Recent searches

No recent searches

Search options

Only available when logged in.
digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Administered by:

Server stats:

818
active users

digitalcourage.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#uncategorized

19 posts12 participants1 post today
Schneier on Security RSS

Google Sues the Badbox Botnet Operators

It will be interesting to watch what will come of this private lawsuit:
Google on Thursday announced filing a lawsuit again... schneier.com/blog/archives/202

Schneier on Security · Google Sues the Badbox Botnet Operators - Schneier on SecurityIt will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google’s security protections, and the perpetrators pre-installed the Badbox 2.0 malware on them, to create a backdoor and abuse them for large-scale fraud and other illicit schemes. This reminds me of Meta’s lawauit against Pegasus over its hack-for-hire software (which I wrote about ...
#Uncategorized#backdoors#botnets
Pyrzout :vm:

Google Sues the Badbox Botnet Operators schneier.com/blog/archives/202 #Uncategorized #backdoors #botnets #malware #courts #Google

Schneier on Security · Google Sues the Badbox Botnet Operators - Schneier on SecurityIt will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google’s security protections, and the perpetrators pre-installed the Badbox 2.0 malware on them, to create a backdoor and abuse them for large-scale fraud and other illicit schemes. This reminds me of Meta’s lawauit against Pegasus over its hack-for-hire software (which I wrote about ...
Schneier on Security RSS

“Encryption Backdoors and the Fourth Amendment”

Law journal article that looks at the Dual_EC_PRNG backdoor from a US constitutional perspect... schneier.com/blog/archives/202

Schneier on Security · "Encryption Backdoors and the Fourth Amendment" - Schneier on SecurityLaw journal article that looks at the Dual_EC_PRNG backdoor from a US constitutional perspective: Abstract: The National Security Agency (NSA) reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of three theories removed the Fourth Amendment’s requirement that this be reasonable. The first is that a challenge to the encryption backdoor might fail for want of a search or seizure. The Article rejects this both because the Amendment reaches some vulnerabilities apart from the searches and seizures they enable and because the creation of this vulnerability was itself a search or seizure. The second is that the role of the technology companies might have brought this backdoor within the private-search doctrine. The Article criticizes the doctrine­ particularly its origins in Burdeau v. McDowell­and argues that if it ever should apply, it should not here. The last is that the customers might have waived their Fourth Amendment rights under the third-party doctrine. The Article rejects this both because the customers were not on notice of the backdoor and because historical understandings of the Amendment would not have tolerated it. The Article concludes that none of these theories removed the Amendment’s reasonableness requirement...
#academicpapers#Uncategorized#encryption
Pyrzout :vm:

“Encryption Backdoors and the Fourth Amendment” schneier.com/blog/archives/202 #academicpapers #Uncategorized #encryption #backdoors #laws #NSA

Schneier on Security · "Encryption Backdoors and the Fourth Amendment" - Schneier on SecurityLaw journal article that looks at the Dual_EC_PRNG backdoor from a US constitutional perspective: Abstract: The National Security Agency (NSA) reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of three theories removed the Fourth Amendment’s requirement that this be reasonable. The first is that a challenge to the encryption backdoor might fail for want of a search or seizure. The Article rejects this both because the Amendment reaches some vulnerabilities apart from the searches and seizures they enable and because the creation of this vulnerability was itself a search or seizure. The second is that the role of the technology companies might have brought this backdoor within the private-search doctrine. The Article criticizes the doctrine­ particularly its origins in Burdeau v. McDowell­and argues that if it ever should apply, it should not here. The last is that the customers might have waived their Fourth Amendment rights under the third-party doctrine. The Article rejects this both because the customers were not on notice of the backdoor and because historical understandings of the Amendment would not have tolerated it. The Article concludes that none of these theories removed the Amendment’s reasonableness requirement...
Schneier on Security RSS

Another Supply Chain Vulnerability

ProPublica is reporting:
Microsoft is using engineers in China to help maintain the Defense Department’s ... schneier.com/blog/archives/202

Schneier on Security · Another Supply Chain Vulnerability - Schneier on SecurityProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage...
#vulnerabilities#Uncategorized#supplychain
Pyrzout :vm:

Another Supply Chain Vulnerability schneier.com/blog/archives/202 #vulnerabilities #Uncategorized #supplychain #China #risks

Schneier on Security · Another Supply Chain Vulnerability - Schneier on SecurityProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage...
Pyrzout :vm:

Singapore warns China-linked group UNC3886 targets its critical infrastructure – Source: securityaffairs.com ciso2ciso.com/singapore-warns- #rssfeedpostgeneratorecho #informationsecuritynews #criticalinfrastructure #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #Uncategorized #hackingnews #Singapore #hacking #UNC3886 #China

singapore-warns-china-linked-group-unc3886-targets-its-critical-infrastructure-–-source:-securityaffairs.com
CISO2CISO.COM & CYBER SECURITY GROUP · Singapore warns China-linked group UNC3886 targets its critical infrastructure – Source: securityaffairs.comSource: securityaffairs.com - Author: Pierluigi Paganini Singapore says China-linked group UNC3886 targeted its critical infrastructure
Pyrzout :vm:

Friday Squid Blogging: The Giant Squid Nebula schneier.com/blog/archives/202 #Uncategorized #squid

Schneier on Security · Friday Squid Blogging: The Giant Squid Nebula - Schneier on SecurityBeautiful photo. Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth’s sky. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula’s bipolar shape is distinguished here by the telltale blue emission from doubly ionized oxygen atoms. Though apparently surrounded by the reddish hydrogen emission region Sh2-129, the true distance and nature of the Squid Nebula have been difficult to determine. Still, one investigation suggests Ou4 really does lie within Sh2-129 some 2,300 light-years away. Consistent with that scenario, the cosmic squid would represent a spectacular outflow of material driven by a ...
Schneier on Security RSS

Friday Squid Blogging: The Giant Squid Nebula

Beautiful photo.
Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in plan... schneier.com/blog/archives/202

Schneier on Security · Friday Squid Blogging: The Giant Squid Nebula - Schneier on SecurityBeautiful photo. Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth’s sky. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula’s bipolar shape is distinguished here by the telltale blue emission from doubly ionized oxygen atoms. Though apparently surrounded by the reddish hydrogen emission region Sh2-129, the true distance and nature of the Squid Nebula have been difficult to determine. Still, one investigation suggests Ou4 really does lie within Sh2-129 some 2,300 light-years away. Consistent with that scenario, the cosmic squid would represent a spectacular outflow of material driven by a ...
#Uncategorized#squid
Cahier de Coco

Cahier d’été : la Dordogne, ou la douceur d’une France rêvée
---
Bienvenue dans ce deuxième cahier d’été. Après Majorque et son empreinte purement méditerranéenne, mettons le cap sur la Dordogne. Une destination qui se dessine au fil des kilomètres d'eau et des rêveries estivales.

Premier "Cahier d'été" déjà publié : un lieu magique appelé Sóller

Douce France

L'appel de la « remontée vers le nord  :
cahierdecoco.com/cahier-ete-do
---
#Uncategorized

Schneier on Security RSS

New Mobile Phone Forensics Tool

The Chinese have a new tool called Massistant.

Massistant is the presumed successor to Chinese forensics tool, “M... schneier.com/blog/archives/202

Schneier on Security · New Mobile Phone Forensics Tool - Schneier on SecurityThe Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gains access to device GPS location data, SMS messages, images, audio, contacts and phone services. Meiya Pico maintains partnerships with domestic and international law enforcement partners, both as a surveillance hardware and software provider, as well as through training programs for law enforcement personnel...
#Uncategorized#smartphones#forensics
Pyrzout :vm:

New Mobile Phone Forensics Tool schneier.com/blog/archives/202 #Uncategorized #smartphones #forensics #hacking #malware #privacy #China

Schneier on Security · New Mobile Phone Forensics Tool - Schneier on SecurityThe Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gains access to device GPS location data, SMS messages, images, audio, contacts and phone services. Meiya Pico maintains partnerships with domestic and international law enforcement partners, both as a surveillance hardware and software provider, as well as through training programs for law enforcement personnel...
Schneier on Security RSS

Security Vulnerabilities in ICEBlock

The ICEBlock tool has vulnerabilities:
The developer of ICEBlock, an iOS app for anonymously reporting sightings of US I... schneier.com/blog/archives/202

Schneier on Security · Security Vulnerabilities in ICEBlock - Schneier on SecurityThe ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises regarding user anonymity and privacy, being “misguided” about the privacy offered by iOS, and of being an Apple fanboy. The issue isn’t what ICEBlock stores. It’s about what it could accidentally reveal through its tight integration with iOS...
#vulnerabilities#Uncategorized#anonymity
TrendingLive feeds
About