Search Results for “Joseph Menn”


May 30, 2020
Joseph Menn / Reuters

Joseph Menn / Reuters  
Zoom Plans to Strengthen Encryption of Video Calls Hosted by Paying Clients

Massively popular video conferencing provider Zoom plans to strengthen the encryption of video calls hosted by paying clients and institutions such as schools but not by users of its free consumer accounts, Zoom security consultant Alex Stamos confirmed. Stamos said the plan was subject to change, and it was not yet clear which, if any, nonprofits or other users, such as political dissidents, might qualify for accounts allowing more secure video meetings.

May 4, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
Apple and Google Release Details on Their Coronavirus Contact Tracing App, Only Governments Will Have Access to API, Location Tracking Banned

Apple and Google have released new details on their Bluetooth-based system that will let health care authorities track potential encounters with Covid-19, making clear that only government agencies, preferably at the national level, will be given access to the application programming interface. However, the two tech giants are willing to work with regional and state-level authorities. If government-run apps want access to Apple and Google’s Bluetooth-based system, they won’t be allowed to collect location data. They must ask for consent before collecting information on a user’s proximity to others. They will also need permission to upload any information from the phones of Covid-19 positive people as well. The two companies also published sample user interfaces for the first time. However, they say the images for how the contact tracing system will work are merely for reference because health agencies will build the final apps.

Related: Data Protection Report, ET news, CPO Magazine, The Register – Security, DataBreachToday.com, TechTarget, MSSP Alert, Computer Business Review, Voice of America, Panda Security Mediacenter, MacDailyNews, MacDailyNews, The Sun, TechTarget, Vox, Reuters, Ars Technica, RT USAAndroid Authority, xda-developers, CNBC, Slashdot, MacDailyNews, Engadget, The Verge

Tweets:@a_greenberg @Wired @josephmenn @ncweaver @lukOlejni

Data Protection Report: StopCovid: the French contact-tracing app
ET news: France’s StopCovid app to begin testing before wider rollout
CPO Magazine: MIT Researchers Develop a COVID-19 Contact Tracing App That Preserves Privacy Using Random IDs
The Register – Security: India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart
DataBreachToday.com: Digital Contact-Tracing Apps: Hype or Helpful?
TechTarget: Research institutes warn of necessity for UK contact-tracing app to…
MSSP Alert: COVID-19, Contact Tracing and U.S. Government Surveillance Concerns: Research
Computer Business Review: ICO Releases Data Protection Guide for Contact Tracing Apps
Voice of America: European Virus Tracing Apps Highlight Battle for Privacy
Panda Security Mediacenter: What to expect from the upcoming Apple and Google contact tracing apps
MacDailyNews: France continues to insist on centralized COVID-19 contact tracing while Apple refuses to budge
The Sun: What is the contact tracing app and how do I download it?
TechTarget: NHSX contact-tracing app needs legislative oversight
Vox: Contact tracing, explained
Reuters: Apple, Google ban use of location tracking in contact tracing apps
Ars Technica: Here’s how Apple, Google will warn you if you’ve been exposed to COVID-19
RT USA: Google & Apple set some lucky programmers up for lucrative monopoly with new rules for contact-tracing app
Android Authority: Google, Apple lay out strict rules for Exposure Notification API, no GPS data
xda-developers: [Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
CNBC : Apple and Google reveal what their coronavirus contact tracing system might look like (CNBC: Top News)
Slashdot: Apple, Google Ban Use of Location Tracking in Contact Tracing Apps
MacDailyNews: Apple, Google ban use of location tracking in contact tracing apps
Engadget: Apple and Google tell health departments their privacy requirements for coronavirus tracking
The Verge: Apple and Google show what their exposure notification system could look like

@a_greenberg: Google and Apple have clarified a few more privacy restrictions for the apps that will use their Bluetooth-based Covid-19 exposure alert system. They've also shown some examples of what it could look like: http://wired.com/story/apple-go… This will not be a fun push notification to get.
@Wired: Apple and Google have released new details on their contact tracing plans. Only government agencies will be able to access the application programming interface, and the apps will not be allowed to collect location data. Here's how the apps might look:
@josephmenn: Apple, Google ban use of location tracking in contact tracing apps
@ncweaver: OK, I'm starting to agree with @stewartbaker that Apple & Google are taking the privacy thing too far: https://reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W Keeping location data on the phone for contact tracing for 14 days, along with the bluetooth contact data, is privacy sensitive and reasonable.
@lukOlejni: Google and Apple will ban the use of geolocation to contact tracing #COVID?19, including for government apps. Technological policing? ;) https://reuters.com/article/us-health-coronavirus-usa-apps-idUSKBN22G28W?taid=5eb053bc3b463d000141f938


April 29, 2020
Joseph Menn / Reuters

Joseph Menn / Reuters  
Judges Challenge U.S. Justice Department Rationale for Keeping Secret a Facebook Victory on Encryption Backdoor Request

All three judges on the 9th U.S. Circuit Court of Appeals who are reviewing a case involving government demands to break encryption had tough questions for the U.S. Justice Department’s support for keeping secret a lower court ruling in which the government lost a fight against Facebook to break the encryption of its Messenger service.  In 2018, a federal court in Fresno, California, denied a  government request that would have required Facebook to break the encryption of its Messenger application. But the court’s order and details about the dispute have been kept secret. The Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU), and Stanford cybersecurity scholar Riana Pfefferkorn asked the federal court to unseal the lower court’s ruling on First Amendment grounds. The Justice Department has argued that the public did not have a right to know why Facebook prevailed in 2018 because that case grew out of a wiretap request, which is typically sealed.

April 17, 2020
Joseph Menn / Reuters

Joseph Menn / Reuters  
Hacking Attempts Against Corporations More Than Doubled in March Due to Rise of Vulnerable Workers at Home

Hacking attempts against corporations in the U. S. and other countries increased by 148%  by some measures last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers at VMWare Carbon Black said. Likewise, Finland’s Arctic Security found that the number of networks experiencing malicious activity more than doubled in March in the United States and many European countries compared with January.

March 26, 2020
Joseph Menn / Reuters

Joseph Menn / Reuters  
International Group of Nearly 400 Cybersecurity Experts Form COVID-19 CTI League to Fight Coronavirus-Related Hacking

An international group of nearly 400 volunteers with expertise in cybersecurity formed on Wednesday to fight hacking related to the novel coronavirus. The group calls itself the COVID-19 CTI League, for cyber threat intelligence and spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft and Amazon.com. Marc Rogers, head of security for DEF CON and one of the four initial organizers of the group, said the top priority would be working to combat hacks against medical facilities and other frontline responders to the pandemic. Another top priority is the defense of communications and network services that have skyrocketed in importance as people work from home.

June 18, 2019
InSecurity

InSecurity  
Joseph Menn: Cult of the Dead Cow

Matt Stephenson talks with best selling author Joseph Menn on his latest blockbuster book, Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. It’s been over 30 years, but Joe spoke with the original punk rock hacking collective about what they did and how they changed the world.

July 1, 2019
KQED Forum

KQED Forum  
Joseph Menn’s ‘Cult of the Dead Cow’ Portrays the Lasting Influence of Early Hackers

A lonely, code-savvy kid calling himself Grandmaster Ratte’ created a group of friends with a mutual interest in hacking back in ’80s Lubbock, Texas. Remaining anonymous until recently, group members have been credited with the hacktivist movement, where technology is used to further a political agenda. Journalist Joseph Menn talks about the history and evolution of this renowned group that called themselves the Cult of the Dead Cow.

January 21, 2020
Joseph Menn / Reuters

Joseph Menn / Reuters  
Apple Reportedly Dropped Plans to Let iPhone Users Fully Encrypt Backups After FBI Objected

About two years ago, Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, according to six sources. Under the cloud encryption plan, primarily designed to thwart hackers, Apple would have no longer had a key to unlock the encrypted data, meaning it would not have been able to turn material over to authorities in a readable form even under court order. The FBI reportedly argued against this plan, saying it would deny them the most effective means for gaining evidence against iPhone-using suspects, and Apple ultimately dropped the idea.

Related: 9to5Mac, The Verge, MacRumors, iMore, iPhone Hacks, The Apple Post, CNET, AppleInsider, iDownloadBlog.com, Engadget, Input, iMore, Security – Computing, CNET, San Jose Business News, Cult of Mac, Mashable, Reddit – cybersecurity, Tech Insider, Fast Company, News Tom’s Guide, The Mac Observer, Daily Dot, HotHardware.com, Patently Apple, WCCFtech, WinBuzzer, PCMag.com, VentureBeat, CNBC, MacDailyNews, Slashdot, The Loop

Tweets:@matthew_d_green @zackwhittaker @zackwhittaker @alexstamos @dnvolz @josephmenn @hatr @elcomsoft @rstephens @Bing_Chris @kennwhite @josephmenn @dhh @ByJuliaLove @weldpond @NathonSecurity @YuanfenYang

9to5Mac: Apple reportedly abandoned plans to roll out end-to-end encrypted iCloud backups, apparently due to pressure from the FBI
The Verge: Apple reportedly scrapped plans to fully secure iCloud backups after FBI intervention
MacRumors: Apple Reportedly Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected
iMore: Apple may have abandoned iCloud encryption after the FBI complained
iPhone Hacks: Apple Reportedly Dropped End-to-End Encryption for iCloud Backups After FBI’s Objection
The Apple Post: Apple pulled end-to-end iCloud backup encryption plans after FBI objected
CNET: Apple apparently abandoned encrypted iCloud backup plans after FBI pressure
AppleInsider: Apple dropped plans to encrypt iCloud after the FBI complained
iDownloadBlog.com: Reuters: the FBI pressured Apple not to encrypt iCloud backups
Engadget: Apple reportedly dropped iCloud encryption plans amid FBI pressure
Input: Report: F.B.I. complaints stopped Apple from encrypting iCloud backups
iMore: Apple may have abandoned iCloud encryption after the FBI complained
Security – Computing: Apple U-turned on icloud end-to-end encryption plan following FBI complaints
CNET: Apple reportedly ditched plan for encrypted iCloud backup after FBI pressure
San Jose Business News: Why Apple dropped plans to encrypt iPhone backups in iCloud
Cult of Mac: Apple ditched plans for secure iCloud backups after FBI concern
Mashable: Apple reportedly backed off encrypting iCloud data after pressure from the FBI
Reddit – cybersecurity: Apple dropped plan for encrypting backups after FBI complained
Tech Insider: Apple killed a security project after the FBI pushed back, sources say (AAPL)
Fast Company: Report: Apple killed plans for end-to-end encrypted iCloud backups after the FBI complained
News Tom’s Guide: Apple backed off iCloud encryption because of FBI (Report)
The Mac Observer: Apple Cancels iCloud Encryption Plan Due to FBI
Daily Dot: Apple’s iCloud encryption plan halted amid FBI pressure, report
HotHardware.com: Apple Was All-In On Encrypted iCloud Backups, Until The FBI Came Knocking
Patently Apple: Apple has Reportedly Dropped Plans to let iPhone users Fully Encrypt Backups of their Devices in iCloud
WCCFtech: Apple Dropped Full Encryption Plans for iCloud Backups After FBI’s Request
WinBuzzer: Apple Says FBI Shut Down Plans To Encrypt iCloud Backups
Neowin: Apple reportedly doesn’t encrypt iCloud backups because the FBI said not to
WinBuzzer: Apple Says FBI Shut Down Plans To Encrypt iCloud Backups
PCMag.com: Report: Apple Dropped Plans for Fully-Encrypted iCloud Backups
VentureBeat: Apple’s iCloud backups are unencrypted due to law enforcement pressure
CNBC: Apple dropped plan for encrypting iPhone backups after FBI complained, sources say
MacDailyNews: Apple killed iCloud encryption after FBI complained
Slashdot: Apple Dropped Plan for Encrypting Backups After FBI Complained
The Loop: Apple dropped plan for encrypting backups after FBI complained – sources

@matthew_d_green: I suspected this was true ever since Apple released iCloud Keychain and did nothing interesting with it. Government pressure works.
@zackwhittaker: “Legal killed it, for reasons you can imagine."
@zackwhittaker: Good reporting citing a lot of sources, but still unclear precisely why Apple's plan was dropped. Another said that customers "would find themselves locked out of their data more often."
@alexstamos: Another huge @josephmenn scoop. At least the FBI needs a search warrant. Remember that Apple turned over storage of Chinese iCloud backups to "Guizhou on the Cloud Big Data Industrial Development Co, Ltd."
@dnvolz: Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters https://reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT great scoop from @josephmenn
@josephmenn: The larger point of this story, of course, is not that Apple is “bad” on privacy. It’s that there is more cooperation across the industry than meets the eye, and no one has an incentive to say so. Apple is much better than most, so there is the greatest pressure on it to deal.
@hatr: Apple originally had planned to encrypt user-content on iCloud. Now, Reuters reports, those plans have been dropped after the FBI complained about the move hampering investigations. Regular users would have benefitted the most. https://reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT
@elcomsoft: Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources | Article [AMP] | Reuters
@rstephens: I think this will come as a surprise to most people. I actually thought our iCloud backups were end-to-end encrypted. You can’t put up those Privacy billboards and yet have iCloud backups unencrypted.
@Bing_Chris: Wild story. Important context in that it shows Apple is vulnerable to FBI/DOJ pressure, despite stance on backdoors at the moment -> Exclusive: Apple dropped plan for encrypting backups after FBI complained https://reut.rs/37gt7GJ (by @josephmenn)
@kennwhite: NB: iMessage and WhatsApp back up all messages to iCloud. Signal on Android does not by default. Signal on iOS doesn't allow iCloud backups at all.
@josephmenn: Bits that did not make the story: #Signal chats do not back up to iCloud. And Apple has made it easier to avoid iCloud when moving to a new phone.
@dhh: The iPhone already has an encryption back door for almost all users: The iCloud backup. Apple was going to close that door, but backed down in fear of angering the FBI. For shame.
@ByJuliaLove: This is one of those scoops that changes your understanding of everything. After Apple's battle w the FBI in 2016, I assumed the company was still taking a tough line with law enforcement. The story was more complicated behind the scenes. By @josephmenn
@weldpond: I wonder if 3rd parties will fill the void of secure iPhone backup now.
@NathonSecurity: Question is, can Apple remotely enable iCloud backups? If so, would it comply with a law enforcement request to do so?
@YuanfenYang: If Apple had gone ahead with giving users true end-to-end encryption for iCloud backups, it would have given much relief to Chinese iCloud users — whose data is now stored in-country, along with their encryption keys. Amazing scoop by @josephmenn


June 27, 2019
Christopher Bing, Jack Stubbs, Joseph Menn / Reuters

Christopher Bing, Jack Stubbs, Joseph Menn / Reuters  
Hackers From Western Spy Agencies Broke Into Russia’s Yandex to Deploy Rare Regin Malware to Spy on Developers, Sources

Hackers working for Western intelligence agencies broke into Russian Internet search company Yandex, known as “Russia’s Google,” in late 2018 deploying a rare type of malware called Regin in an attempt to spy on user accounts in the company’s research and development unit, four people with knowledge of the matter told Reuters. Regin has been known to be used by intelligence agencies in the Five Eye countries, which is composed of the United States, Britain, Australia, New Zealand, and Canada. The sources said the hackers appeared to be searching for technical information that could explain how Yandex authenticates user accounts, which could help spy agencies impersonate a Yandex user and access their private messages. Yandex spokesman Ilya Grabovsky acknowledged the attack but said it had been neutralized at an early stage and caused no damage.

Related: CNBC Technology, Slashdot, CNET News, Techradar, The Register – Security,  ARN, Security – Computing, Deccan Chronicle

Tweets:@josephmenn