Search Results for “Joseph Cox”


September 12, 2019
CYBER / Motherboard

CYBER / Motherboard  
The Biggest iPhone Hack In History, Explained

Senior Staff Writer Joseph Cox talks about Google’s research which discovered malicious websites they said were indiscriminately spreading iPhone malware for years and what it means for how governments deploy iPhone malware: it turns out, on a much larger scale than we previously thought.

September 19, 2019
CYBER / Motherboard

CYBER / Motherboard  
The Private Surveillance System Tracking Cars in America

Tipped by a private investigator source, Joseph Cox broke the news that a powerful system used by an industry including repossession agents and insurance companies tracks cars across the US. Armed with just a car’s plate number, the tool—fed by a network of private cameras spread across the country—provides users a list of all the times that car has been spotted.

July 20, 2019
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Hackers Publish List of Around 2,500 Email Addresses, Passwords Purportedly Phished From Discord Users

Earlier this week a group of hackers published a list of about 2,500 email addresses and passwords they say they phished from users of gaming chat platform Discord. The hackers posted a database of the allegedly phished credentials, split into multiple sections of those that work and those that don’t. Some of the invalid login details were likely from people who were trying to provide the hackers with garbage data.

August 5, 2019
Julia Carrie Wong / The Guardian

Julia Carrie Wong / The Guardian  
Cloudflare Terminates Far-Right, Violence-Oriented 8chan Following Walmart Massacre in El Paso, CEO Calls Site ‘Lawless’

Internet security and cloud service provider Cloudflare announced it is terminating as a client far-right, violence and hate-oriented forum 8chan, which is used to distribute racist and white nationalist manifestos prior to mass shootings, including this weekend’s deadly shooting in El Paso. Cloudflare’s decision could doom 8chan’s chances of survival given that it has been protecting the forum from distributed denial of service (DDoS) attacks, and the site is a likely target for internet vigilantes. Although shortly after the El Paso shooting Cloudflare CEO Matthew Prince said his company had a “moral obligation” to keep servicing 8chan, he ultimately reversed course,  saying in a blog post “they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths.”

Related: WA Today, Mashable, Sydney Morning Herald, Joseph Cox – VICE, Reuters, Daily Beast, Slashdot, PCMag.com, TechCrunch, VICE News, CloudFlare, The Verge, Gizmodo

Tweets:@juliacarriew @ruskin147 @donie @donie @tarah @tarah @tarah @nkulw @donie @donie @d_hawk @slpng_giants @iblametom @riskybusiness @donie @infinitechan @kevinroose @josephfcox @tarah @aprilaser @beccalew @tarah @travis_view @eastdakota @KELLYWEILL @asankin @cwarzel

WA Today : 8Chan: the website that hosts terrorist propaganda and is linked to mass shootings
Mashable: Why the hell is 8chan still online?
Sydney Morning Herald: 8chan cut loose by security firm for ‘hate-filled’ content
Joseph Cox – VICE: Cloudflare Boots 8chan as a Customer
Reuters: Cloudflare terminates 8chan as customer on ‘hate-filled’ content: CEO
Daily Beast: 8chan Loses Cloudflare Protection After El Paso Shooting
Slashdot: Cloudflare Terminates 8chan
PCMag.com: After Shootings, Cloudflare Pulls Plug on 8chan
TechCrunch: Cloudflare will stop service to 8chan, which CEO Matthew Prince describes as a “cesspool of hate”
VICE News: Cloudflare Says It Won’t Ban 8chan, a Hotbed for Terrorist Manifestos
The Verge: Cloudflare to revoke 8chan’s service, opening the fringe website up for DDoS attacks
CloudFlare: Terminating Service for 8Chan
Gizmodo: The Dirty Business of Hosting Hate Online

@juliacarriew: Here’s my story on 8chan’s links to El Paso, Poway and Christchurch, including an interview with @Cloudflare CEO @eastdakota about why he considers keeping the site in Cloudflare’s network a “moral obligation”
@ruskin147: bellingcat on 8chan and El Paso: . “Until law enforcement, and the media, treat these shooters as part of a terrorist movement no less organized, or deadly, than ISIS or Al Qaeda, the violence will continue. “
@donie: APRIL: 73 minutes before the deadly shooting at Congregation Chabad synagogue in Poway, California, someone identifying himself as the supect in that attack posted a link to a hate-speech-filled manifesto hyperlinked on 8chan.
@donie: MARCH: Before the mass shooting in Christchurchan an account believed to belong to the gunman posted a link to white nationalist manifesto on 8chan. Post included a link to the gunman's Facebook page, where he said he would later broadcast the attack live.
@tarah: The moral of this commentary: Prince couldn’t just say “8chan is disgusting and we don’t want to work with them.”He had to frame this as a larger moral standard...because there *isn’t* actually a regulatory framework by which he must abide.
@tarah: CloudFlare terminates 8chan as a customer, citing “Rule of Law”—not US law, but philosophical concept. As a corporate infosec exec, I’ve dealt w multiple competing regulatory environments. I’m concerned that the word “jurisdiction” doesn’t appear here.(link: https://blog.cloudflare.com/terminating-service-for-8chan/) blog.cloudflare.com/terminating-se…
@tarah: CloudFlare flatly says that 8chan “may not have violated the letter of the law”—the letter of the law is what we work with, here. Not the spirit.Companies do what’s in their interest and in the interest of shareholders, and avoiding civil torts is precisely that.
@nkulw: I’ve always found Cloudflare to have the most interesting and least corporate-speak statements on internet hate. Their 8chan statement is really worth reading. (link: https://blog.cloudflare.com/terminating-service-for-8chan/) blog.cloudflare.com/terminating-se…
@donie: Would 8chan even come to the table? And if it did, wouldn’t someone set up another place where this stuff will be shared?
@donie: If the manifesto in 8chan is indeed from the El Paso suspect, it’ll be at least the third atrocity this year where a suspect has posted to 8chan in advance of an attack
@d_hawk: “Once again, a terrorist used 8chan to spread his message as he knew people would save it and spread it... The board is a receptive audience for domestic terrorists.”
@slpng_giants: Fucking WOW.@eastdakota , CEO of @Cloudflare , says that continuing to do business with 8Chan, where three white supremacist shooters have posted their screeds and were cheered on by other users is a “moral responsibility”.What a statement.
@iblametom: Why action on 8chan from @cloudflare is very unlikely (link: https://www.forbes.com/sites/thomasbrewster/2019/03/15/after-the-new-zealand-terror-attack-should-8chan-be-wiped-from-the-web/) forbes.com/sites/thomasbr…
@riskybusiness: White supremacist terrorists are able to reliably organise and disseminate this shit widely thanks to @Cloudflare and its investors, led most recently by @Fidelity .This is getting worse, it’s spreading, and I worry about my (not white) family. Fuck you very much, @Cloudflare !
@donie: And here’s why 8chan isn’t going anywhere.
@infinitechan: Some of you might’ve read the @Cloudflare news already. They're dropping 8chan. (link: https://blog.cloudflare.com/terminating-service-for-8chan/) blog.cloudflare.com/terminating-se… There might be some downtime in the next 24-48 hours while we find a solution (that includes our email so timely compliance with law enforcement requests may be affected).
@kevinroose: Cloudflare debated what to do about 8chan all day. Here is (part of) @eastdakota 's rationale for banning the site, in the end. (link: https://www.nytimes.com/2019/08/04/technology/8chan-shooting-manifesto.html) nytimes.com/2019/08/04/tec…
@josephfcox: The lack of coherence at Cloudflare’s top levels is pretty stark. Talk to general counsel, say they won’t ban unless illegal, concerned about operating at scale. CEO eventually decides to pull plug on 8chan himself after debating all day.
@tarah: See, CloudFlare *absolutely* has the right to terminate any customer they wish. They’re a private company and I strongly agree with Prince that they can choose their customers.However, I find it more likely that CloudFlare terminated 8chan for *liability*, not lawlessness.
@aprilaser: The El Paso shooter followed the playbook of posting his manifesto on 8chan before opening fire. I wrote about how 8chan came to be so deeply intertwined with the project of forming a white ethnostate
@beccalew: Cloudflare's statement about kicking off 8chan is.....very strange. it seems designed purely to eschew responsibility if 8chan takes a big hit. The Daily Stormer is decidedly NOT thriving, they are hanging on by a thread (and that's a good thing!).
@tarah: Nowhere in the PCI/SOC2/ISO# checklists does the box “don’t service violent hatemongers” exist.I salute CloudFlare for terminating 8chan. However, the legal framework for violence prevention that Prince is speaking around does not actually exist in corporate America.
@travis_view: 8chan's admin says that the site will be moving to "another service."The most likely candidate for the other service is @EpikDotCom , which serves at the registar for Gab.
@eastdakota: We just sent notice we are terminating service for 8chan. There comes a time when enough is enough. But this isn't the end. We need to have a broader conversation about addressing the root causes of hate online.
@KELLYWEILL: NEW: The racist lie behind the El Paso terrorist attack, via @kellyweill
@asankin: Cloudflare may have kicked 8chan off its service, but I found that it still takes money for DDoS protection from 56 other hate groups
@cwarzel: the speed with which tech cos change after a bad PR cycle seems like solid proof that none of this is abt principles but abt trying to keep from making hard choices as long as possible. earlier today they argued that keeping 8chan within its network is a “moral obligation”


August 7, 2019
Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Microsoft Contractors Listen to Voice Recordings Gathered by Skype’s Automated Translation Feature, Cortana’s Voice Assistant, Including Intimate Conversations

While Apple and Google recently suspended their use of human transcribers for their respective Siri and Google Assistant services, Microsoft contractors are listening to voice recordings gathered via Skype’s automated translation feature and commands from the Cortana voice assistant, according to documents, screenshots and audio recordings obtained by Motherboard.  Skype’s website tells customers the company may analyze audio of phone calls that a user wants to translate in order to improve the chat platform’s services but does not say that human workers will be listening to the audio. Microsoft’s privacy policy is unclear on the prospect of this kind of review as well. The audio obtained by Motherboard includes conversations from people talking intimately to loved ones, some chatting about personal issues such as their weight loss, and others seemingly discussing relationship problems. Microsoft says it strives to be transparent on the use of audio recordings and claims it gets customers’ permission before collecting and using their voice data.

Related: Security – Computing, ZDNet Security, The Next Web, The Verge

Tweets:@josephfcox @RidT @josephfcox @josephfcox


August 11, 2019
Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard

Lorenzo Franceschi-Bicchierai and Joseph Cox / Motherboard  
Black Hat Pulls Sponsored Conference Talk on New Encryption Technology Following Open Ridicule by Attendees

Attendees at the Black Hat security conference in Las Vegas openly ridiculed a sponsored talk at the event entitled “The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean For Encryption?” given by a man named Robert Grant of a company called Crown Sterling.  Many of the conference attendees slammed the presentation as touting “bad math” and unproven and potentially harmful encryption technology described by using a collection of math and cryptography buzzwords such as “infinite wave conjugations,” and “quasi prime numbers.” The criticism was so strong that Black Hat removed the talk from its website. Crown Sterling denies the criticisms of its technology.

Related: Business Wire Technology News, Gizmodo

Tweets:@cnoanalysis @lorenzofb @veorq @Robert_E_Grant_


Joseph Cox / Motherboard

Joseph Cox / Motherboard  
Security Researcher Creates Legit-Looking Apple Lightning Cable With Implants Allowing Hacker Access to Victim’s Machine

A security researcher known as MG has transformed an ordinary-looking Apple lightning cable into a malicious tool, dubbed O.MG Cable, capable of remotely controlling targeted machines. MG demonstrated to Motherboard how it has extra components placed inside the cable letting a hacker remotely connect to the target computer. By swapping out the cable for a victim’s own legitimate one, a hacker can wirelessly connect to the computer. The cable comes with various payloads, or scripts and commands that an attacker can run on the victim’s machine and can even remotely “kill” the USB implant, hiding some evidence of its use or existence.

August 21, 2019
Joseph Cox / Vice

Joseph Cox / Vice  
Google, Mozilla and Apple Say They Will Block Encryption Certificate Mandated by the Kazakhstan Government Earlier This Year

Google and Mozilla announced they would block an encryption certificate the Kazakhstan government had forced citizens to download. The certificate gives the government the ability to intercept Facebook, Twitter, Google, and other passwords of the 18 million people in the country. One response the Kazakhstan government could have to this move by the tech giants is to mandate the downloading of its own custom browser with the certificate already installed, instead of relying on browser manufacturers to allow the certificate. However, in early August, weeks after ISPs ordered users in the country to download the certificate and following a series of lawsuits, the government appeared to have backtracked, saying the certificate was only part of a “test” and could be removed. After Google and Mozilla issued their announcements about blocking the certificate, Apple said it would follow suit.

Related: Venture Beat, Reuters, Channel News Asia, ZDNet Security, Verdict, TechCrunch, Silicon Republic, The Hacker News, Google Online Security Blog, CNET, Silicon.co.uk, Cult of Mac, Reuters, Gadgets Now, TODAYonlineSecurityWeek, 9to5Google,LinuxSecurity – Security Articles, The Next Web, Infosecurity Magazine, Z6 Mag, Slashdot, Forbes, CNBC Technology, AppleInsider, WIRED, Law & Disorder – Ars Technica,, The Hacker News, Verdict, Android Central , Windows CentralEngadget, Boing Boing, iMore

Tweets:@josephfcox

Venture Beat: Google and Mozilla block Kazakhstan root CA certificate from Chrome and Firefox
Reuters: Google, Mozilla block Kazakh surveillance moves
Channel News Asia: Google, Mozilla block Kazakh surveillance moves
ZDNet Security: Apple, Google, and Mozilla block Kazakhstan’s HTTPS intercepting certificate
Verdict: Google and Mozilla block Kazakhstan internet surveillance
TechCrunch: Google, Mozilla team up to block Kazakhstan’s browser spying tactics
Silicon Republic: Google and Mozilla halt Kazakhstan’s plan to monitor citizens through browsers
The Hacker News: Google, Mozilla, Apple Block Kazakhstan’s Root CA Certificate to Prevent Spying
Google Online Security Blog: Protecting Chrome users in Kazakhstan
CNET: Google, Apple and Mozilla to block internet surveillance in Kazakhstan
Silicon.co.uk : Mozilla, Google, Apple To Block Kazakhstan Surveillance
Cult of Mac: Apple takes steps to crack down on Kazakh government eavesdropping
Reuters: Google, Mozilla block Kazakh surveillance moves
Gadgets Now: Google, Apple and Mozilla move to block Kazakh surveillance system
TODAYonline: Google, Apple, Mozilla move to block Kazakh surveillance system
SecurityWeek: Apple, Google, Mozilla Respond to Kazakhstan Surveillance Efforts
9to5Google: Apple, Google, Mozilla all act to block state surveillance of web users
LinuxSecurity – Security Articles: Google, Apple, and Mozilla wont budge on Kazakhstan’s sneaky plot to spy on citizens
The Next Web : Google, Apple, and Mozilla won’t budge on Kazakhstan’s sneaky plot to spy on citizens
Infosecurity Magazine: Companies Act to Defend Privacy of Kazakhstanis
Z6 Mag: Chrome, Firefox, Safari blocks Kazakhstan-issued certs
Slashdot: Apple, Google, and Mozilla Block Kazakhstan’s HTTPS Intercepting Certificate
Forbes : Apple, Google And Mozilla Block Kazakh Government Surveillance
CNBC Technology: Google, Apple, Mozilla move to block Kazakh surveillance system
AppleInsider: Apple, Google, Mozilla take steps to block Kazakhstan government surveillance
WIRED: Firefox and Chrome Fight Back Against Kazakhstan’s Spying
TechCrunch: Apple, Google and Mozilla block Kazakhstan’s browser spying tactics
Law & Disorder – Ars Technica: Google, Apple, and Mozilla block Kazakhstan government’s browser spying
The Hacker News: Google, Mozilla, Apple Block Kazakhstan’s Root CA Certificate to Prevent Spying
Verdict: Google and Mozilla block Kazakhstan internet surveillance
Android Central : Google, Apple, and Mozilla found blocking Kazakhstan’s spy-certificate
Windows Central : Mozilla, Google, and Apple block Kazakhstan’s spy-certificate
Engadget : Google and Mozilla to block web surveillance in Kazakhstan
Boing Boing: Google, Mozilla, and Apple are using this one weird trick to block Kazakhstan’s surveillance of its own citizens
iMore: Apple’s blocks Kazakhstan’s spy-certificate, Google, Mozilla as well

@josephfcox: New: Google and Mozilla have now blocked a root certificate from the Kazakhstan government in their browsers. The cert could be used to intercept Facebook, Gmail, Twitter etc encrypted traffic.Microsoft hasn't done the same. Apple didn't respond https://vice.com/en_us/article/ne8vam/google-mozilla-block-kazakhstan-spying-tool-encryption-certificate