TweakTown NewsRefine News by Category:
A hacker named Peace has their hands-on the login credentials of 200 million Yahoo accounts, throwing them onto a dark web marketplace 'The Real Deal' for just three Bitcoins, or around $1800 USD.
Yahoo said in a statement to Motherboard that they "are aware of a claim" that Yahoo login credentials were on The Real Deal, but Yahoo has said that while it's aware of the hack, it hasn't confirmed or denied its legitimacy. Motherboard got its hands-on a sampling of the data, which includes usernames, hashed passwords, birth dates and even some backup email addresses.
The data was reportedly stolen in 2012, with the hacker adding they have traded the data privately for a while, but only decided to put it on the market recently. Yahoo hasn't pushed out a mandatory password reset announcement, which is definitely strange.
The US government requested a new record of user data from Google in the second half of 2016, with 40,677 requests impacting as many as 81,311 user accounts, reports ZDNet.
From July through to December 2015, the US government requested the 40.677 requests, an 18% increase from the first half of the year. Most of the requests are coming from the US, with 12,523 data requests in the three-month period, with requests impacting 27,157 users or accounts.
Google says it has been reporting the number of user data requests in a 6-month period going back to the second half of 2009, while it has been detailing the users and accounts it has impacted in the first half of 2011. Google notes: "Usage of our services have increased every year, and so have the user data request numbers".
Privacy is a perpetual concern with Facebook and Facebook Messenger, but it gets a little less so today as the company rolls out its 'Secret Conversations' feature.
Built on Open Whisper Systems' Signal Protocol, Secret Conversations means you can create a conversation with someone that can only be seen by you and on the device of the person you're talking to, as opposed to Facebook or any potential hackers. As well, you can set your messages to disappear within a set amount of time.
As for downsides, you have to take extra action to start such a conversation, you can't view the conversation on multiple devices like you can currently, and fancy features like GIFs, videos, payments aren't supported.
One month after publicly supporting Apple in its fight for encryption, chat app company WhatsApp now features end-to-end encryption in its client. In essence, whether you're calling someone, sending a file, messaging, hosting a group chat, or anything else, you can be rest assured it's completely private from hackers, WhatsApp, and anyone else you might be paranoid about.
"We live in a world where more of our data is digitized than ever before," company CEO and founder Jan Koum says of the change. "Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people's digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities."
We reported yesterday that the FBI had broken into the iPhone 5C used by the San Bernardino shooter, without Apple's help. It's now being reported that Appel can't force the FBI to disclose just how it broke into their smartphone.
The FBI reportedly tapped the help of an Israeli security firm, which broke into the iPhone 5C, and with Apple unable to force the FBI to show them how they did that, it could mean that other iPhones could be broken into. Why? Because Apple can't fix the security hole that the FBI went through - mainly for iPhone users, but it's obviously a hole that Apple don't know about, or at least they don't know which method the FBI used. It's quite scary there's an easy hole for a company that's not Apple, nor the FBI, can use to break into iPhones - quite easily, it seems.
Ars Technica talked with a law enforcement official, who said: "We cannot comment on the possibility of future disclosures to Apple. [There] are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences," he said while explaining the Vulnerabilities Equities Process". So, there's no legal requirement of the FBI to disclose how it broke through Apple's much-touted security... well now.
FBI 1, Apple 0.
Last week it became apparent Amazon had not included support for local encryption with Fire OS 5, which would seem to contradict its support of Apple's fight for encryption. Asked for comment on exactly that and why they would drop support when it seems all the work is done by Google anyway, an Amazon spokesperson simply told us, "We will return the option for full disk encryption with a Fire OS update coming this spring."
Amazon initially said its customers "weren't using" local encryption, so it decided not to include support for it, which appeared flimsy reasoning. Whatever the case, the company has wisely decided to change course, likely in light of how it looks currently.
For what feels like forever, Windows users have been at the butt of attacks from Mac users when it comes to "but Windows is open, and gets hit by viruses, malware, and ransomware all the time". Well, that might be something of the past now.
Palo Alto Networks is claiming it's discovered the first known OS X-based ransomware, known as "KeRanger". How do you get it? You download software infected with the nasty code, with BitTorrent client Transmission, where it will encrypt your files after 72 hours, after which it'll demand that you hand over digital currency ransom to get your files back. Nice.
The latest version of Transmission, alongside Apple revoking a security certificate from another developer that KeRanger used to get past OS X's built-in defenses, should keep you safe. But, this should act as a warning: OS X isn't as safe as most people think it is, and this could be the tip of the iceberg in the months, and years to come.
Amazon's Fire OS 5 came out in September, but only now is it being discovered that the operating system no longer supports local encryption (which makes data accessible only with a passcode or key). Concerns have arisen as a result, given Amazon just filed a brief supporting Apple's defense of encryption.
Fire OS is built on Android's open-source code, which has offered local encryption for years. Fire OS 5 doesn't support the feature it turns out, and Amazon's statement on why doesn't help clear matters up much.
Yesterday, Twitter, Reddit, and 15 other tech companies collectively filed an amicus brief in support of Apple and its defense of smartphone encryption. For reason unclear, other giants like Microsoft and Facebook -- which have publicly announced their support -- were not included. However, they have filed their own separate brief with the same goal.
Microsoft President and CLO Brad Smith writes in a blog post of the case, "The fact that we're discussing the All Writs Act across the country is a telling indication of the urgent need to update antiquated rules that govern digital technology and privacy. If we are to protect personal privacy and keep people safe, 21st century technology must be governed by 21st century legislation. What's needed are modern laws passed by our elected representatives in Congress, after a well-informed, transparent, and public debate."
Not all figures within the US government oppose encryption, today shows.
Secretary of Defense Ashton Carter made his position on the matter clear today at the RSA 2016 security conference, stating, "I'm not a believer in backdoors. It's not realistic and it's not technically accurate," later continuing, "[The Department of Defense is] not in the executive branch seeking legislation of this kind. I don't think writing a law without an exploration of all the technical solutions out there [is a good idea]."
He also isn't a fan of implementing "a law written by people [without tech expertise] or written in an atmosphere of anger and grief" and feels that one case shouldn't "drive the solution."
"We have to innovate our way to a sensible result," he finished.