Saturday, May 26, 2018

Ghostery E-mail Breach

Ghostery sent out an e-mail on May 25, 2018 that resulted in the exposure of account holders’ e-mail addresses to other Ghostery account holders and Ghostery users. Only e-mail addresses were exposed. You are not affected if you use Ghostery but did not provide an e-mail address to them. You are not affected if you did not receive the GDPR e-mail from Ghostery.

COMSEC Beyond Encryption & OPSEC: Because Jail is for wuftpd

COMSEC Beyond Encryption
By Ben Nagy (@rantyben) and The Grugq (@thegrugq)

OPSEC for Russians - By The Grugq

OPSEC: Because Jail is for wuftpd (YouTube Video) - By The Grugq

The Grugq's presentation OPSEC: Because Jail is for wuftpd is a must see presentation. You can download the slide-deck "OPSEC for Russians" that goes along with this talk.

Also, read COMSEC Beyond Encryption. These are great slides, important for anyone interested in data privacy and personal security. 

You may also want to read RATS by Claire Wolfe.

-- and  --

Infiltrators, Informers and Grasses -
How, Why and What To Do If Your Group is Targeted

Friday, May 25, 2018

FBI Tells Router Users to Reboot Now to Kill Malware Infecting 500k Devices

Researchers from Cisco’s Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot.

Amazon Alexa Recorded Private Conversation - Sent It to Random Contact

According to Fox13 News (May 24, 2018) Amazon Alexa recorded private conversation and sent it to a random contact. - A Portland, Oregon, family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa – the voice-controlled smart speaker – and the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list. "A husband and wife in the privacy of their home have conversations that they're not expecting to be sent to someone (in) their address book."

"Amazon said, 'Our engineers went through your logs, and they saw exactly what you told us; they saw exactly what you said happened, and we're sorry.' He apologized like 15 times in a matter of 30 minutes, and he said, 'We really appreciate you bringing this to our attention; this is something we need to fix!'"

EU GDPR - May 25, 2018

GDPR is a piece of legislation that was approved in April 2016. European authorities have given companies two years to comply and it will come into force on May 25, 2018.

It replaces a previous law called the Data Protection Directive and is aimed at harmonizing rules across the 28-nation EU bloc.

The aim is to give consumers control of their personal data as it is collected by companies. Not only will it affect organizations located within the EU, but it will also apply to companies outside of the region if they offer goods or services to, or monitor the behavior of, people in the EU.

While you don't receive the full benefits of the EU GDPR is you live outside of the EU the effect of this new law will benefit everyone that deals with giant Internet corporations like Google and Facebook. Also, while the EU GDPR may not be binding on courts outside of the EU; courts may find it persuasive when considering cases within their own jurisdictions.

Thursday, May 24, 2018

FBI Repeatedly Overstated Encryption Threat Figures to Congress & Public

The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post (May 22, 2018) has learned.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order.

The FBI’s assertion that 7,775 phones could not be opened by their investigators last year has always struck a discordant note with critics and privacy advocates, who noted that just a year earlier, the FBI had claimed the figure was 880. Such a giant leap in locked phones could not be explained by changes in technology or criminal behavior, those critics reasoned.

Lawmakers have tried unsuccessfully to get more details about the FBI’s claims.

"Going Dark" claims from law enforcement are complete B.S. and always have been. Encryption prevents mass-surveillance, and prevents witch hunts where the government is looking for a crime where there is no good evidence that one exists (the actions of a police state); but it is much less effective in preventing law enforcement from investigating an actual crime (good police work).

Russia Imposes Fines for Search Engines That Show Links to Banned Sites

From Telegram News... Если вы не знали, то в России работает федеральная государственная информационная система (ФГИС), созданная для ограничения доступа к заблокированным ресурсам. В ФГИС также добавляют VPN-сервисы и другие средства анонимизации, которые по запросам правоохранительных органов или спецслужб не ограничивают доступ к запрещенным интернет-ресурсам. К ФГИС обязаны подключаться и операторы поисковых систем для прекращения выдачи ссылок на заблокированные сайты.

Тем временем Госдума готовится ввести штрафы за выдачу поисковиками ссылок на запрещенные сайты. Такая норма содержится в принятом 22 мая во втором чтении законопроекте об ответственности за нарушение закона об анонимайзерах. Согласно ей, за запрещенные сайты в поисковой выдаче могут грозить штрафы 3–5 тыс. руб. для граждан, 30–50 тыс. руб. для должностных лиц и 500–700 тыс. руб. для юридических лиц.

If you did not know, in Russia there is a Federal State Information System (FGIS), created to limit access to blocked resources. This includes VPN-services and other means of anonymization, which, at the request of law enforcement agencies or special services do not restrict access to banned Internet resources. Search engines are required to stop showing links to blocked sites.

Currently, the State Duma is preparing to impose fines for search engines that show links to banned sites. Such a rule is contained in the draft law on responsibility for violating the law on anonymizers passed on May 22 in the second reading. According to the law, fines of 3-5 thousand rubles can be imposed for banned sites in search results for citizens; 30-50 thousand rubles for officials; and 500-700 thousand rubles for legal entities (businesses).

Although there is a vast amount of information available on the Internet, we generally rely on a search engine of some type to locate that information. When links to information are removed from search results information becomes inaccessible - not because it is no longer on-line, but because it cannot be found.

It is important to keep your own list of URLs (links) to sites that you use to support your data privacy and personal security. This can be as basic as a list of links in a text file, or a more complex encrypted database of links.  You may also want to keep the IP addresses of important sites so that you can access them directly if they are blocked in the DNS. For example, will take you to the Telegram web-site.

There are several ways to keep your bookmarks secure. If you use the Firefox Browser, one option is the Link Password Add-On.