63
|
Other / Politics & Society / Microsoft Approves Thai Government's Root Certificate, Which Could Enable Spying
|
on: January 27, 2017, 02:08:09 PM
|
Microsoft Approves Thai Government's Root Certificate, Which Could Enable Spyinghttp://www.tomshardware.com/news/microsoft-thai-government-root-certificate,33505.htmlPrivacy International, a UK-based nonprofit founded in 1990, released a report showing that Microsoft is the only operating system vendor to have approved the Thai military government's root certificate by default, which is managed by the Electronic Transaction Development Agency (ETDA). The nonprofit worries that the Thai government could now perform "man-in-the-middle" (MITM) attacks against Thai citizens. Thai Government's Tight Grip On Internet CompaniesAccording to Privacy International, the political environment in Thailand right now is such that it would be difficult for companies to deny a data request, because there isn't a strong legal framework in place that's also well enforced. In other words, companies can't bet on having the law on their side over there. (...) Windows Only OS To Approve Thai Government Root CertificateThe interception would be unnoticed by the target if the root certificate is trusted by default on an operating system such as Windows or macOS. Privacy International said it noticed that Windows does include the Thai government certificate, whereas macOS does not. Privacy International then asked Microsoft how its root certificate approval works, considering it's been the only one to approve the Thai government's root certificate so far. Microsoft seems to have replied more than two months later, saying it can't disclose how it decided exactly to approve the Thai government certificate, but that the overall approval strategy is found on its website. (...) Microsoft's Silent Root Certificate UpdatesMicrosoft has added dozens of new root certificates over the past few years, usually without making it public, and with only a few security researchers discovering when it happened. Some of the silently added root certificates have been attributed to the now infamous WoSign Chinese Certificate Authority (CA). That's the same CA that was punished by Google and Mozilla late last year over backdating of SHA1 certificates and failing to disclose that it bought another CA. Microsoft's decision to hide, or at least not announce when it added more root certificates to Windows, is quite strange. Root certificates are a highly important component of the overall security of an operating system, and more importantly, it defines how much trust users can place in one. Microsoft refusing to say how exactly it approves root certificates isn't helping matters much either. (...) Source: Tom's Hardware
|
|
|
65
|
Other / Politics & Society / N.S.A. Gets More Latitude to Share Intercepted Communications
|
on: January 13, 2017, 06:02:11 AM
|
N.S.A. Gets More Latitude to Share Intercepted Communicationshttps://www.nytimes.com/2017/01/12/us/politics/nsa-gets-more-latitude-to-share-intercepted-communications.htmlhttps://www.theguardian.com/world/2017/jan/12/obama-us-intelligence-greater-access-warrantless-data-foreign-targets<< In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government's 16 other intelligence agencies before applying privacy protections. The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches. The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people. Attorney General Loretta E. Lynch signed the new rules, permitting the N.S.A. to disseminate "raw signals intelligence information", on Jan. 3, after the director of national intelligence, James R. Clapper Jr., signed them on Dec. 15, according to a 23-page, largely declassified copy of the procedures. >>
|
|
|
67
|
Other / Off-topic / Windows 10 KB3213986 Update can cripple multi-monitor gaming
|
on: January 11, 2017, 03:59:41 PM
|
Windows 10 KB3213986 Update can cripple multi-monitor gaminghttp://www.guru3d.com/news-story/windows-10-kb3213986-update-can-cripple-multi-monitor-gaming.htmlThere is an advisory issued by Microsoft that a certain Windows 10 Update can cripple multi-monitor gaming. Microsoft tags this problem as "known issues" and hopefully is working on a fix. Microsoft opened up a bulletin on the problem and invokes screen stuttering or clipped screens when running 3D apps on machines with more than one monitor. Users may experience delayed or clipped screens while running 3D rendering apps (such as games) on systems with more than one monitor. To work around this issue please consider the following options: - Running the application in Windows mode (not full screen) - Starting the application with only one monitor connected Thanks SH SOTN for submitting this news. More info at Microsoft.
|
|
|
68
|
Other / Politics & Society / Google, Facebook Face Tighter EU Grip With New Privacy Law
|
on: January 10, 2017, 11:30:13 PM
|
Google, Facebook Face Tighter EU Grip With New Privacy Lawhttps://www.bloomberg.com/news/articles/2017-01-10/google-facebook-face-tighter-eu-grip-with-new-privacy-law-ixrikusjhttp://europa.eu/rapid/press-release_IP-17-16_en.htmhttps://www.accessnow.org/eus-e-privacy-directive-just-cookie-law<< Google, Facebook Inc. and other Internet companies will be covered by strict new European Union privacy rules that seek to limit access to consumers' data. The EU unveiled draft rules in Brussels Tuesday that would give online users more control of their settings and limit the "overload of consent requests" for cookies people encounter when browsing the web. The rules would extend the EU's ePrivacy law beyond telecommunications operators to include "new providers of electronic communications services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber", the regulator said. "I want to ensure confidentiality of electronic communications and privacy", Andrus Ansip, EU vice president for the digital single market, said in an e-mailed statement. "Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate." >>
|
|
|
69
|
Other / Off-topic / Microsoft's marketing chief admits Windows 10 upgrade was pushed too aggressivel
|
on: December 24, 2016, 11:48:49 AM
|
Microsoft's marketing chief admits Windows 10 upgrade was pushed too aggressivelyhttp://www.myce.com/news/microsofts-marketing-chief-admits-windows-10-upgrade-pushed-aggressively-81115<< Microsoft's Chief Marketing Officer (CMO), Chris Capossela, has admitted that Microsoft has been too aggressive in pushing the Windows 10 upgrade. He admits that in a video interview with Microsoft watchers Paul Thurrott and Mary Jo Foley. The company received a lot of complaints and even got involved in several lawsuits thanks to its aggressive methods. The company angered a lot of users by making changes to the application that was responsible for the upgrade notifications, Get Windows 10 (GWX). Even when users disabled the application, it enabled itself again. This made that many users upgraded to Windows 10 by accident. Capossela states it was extremely painful for him that Microsoft even ignored its own design guidelines to get users to upgrade. The upgrade dialog was changed in such a way that the red cross, normally used to close a dialog or to cancel something, now had the same effect as the OK button. This got hundreds of thousands of users to upgrade to Windows 10, because they thought they stopped the upgrade process by clicking the red cross. "Trying not go over the line of not being too aggressive is something we tried, and for a lot of the year I think we got it right, but there was one particular moment, when the red X in the dialog box that typically means cancel didn't mean cancel", Capossela said. "Within a couple of hours of that hitting the world, with the listening systems we have, we knew that we'd gone too far. And then of course it takes us some time to roll out the update that changed that behavior and those two weeks were pretty painful and clearly a lowlight for us, it learned us a lot obviously", he added. Microsoft received an enormous amount of complaints, but instead of giving in, the company tried to explain away its design choices in a knowledge base article. When that didn't work, the company removed the red cross to get rid of the complaints. But that made users even more angry. >> * * *How to completely avoid upgrading to Windows 10... forever:http://forums.noobsforever.net/viewtopic.php?f=16&t=1544* * *
|
|
|
70
|
Other / Off-topic / NIST wants help with quantum-resistant public-key cryptography
|
on: December 22, 2016, 05:17:21 AM
|
NIST wants help with quantum-resistant public-key cryptographyhttp://www.federaltimes.com/articles/nist-wants-help-with-quantum-resistant-public-key-cryptographyhttps://www.cyberscoop.com/nist-encryption-quantum-computinghttps://www.nist.gov/news-events/news/2016/12/nist-asks-public-help-future-proof-electronic-information<< The National Institute of Standards and Technology is requesting the public's help to replace cryptographic standards and guidelines that could be vulnerable to an emerging threat. Practical quantum computers, though yet to be built, have the potential to break encryption algorithms in digital systems. "The Call for Proposals for Post-Quantum Cryptography Standardization", announced Dec. 20 in the Federal Register, solicits methods and strategies from the world's cryptographers to replace protections for digital systems, concentrating on public key cryptography. FIPS 186-4, NIST SP 800-56A and NIST SP 800-56B are standards dealing with encryption, key establishment and digital signatures, and NIST is asking cryptographers to send proposed updates to susceptible algorithms by Nov. 30, 2017. NIST will then review the submissions and invite those meeting certain requirements to participate in an open workshop in 2018. An evaluation phase will then follow, narrowing the candidate pool multiple times during an estimated three- to five-year period. Complete instructions on submission and acceptability requirements for an algorithm can be found at nist.gov/pqcrypto. >>
|
|
|
72
|
Other / Off-topic / Yahoo Flaw Allowed Hackers to Read Anyone's Emails
|
on: December 09, 2016, 07:18:09 PM
|
Yahoo Flaw Allowed Hackers to Read Anyone's Emailshttp://thehackernews.com/2016/12/hack-yahoo-email.html<< Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox. Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures. Since the malicious code is in the message's body, the code will get executed as soon as the victim opens the boobytrapped email and its hidden payload script will covertly submit victim's inbox content to an external website controlled by the attacker. >>
|
|
|
73
|
Other / Politics & Society / With Rule 41, Committee Proposes To Grant New Hacking Powers To The Government
|
on: November 30, 2016, 11:05:13 AM
|
With Rule 41, Little-Known Committee Proposes To Grant New Hacking Powers To The Governmenthttps://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-governmentThe government hacking into phones and seizing computers remotely? It's not the plot of a dystopian blockbuster summer movie. It’s a proposal from an obscure committee that proposes changes to court procedures - and if we do nothing, it will go into effect in December. The proposal comes from the advisory committee on criminal rules for the Judicial Conference of the United States. The amendment [PDF] would update Rule 41 of the Federal Rules of Criminal Procedure, creating a sweeping expansion of law enforcement's ability to engage in hacking and surveillance. The Supreme Court just passed the proposal to Congress, which has until December 1 to disavow the change or it becomes the rule governing every federal court across the country. This is part of a statutory process through which federal courts may create new procedural rules, after giving public notice and allowing time for comment, under a "rules enabling act". (...) The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when "the district where the media or information is located has been concealed through technological means" or when the media are on protected computers that have been "damaged without authorization and are located in five or more districts". It would grant this authority to any judge in any district where activities related to the crime may have occurred. To understand all the implications of this rule change, let's break this into two segments. The first part of this change would grant authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one's location. Many different commonly used tools might fall into this category. For example, people who use Tor, folks running a Tor node, or people using a VPN would certainly be implicated. It might also extend to people who deny access to location data for smartphone apps because they don't feel like sharing their location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored Tweets. There are countless reasons people may want to use technology to shield their privacy. From journalists communicating with sources to victims of domestic violence seeking information on legal services, people worldwide depend on privacy tools for both safety and security. Millions of people who have nothing in particular to hide may also choose to use privacy tools just because they’re concerned about government surveillance of the Internet, or because they don't like leaving a data trail around haphazardly. If this rule change is not stopped, anyone who is using any technological means to safeguard their location privacy could find themselves suddenly in the jurisdiction of a prosecutor-friendly or technically-naïve judge, anywhere in the country. The second part of the proposal is just as concerning. It would grant authorization to a judge to issue a search warrant for hacking, seizing, or otherwise infiltrating computers that may be part of a botnet. This means victims of malware could find themselves doubly infiltrated: their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation. Even with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer. Malicious actors may even be able to hijack the malware the government uses to infiltrate botnets, because the government often doesn't design its malware securely. Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic. Make no mistake: the Rule 41 proposal implicates people well beyond U.S. borders. This update expands the jurisdiction of judges to cover any computer user in the world who is using technology to protect their location privacy or is unwittingly part of a botnet. People both inside and outside of the United States should be equally concerned about this proposal. The change to Rule 41 isn't merely a procedural update. It significantly expands the hacking capabilities of the United States government without any discussion or public debate by elected officials. If members of the intelligence community believe these tools are necessary to advancing their investigations, then this is not the path forward. Only elected members of Congress should be writing laws, and they should be doing so in a matter that considers the privacy, security, and civil liberties of people impacted. Rule 41 seeks to sidestep the legislative process while making sweeping sacrifices in our security. Congress should reject the proposal completely. Source: Electronic Frontiers Foundation
|
|
|
75
|
Other / Politics & Society / Iceland election could propel radical Pirate party into power
|
on: October 27, 2016, 08:08:16 AM
|
Iceland election could propel radical Pirate party into powerhttps://www.theguardian.com/world/2016/oct/26/iceland-election-could-propel-radical-pirate-party-into-power<< A party that favours direct democracy, complete government transparency, decriminalising drugs and offering asylum to Edward Snowden could form the next government in Iceland after the country goes to the polls on Saturday. Riding a wave of public anger at perceived political corruption in the wake of the 2008 financial crash and the Panama Papers scandal in April, Iceland's Pirate party looks on course to either win or finish a close second. The radical party, founded by activists and hackers four years ago as part of an international anti-copyright movement, captured 5% of the vote in 2013 elections, winning three seats in Iceland's 63-member parliament, the Althingi. This time around, analysts say it could win between 18 and 20 seats. This would put it in pole position to form a government at the head of a broad progressive alliance of up to five parties currently in opposition. >>
|
|
|
76
|
Other / Off-topic / HP admits rejecting non-HP ink cartridges was deliberate and planned for
|
on: September 27, 2016, 03:17:17 AM
|
HP admits rejecting non-HP ink cartridges was deliberate and planned for – won't release fixhttp://www.myce.com/news/hp-admits-rejecting-non-hp-ink-cartridges-deliberate-planned-wont-release-fix-80511HP has stated that the rejection of non-HP cartridges, which started last week, is deliberate and not a bug. The printer manufacturer also stated it won't release a firmware update to resolve the issue. The American technology company told Dutch technology site PCM that the rejection of non-HP cartridges is deliberate. The company planned for it last year, "in 2015 HP started with the implementation of updates in firmware related to the security chip in the HP OfficeJet, OfficeJet Pro and OfficeJet Pro X printers". HP also added that, "in many cases the changes were pre-programmed in the HP printer and in some case installed as part of a printer firmware update." A week ago, on the 13th of September, several HP printer types started to reject non-HP ink cartridges. Online ink retailer 123inkt.nl found that HP pre-programmed a date in its firmware on which private label, non-HP ink cartridges would no longer be accepted. HP admitted that it previously made changes to its software and stated it did so to, "protect its intellectual property, innovation and to protect the communication between the cartridge and the printer". In the same statement HP also said that "affected printers will continue to work with refilled cartridges if they contain the original HP security chip. Other cartridges possibly don’t work". Nevertheless, some users hoped that HP would resolve the issue. When taking today's statement in account that is very unlikely to happen. Some users also still hoped for a solution as they were told by the HP helpdesk that the rejection of non-HP cartridges was a bug. Today HP withdrew that statement as a HP spokesman told PCM, "the information the HP helpdesk provided to customers is wrong". HP's statements fully confirm what online ink retailer 123inkt reported earlier this week, there is no question about it. The printer manufacturer indeed deliberately pre-programmed a date in its printers from which they would start to reject non-HP cartridges. Source: Myce
|
|
|
77
|
Other / Politics & Society / Leaked documents reveal secretive influence of corporate cash on politics
|
on: September 14, 2016, 05:45:24 PM
|
Leaked documents reveal secretive influence of corporate cash on politicshttps://www.theguardian.com/us-news/2016/sep/14/corporate-cash-john-doe-files-scott-walker-wisconsin<< The pervasive influence of corporate cash in the democratic process, and the extraordinary lengths to which politicians, lobbyists and even judges go to solicit money, are laid bare in sealed court documents leaked to the Guardian. The John Doe files amount to 1,500 pages of largely unseen material gathered in evidence by prosecutors investigating alleged irregularities in political fundraising. Last year the Wisconsin supreme court ordered that all the documents should be destroyed, though a set survived that has now been obtained by the news organisation. The files open a window on a world that is very rarely glimpsed by the public, in which millions of dollars are secretly donated by major corporations and super-wealthy individuals to third-party groups in an attempt to sway elections. They speak to a visceral theme of the 2016 presidential cycle: the distortion of American democracy by big business that has been slammed by both Donald Trump and Bernie Sanders. >>
|
|
|
78
|
Other / Politics & Society / Bayer's $66bn takeover bid of Monsanto called a "marriage made in hell"
|
on: September 14, 2016, 05:40:42 PM
|
Bayer's $66bn takeover bid of Monsanto called a "marriage made in hell"https://www.theguardian.com/business/2016/sep/14/bayer-takeover-monsanto-66-billion-deal<< German chemical giant Bayer has agreed to a $66bn (£50bn) deal to buy controversial US agrochemical giant Monsanto and create the world's largest seeds and pesticides company. The proposed deal, the biggest corporate takeover deal so far this year, follows a wave of consolidation in the seeds and agriculture industry and has raised concerns among scientists, regulators, farmers and activists who called the deal a "marriage made in hell". Werner Baumann, chief executive of Bayer, which is most famous for developing aspirin, said "the combination of our two great organizations [will] deliver substantial value to shareholders, our customers, employees and society at large". But farmers and environmentalists warned the deal could lead to a reduction in seed variety, an increase in genetically modified crops and higher seed costs and therefore crop and food prices. The proposed takeover is likely to face intense regulatory scrutiny in the US and Europe, particularly as it quickly follows two other mega-deals in the agriculture industry and would leave control of almost two-thirds of the world's seeds and pesticides in the hands of three firms. Analysts at Bernstein Research said they thought there was only a 50:50 chance of the deal winning regulatory clearance. "We believe political pushback to this deal, ranging from farmer dissatisfaction with all their suppliers consolidating in the face of low farm net incomes to dissatisfaction with Monsanto leaving the United States, could provide significant delays and complications", they said in a research note. Because of the difficulties expected in getting the deal through, Bayer has agreed to pay Monsanto $2bn if the tie-up falls apart because of competition concerns. Friends of the Earth described the takeover, which will see Bayer pay $128 per share – a 44% premium on Monsanto's share price before the proposed deal was first revealed in May, as a "marriage made in hell". >>
|
|
|
79
|
Other / Politics & Society / Edward Snowden makes "moral" case for presidential pardon
|
on: September 13, 2016, 03:11:55 PM
|
Edward Snowden makes "moral" case for presidential pardonhttps://www.theguardian.com/us-news/2016/sep/13/edward-snowden-why-barack-obama-should-grant-me-a-pardon<< Edward Snowden has set out the case for Barack Obama granting him a pardon before the US president leaves office in January, arguing that the disclosure of the scale of surveillance by US and British intelligence agencies was not only morally right but had left citizens better off. The US whistleblower's comments, made in an interview with the Guardian, came as supporters, including his US lawyer, stepped up a campaign for a presidential pardon. Snowden is wanted in the US, where he is accused of violating the Espionage Act and faces at least 30 years in jail. Speaking on Monday via a video link from Moscow, where he is in exile, Snowden said any evaluation of the consequences of his leak of tens of thousands of National Security Agency and GCHQ documents in 2013 would show clearly that people had benefited. "Yes, there are laws on the books that say one thing, but that is perhaps why the pardon power exists – for the exceptions, for the things that may seem unlawful in letters on a page but when we look at them morally, when we look at them ethically, when we look at the results, it seems these were necessary things, these were vital things", he said. "I think when people look at the calculations of benefit, it is clear that in the wake of 2013 the laws of our nation changed. The [US] Congress, the courts and the president all changed their policies as a result of these disclosures. At the same time there has never been any public evidence that any individual came to harm as a result." Although US presidents have granted some surprising pardons when leaving office, the chances of Obama doing so seem remote, even though before he entered the White House he was a constitutional lawyer who often made the case for privacy and had warned about the dangers of mass surveillance. Obama's former attorney general Eric Holder, however, gave an unexpected boost to the campaign for a pardon in May when he said Snowden had performed a public service. >>
|
|
|
80
|
Other / Politics & Society / Eagles v drones: Dutch police to take on rogue aircraft with flying squad
|
on: September 12, 2016, 04:17:49 PM
|
Eagles v drones: Dutch police to take on rogue aircraft with flying squadhttps://www.theguardian.com/world/2016/sep/12/eagles-v-drones-dutch-police-take-on-rogue-aircraft-flying-squad<< Dutch police are adopting a centuries-old pursuit to resolve the modern-day problem of increasing numbers of drones in the skies, becoming the world's first force to employ eagles as winged warriors. "It's a low-tech solution to a high-tech problem", police spokesman Dennis Janus said as officers and their feathered friends gave their first public demonstration of the birds' prowess. A series of tests have been organised since early 2015, and the Dutch forces announced Monday that the results had been good. The eagles will now be launched whenever drones are believed to be posing a danger to the public, such as during sensitive state visits or if the remote-controlled tiny craft are flying too close to airports. >>
|
|
|
|