swiftly unfolding predicament, PROJECT TAKE BACK THE REPUBLIC (PTBTR) has been inaugurated.

PROJECT TAKE BACK THE REPUBLIC

Aug 19 06:24

DHS Secret Terror Watchlist With Nearly 2 MILLION People On It Exposed Online With NO PASSWORD

The Department of Homeland Security under Alejandro Mayorkas earlier this year revealed plans to declare their political opposition "suspected domestic extremists" and strip them of their rights by placing them on the No Fly List.

Every indicator suggests Mayorkas has followed through on those plans and has been rapidly expanding the regime's No Fly List and terror watchlist by adding dissidents such as America First talk show host Nick Fuentes to them.

According to a newly released report from security researcher Volodymyr Diachenko, DHS last month had their highly-secretive terror/no fly watchlist with nearly 2 million so-called "suspected terrorists" on it exposed on the open internet "without a password or any other authentication required to access it."

Webmaster's Commentary: 

Anyone know where that list can be found?

Aug 19 05:55

Audit Exposes Cybersecurity Lapse in US Pacific Submarine Fleet

A recent internal audit of the US Navy revealed that Pacific Fleet submarines and their tenders have not received internal and external cybersecurity inspections in recent years.

The audit — conducted by the Institute for Defense Analyses and obtained by Navy Times through a Freedom of Information Act request — detailed “the specter of cyber vulnerability among some of the sea service’s most potent platforms,” exposing lapses in the cybersecurity standards of the Naval fleets.

For example, the Navy’s Fleet Cyber Command did not inspect and assess the cybersecurity of 41 SUBPAC submarines and its two sub tenders. This was a requirement from 2016 to 2018. Furthermore, the fleet command failed to submit a proper explanation as to why the units were not inspected.

Aug 19 05:51

Background Check Agency Wants a Social Media Search Tool

The Defense Counterintelligence and Security Agency wants a tool to automatically cull social media and other public websites to create a searchable database of posts, actions and interactions that can be used in insider threat investigations.

Along with conducting background investigations for all of government, DCSA also manages the insider threat program for the Defense Department. The DOD Threat Management and Analysis Center, or DITMAC, “provides an enterprisewide capability to identify, assess, and mitigate risk from insiders; to oversee and manage unauthorized disclosures; and to integrate, manage, mature, and professionalize insider-threat capabilities.”

When a DOD employee or contractor is flagged as a potential threat—to information or physical security—DITMAC analysts are charged with investigating, including using digital evidence contained within DOD networks.

Aug 19 04:54

Crash! France’s repeated health pass system fails are leaving citizens without the QR codes needed for daily life

France has gone authoritarian in inept fashion, as its bid to control the movement of its citizens failed TWICE in a week when the platform that generates government QR codes was overwhelmed. The result, predictably, was chaos.

France and other budding authoritarian countries with ambitions to lord over their citizens’ movements by introducing health passes have eyes that are bigger than their stomachs. They have proven repeatedly that they’re far too incompetent to practice proper authoritarianism. Events last week are a case in point.

Aug 18 18:40

Non-Profits Score Huge Victory In Battle Against 5G Technology

By Derrick Broze

In a landmark decision, the U.S. Court of Appeals for the DC Circuit has ruled that the Federal Communications Commission failed to consider evidence of adverse health impacts from wireless technology, including 5G.

On August 13, circuit judges with the United States Court of Appeals for the District of Columbia ruled in favor of environmental health groups and petitioners, finding that the Federal Communications Commission (FCC) ignored thousands of public comments and evidence of adverse harm from wireless technology...

Aug 18 11:35

Cyber Hacks Stealing People’s Home Loans

Aug 18 09:44

Do you trust Apple?

Apple is a business.

This is the first thing you should know about it. It's a company that exists to make money.

It's not your friend. It's not a superhero. It's not a religion.

As a company, it invites you to buy its products and services. If you don't like what it has to offer, you're free to move on.

And I think that this confusion is at the heart of a lot of the criticism that Apple has received over the new child safety features that it is introducing. It's quite a complicated and charged subject, and both Apple's messaging, along with how the media have reported those messages, have created more confusion.

Add to that the fact that some people get very upset when Apple does something that doesn't fit in with how they see the company, and it's a recipe for disaster.

Aug 18 09:37

Boston Dynamics releases video of Atlas robot doing parkour — and behind-the-scenes footage of crashes

Much has been said about the possibility robots from Boston Dynamics will chase down humans in some hypothetical android apocalypse, and new video suggests they'd have no issue navigating obstacles while doing so.

But what the latest demonstration of the prototypical humanoid Atlas's abilities doesn't show is they also crash.

A lot.

In fact, the US-based company estimates they still crash about half the time while performing the parkour routine filmed to showcase Atlas's nimbleness.

Aug 18 09:35

T-Mobile Admits Data On Over 48 Million People Stolen By Hackers

The stolen data includes customer names, dates of birth, social security numbers, and driver’s license information...

Aug 18 07:29

DHS Secret Terror Watchlist With Nearly 2 Million People On It Exposed Online With NO PASSWORD

The Department of Homeland Security under Alejandro Mayorkas earlier this year revealed plans to declare their political opposition "suspected domestic extremists" and strip them of their rights by placing them on the No Fly List.

Every indicator suggests Mayorkas has followed through on those plans and has been rapidly expanding the regime's No Fly List and terror watchlist by adding dissidents such as America First talk show host Nick Fuentes to them.

According to a newly released report from security researcher Volodymyr Diachenko, DHS last month had their highly-secretive terror/no fly watchlist with nearly 2 million so-called "suspected terrorists" on it exposed on the open internet "without a password or any other authentication required to access it."

Aug 17 19:19

The War In Afghanistan Comes Home

By Matt

The story of the “end” of the U.S. occupation of Afghanistan isn’t just about the end of the conflict there, it’s also about where it’s headed next. The Pentagon didn’t spend $2 trillion over 20 years to just walk away from one of the most valuable squares on the geopolitical chessboard empty handed. The possibility for full-scale re-entry into the country is always there, but in the meantime, there are plenty of lessons the Pentagon learned there that they’ll be employing stateside...

Aug 17 19:16

Jewel v. NSA: Americans (Still) Deserve Their Day in Court

By David Greene

With little explanation, the Ninth Circuit today affirmed the district court’s decision dismissing our landmark challenge to the US government’s mass communications surveillance, Jewel v. NSA. Needless to say, we are extremely disappointed. Today’s decision renders government mass surveillance programs essentially unreviewable by U.S. courts, since no individual will be able to prove with the certainty the Ninth Circuit required that they were particularly spied upon. This hurdle is insurmountable, especially when such programs are shrouded in secrecy, and the procedures for confronting that secrecy are disregarded by the courts.

Aug 17 08:00

Hacker claims to steal data of 100 million T-mobile customers

The threat actor claims to have hacked into T-Mobile's production, staging, and development servers two weeks ago, including an Oracle database server containing customer data.

This stolen data allegedly contains the data for approximately 100 million T-Mobile customers and can include customers' IMSI, IMEI, phone numbers, customer names, security PINs, Social Security numbers, driver's license numbers, and date of birth.

"Their entire IMEI history database going back to 2004 was stolen," the hacker told BleepingComputer.

An IMEI (International Mobile Equipment Identity) is a unique number used to identify mobile phones, while an IMSI (International mobile subscriber identity) is a unique number associated with a user on a cellular network.

Aug 17 07:53

Wikipedia defaced to display Nazi SWASTIKA on pages about Justin Trudeau, Joe Biden, and Kamala Harris

Multiple Wikipedia pages, including those of prominent politicians, have temporarily had the usual informational text replaced with a nasty surprise: a full-screen Nazi swastika over a lurid red background.

The apparent hack job was spotted by social media users on Monday, with conservative author Ann Coulter posting a screenshot of the Nazi symbol to Twitter and speculating that Wikipedia had been “hacked.”

Aug 17 07:48

Critical bug impacting millions of IoT devices lets hackers spy on you

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek’s Kalay IoT cloud platform.

The security issue impacts products from various manufacturers providing video and surveillance solutions as well as home automation IoT systems that use the Kalay network for easy connectin and communication with a corresponding app.

A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device.

Aug 16 06:57

Excel is still a security headache after 30 years because of this one feature

Microsoft released Excel 4.0 for Windows 3.0 and 3.1 in 1992 and many companies still use this functionality in legacy operations. The problem is that bad actors have started using Excel sheets and macros as a new way to deliver malware.

Tal Leibovich, head of threat research at Deep Instinct, explained at a presentation during DEFCON 29 why this legacy scripting language has been the vehicle for a recent rise in malware delivery. Leibovich presented "Identifying Excel 4.0 Macro strains using Anomaly Detection" with Elad Ciuraru last week. Deep Instinct is a cybersecurity company specializing in endpoint protection and using deep learning to stop cyberattacks.

Security organizations first noticed a spike in March 2020 of this kind of attack. Microsoft released a new runtime defense against Excel 4.0 macro malware in March. Leibovich said that he has seen a substantial increase over the last two years of hackers using Excel 4.0 Macros in attacks.

Aug 15 22:43

Facebook post claiming 3-year-old died from Covid-19 at KKH ‘a total fabrication’, says Singapore health official

A Facebook post claiming that a three-year-old had died from Covid-19 at KK Women’s and Childrens Hospital (KKH) is “a total fabrication”, the Ministry of Health (MOH) said today (Aug 14).

“The Ministry of Health would like to call out a Facebook post circulating online that a three-year-old preschooler has died from Covid-19 at KKH, and that this death was deliberately not reported,” the ministry said in a post on Facebook.

“This is completely untrue and a total fabrication. As of August 14, there has been no child who has died from Covid-19 at KKH.”

Aug 15 12:10

Will $500M for Smart Cities in Historic US Senate Spending Bill Fund Biometric Surveillance?

By Jim Nash

Half a billion dollars was written into the $1.2 trillion infrastructure bill passed Wednesday by the U.S. Senate to pay cities to experiment with technologies for ‘Strengthening Mobility and Revolutionizing Transportation,’ which could include remote biometric systems, sensors and drones...

Aug 15 06:18

Another Mega Group Spy Scandal? Samanage, Sabotage, and the SolarWinds Hack

The devastating hack on SolarWinds was quickly pinned on Russia by US intelligence. A more likely culprit, Samanage, a company whose software was integrated into SolarWinds’ software just as the “back door” was inserted, is deeply tied to Israeli intelligence and intelligence-linked families such as the Maxwells.

In mid-December of 2020, a massive hack compromised the networks of numerous US federal agencies, major corporations, the top five accounting firms in the country, and the military, among others. Despite most US media attention now focusing on election-related chaos, the fallout from the hack continues to make headlines day after day.

The hack, which affected Texas-based software provider SolarWinds, was blamed on Russia on January 5 by the US government’s Cyber Unified Coordination Group. Their statement asserted that the attackers were “likely Russian in origin,” but they failed to provide evidence to back up that claim.

Aug 13 17:30

“Smart Farms” Cyberattackers Able to Impact Harvests, Damage Crops, Property, People and “destroy farmland for years”

By B.N. Frank

Cybersecurity experts continue to warn about significant risks and vulnerabilities associated with “Smart Farms” and Internet of Things (IoT) connected agriculture. Some in agriculture industry continue to invest in this technology anyway including John Deere.

More terrifying warnings courtesy of Threat Post...

Aug 13 09:39

Ransomware: Now attackers are exploiting Windows PrintNightmare vulnerabilities

Cyber criminals are exploiting Windows PrintNightmare vulnerabilities in their attempts to infect victims with ransomware – and the number of ransomware groups attempting to take advantage of unpatched networks is likely to grow.

The remote code execution vulnerabilities (CVE-2021-34527 and CVE-2021-1675) in Windows Print Spooler – a service enabled by default in all Windows clients and used to copy data between devices to manage printing jobs – allow attackers to run arbitrary code, enabling them to install programs, modify, change and delete data, create new accounts with full user rights and move laterally around networks.

Now ransomware gangs are taking advantage of PrintNightmare to compromise networks, encrypt files and servers, and demand payment from victims for a decryption key.

Webmaster's Commentary: 

Aug 13 07:11

"Winter Is Coming": Chipmakers In Longest Slide Since 2018 As Morgan Stanley Downgrades Semis

The semiconductor space has long been viewed as one of the best leading indicators of the modern technological economy (and capital markets), and with good reason: it was the first sector to bottom in March 2020 when it became apparent that China and various western central banks would inject trillions into the global economy, and had enjoyed a nearly relentless upward climb since then peaking just over a week ago on August 4, but then something snapped...

... and as shown in the next chart, the Semi Index is broadly lower again, having dropped for six consecutive sessions - the longest such streak since the October 2018 Fed "policy error" when stocks cracked after Powell threatened to tighten far more than markets expected, only to end his hiking cycle prematurely just two months later, resulting in the first bear market in a decade.

Aug 13 06:44

BREAKING EXCLUSIVE: Whistleblower Steps Forward — Provides Proof From Detroit TCF Center that Election Computers Were Connected Online — WITH PHOTO

A brave whistleblower stepped forward and shared an image of a computer that was used at the TCF Center to process absentee ballots from a recent Detroit election.

Aug 13 05:27

US Army using VR helmet to link biometrics with automated systems

The United States Army is using a new suite of biometric software tools as it works towards using the data to provide situational awareness to automated systems like drones, Federal News Network reports.

The Army Research Lab and Navy are using software that tracks a range of data including pupil size, eye movement, heart rate and breathing patterns, according to the report. Pupil size could be used to sense focus on a particular area, and mark it out for automated investigation. Heart rate biometrics could be used to sense when a soldier is in danger.

Aug 12 22:36

DR VLADIMIR ZELENKO ON "THE POISON DEATH SHOT" ~ TESTIFIES BEFORE RABBINIC COURT IN ISRAEL


Dr. Zelenko presents fact-based evidence re. the mrna shots to an astonished group of Rabbis.
"This is an artificially made bio-weapon." -- Dr. Zelenko
Worldometer websites Dr. Zelenko referred to:
https://www.worldometers.info/ AND https://www.worldometers.info/coronavirus/

Mirrored from FritjofPersson channel
https://www.bitchute.com/video/fkbvaMkO3MOI/

Also see:
COVID-19 Kill Shots & Lifespan - Dr. Vladimir Zelenko Interview
https://www.bitchute.com/video/W9FS2fza8zTQ/

Aug 12 18:24

NYPD Secret Surveillance Tools Include Facial-Recognition and Predictive Policing Software, X-ray Machines, “Stingray” Cell Site Simulators

By B.N. Frank

For many years, communities worldwide have been installing privacy invasive technology. Some communities have officially become privacy invasive “Smart Cities” though not all of them have or will. Nevertheless, privacy invasive technology continues to be installed in communities and many citizens have no idea how it’s being used and/or by whom.

Recently, civil rights groups revealed that the New York Police Department had a fund for purchasing surveillance technology that didn’t require approval by city council or other municipal officials. Makes you wonder if this is happening where you live too...

Aug 12 11:50

Urgent warning over new DPD delivery text scam – DON’T click the link

Text scams claiming to be from parcel delivery services have boomed over the past year as we relied more on online shopping during the pandemic. As many as three-fifths of British people have received fake messages from Royal Mail, UPS, Hermes and other delivery companies claiming there have been issues with a package.

Today, consumers have been warned of yet another sophisticated trick doing the rounds over text. Which? reported scammers are sending fake DPD SMS messages to mobile numbers. These very convincing texts alert recipients of a supposed unsuccessful delivery attempt. They provide a link to arrange redelivery – but experts are urging people not to click.

Opening the fake link will take you to an almost-perfect copy of the DPD website. There, you’ll be asked to enter personal details and make a payment to ensure redelivery. Entering your bank details could give the criminals access to your bank account – which they can wipe clean with ease.

Aug 12 11:45

Google bans another 9 Android apps, now you must delete them from your phone

MALICIOUS apps containing the Android Trojan "Flytrap" are causing havoc for thousands of victims lured in by free coupon codes and football voting. Google has now banned 9 of them and you must delete them from your phone.

...

The harmful apps offer fun services like coupon codes for Netflix and Google Ads as well as voting for football teams and players. Zimperium named the ones to avoid:

GG Voucher (com.luxcarad.cardid)
Vote European Football (com.gardenguides.plantingfree)
GG Coupon Ads (com.free_coupon.gg_free_coupon)
GG Voucher Ads (com.m_application.app_moi_6)
GG Voucher (com.free.voucher)
Chatfuel (com.ynsuper.chatfuel)
Net Coupon (com.free_coupon.net_coupon)
Net Coupon (com.movie.net_coupon)
EURO 2021 Official (com.euro2021)

Aug 12 11:43

Microsoft issues critical Windows 10 warning - update your PC immediately

WINDOWS 10 users are being urged to make sure their PCs are fully updated as 44 vulnerabilities are fixed in the latest upgrade.

Aug 12 10:39

Windows 10: Microsoft just revealed another Print Spooler bug

Microsoft's Windows 10 Print Spooler security is turning into a headache for the company and its 10 customers.

Branded bugs like Heatbleed from 2014 are a bit passé but the Windows 10 PrintNightmare bugs appear to be an apt choice: Microsoft released fixes in July and August and, just after its August 10 Patch Tuesday change to the Print Spooler service, it's disclosed yet another print spooler bug.

This one concerns a Windows Print Spooler remote code execution vulnerability, tagged as CVE-2021-36958.

Aug 12 06:49

In Arizona in December “8 Hard Drives, 3 Computers, and Several USB Flash Drives” Were Taken from “Elliott Kerwin” – Now He Has Mysteriously Disappeared

In December 2020 it was reported that some key election material was obtained at a raid at a house in Maricopa County only 2 days after the 2020 Election. Today the owner of the house and the material seized is all forgotten. Where did it go and where did he go?

Aug 12 06:47

They’re Destroying the Evidence: Lindell Symposium Reveals Voting Machine Companies Are Wiping Voting Machines Clean in Wisconsin, New Hampshire and Michigan as We Previously Reported (VIDEO)

As The Gateway Pundit previously reported — Back in July the election firm ‘Election Source’ notified officials throughout the state of Michigan that they will discreetly break the law by eliminating election data from voting machines on the 15th.

Attorneys immediately issued them a cease and desist order to prevent this destruction of evidence from happening.

Michigan’s Secretary of State Jocelyn asked the Michigan election officials to do things to cover up the 2020 Election fraud before, so this latest action by Election Source was not so shocking.

Aug 12 05:46

The DeFi hacker who stole $600 million in crypto is... giving it back?

Well that was unexpected.

The hacker responsible for one of the largest cryptocurrency thefts in history made waves Wednesday by returning (at least some of) the stolen funds. That's according to Poly Network, the decentralized finance (DeFi) platform that announced the $600 million heist the day before.

Late Wednesday morning, Poly Network confirmed that $260 million of the stolen funds had been transferred back to wallets it controls.

Aug 12 05:08

'The Russians have videos of me doing crazy f***ing sex!' Hunter Biden is seen in unearthed footage telling prostitute that Russian drug dealers stole ANOTHER of his laptops

Hunter Biden claimed Russians stole another one of his laptops for blackmail while he was close to overdosing in a Las Vegas hotel room, DailyMail.com can reveal.

The alleged incident would mean Hunter lost a total of three computers - the first abandoned at a Delaware computer store and the second seized by federal agents - each likely to hold sensitive information on President Joe Biden and the embarrassing pictures, videos and communications of his son.

The third laptop still appears to be missing – and was taken by Russian drug dealers after they partied with Hunter in Vegas, he told a prostitute in a conversation caught on camera.

After filming himself having sex with the woman using his laptop in January 2019, Hunter left the camera rolling as he recounted a Vegas bender in which he spent '18 days going round from penthouse suite to penthouse suite,' sometimes costing $10,000 a night.

Webmaster's Commentary: 

This might be more Russia-bashing, but if true, it means that Russia has a lever with which to bend Joe Biden, along with China.

Aug 11 19:06

[Video] REPLACED: The Energetic RISE Of Youtube Alternatives: Rumble, Bitchute, Odysee

People are abandoning YouTube for censorship free alternatives.

Aug 11 12:55

A Hacker Shows Us How Easy it is To Manipulate Voting Machines

Aug 11 09:16

Biology Is Blasphemy: Racist Reality Meets Anti-Racist Inanity

“Shocked, confused, and frankly horrified!” As Steve Sailer has reported, that’s how an anti-racist radiologist called Luke Oakden-Rayner sums up the reaction of himself and other medical researchers to a dark, dangerous, and deeply disturbing discovery in artificial intelligence (AI). What have they found? That AI has what Oakden-Rayner calls the “worst superpower.” It’s guilty of “medical racism,” because it can identify racial identity in X-rays and other medical images that, to human eyes, contain absolutely no clue as to race.

Aug 11 07:28

NSA AWARDS SECRET $10 BILLION CONTRACT TO AMAZON

The National Security Agency has awarded a secret cloud computing contract worth up to $10 billion to Amazon Web Services, Nextgov has learned.

The contract is already being challenged. Tech giant Microsoft filed a bid protest on July 21 with the Government Accountability Office two weeks after being notified by the NSA that it had selected AWS for the contract.

The contract’s code name is “WildandStormy,” according to protest filings, and it represents the second multibillion-dollar cloud contract the U.S. intelligence community—made up of 17 agencies, including the NSA—has awarded in the past year.

In November, the CIA awarded its C2E contract, potentially worth tens of billions of dollars, to five companies—AWS, Microsoft, Google, Oracle and IBM—that will compete for specific task orders for certain intelligence needs.

Aug 11 07:24

What Is Pegasus? A Cybersecurity Expert Explains How the Spyware Invades Phones and What It Does When It Gets In

End-to-end encryption is technology that scrambles messages on your phone and unscrambles them only on the recipients’ phones, which means anyone who intercepts the messages in between can’t read them. Dropbox, Facebook, Google, Microsoft, Twitter and Yahoo are among the companies whose apps and services use end-to-end encryption.

This kind of encryption is good for protecting your privacy, but governments don’t like it because it makes it difficult for them to spy on people, whether tracking criminals and terrorists or, as some governments have been known to do, snooping on dissidents, protesters and journalists. Enter an Israeli technology firm, NSO Group.

Aug 10 18:21

O (no!) Canada: Fast-moving Proposal Creates Filtering, Blocking and Reporting Rules—And Speech Police to Enforce Them

By Corynne McSherry and Katitza Rodriguez

Policymakers around the world are contemplating a wide variety of proposals to address “harmful” online expression. Many of these proposals are dangerously misguided and will inevitably result in the censorship of all kinds of lawful and valuable expression. And one of the most dangerous proposals may be adopted in Canada. How bad is it? As Stanford’s Daphne Keller observes, “It’s like a list of the worst ideas around the world.” She’s right.

These ideas include:

- broad “harmful content” categories that explicitly include speech that is legal but potentially upsetting or hurtful
- a hair-trigger 24-hour takedown requirement (far too short for reasonable consideration of context and nuance)
- an effective filtering requirement (the proposal says service providers must take reasonable measures which “may include” filters, but, in practice, compliance will require them)

Aug 10 13:40

New “Glowworm attack” recovers audio from devices’ power LEDs

Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations.

The [email protected] team—consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov, and Professor Yuval Elovici—analyzed a broad array of widely used consumer devices including smart speakers, simple PC speakers, and USB hubs. The team found that the devices' power indicator LEDs were generally influenced perceptibly by audio signals fed through the attached speakers.

Aug 10 10:25

Attackers Started Exploiting a Router Vulnerability Just 2 Days After Its Disclosure

Juniper Threat Labs found evidence that a vulnerability that "potentially affects millions of home routers" was being actively exploited by hackers just two days after it was revealed to the public.

On Aug. 3, Tenable researcher Evan Grant publicly disclosed the vulnerability in question, which has been assigned the identifier CVE-2021-20090, alongside several other security flaws. Juniper said it "identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China" starting on Aug. 5.

The attacker was reportedly attempting to deploy a variant of the Mirai botnet that's powered numerous high-profile distributed-denial of service (DDoS) attacks since July 2016. This doesn't appear to be the first time the attacker exploited a publicly disclosed vulnerability in their efforts to deploy this botnet—Juniper said it started tracking similar activity on Feb. 18.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA