So, it looks like most of Apple's products are bugged by the CIA - if the latest claims from WikiLeaks are to be believed. The new "Dark Matter" release from "Vault 7" has documentation for "several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware".
WikiLeaks has exposed the interestingly named "Sonic Screwdriver" project, something that CIA calls a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting". This hack provides its attacker, so in this case the CIA, to deploy its attack software from a USB flash drive - and scarily "even when a firmware password is enabled".
The CIA's "Sonic Screwdriver" infector is reportedly stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter, says WIkiLeaks.
WikiLeaks' report continues, with "DarkSeaSkies" also detailed as "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants".
The full report is available on WikiLeaks' website, with the final paragraph stating: "While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise".
Yahoo has confirmed that over 1 billion user accounts have been compromised, with the breach dating back to August 2013.
The stolen user data includes names, email addresses, phone numbers, dates of birth, hashed passwords, and even unencrypted security questions. Thankfully, financial information such as bank account and credit card data is held in a different server, with Yahoo saying that server was not affected - hopefully.
The company is now in the process of notifying all affected users, asking them to change their passwords - but as for the unencrypted security questions, Yahoo has invalidated them. It was only back in September that we reported over 500 million Yahoo account details were leaked in a breach in 2014, with forensic experts stating that the two hacks aren't related.
However, Yahoo knew about the hacks in 2014 - and didn't say anything. The bigger question is the $4.8 billion acquisition of Yahoo by Verizon, but I'm sure with this recent data breach of 1 billion user accounts, Yahoo will have to drop that price considerably. Also, if I were Verizon, I'd rename Yahoo to FFS.
The US Navy has waited until Thanksgiving to announce news that one of their employees had their laptop "compromised", with personal data of 130,000 sailors being stolen, back on October 27.
Chief of Naval Personnel Vice Admiral Robert Burke said in the US Navy's press release: "The Navy takes this incident extremely seriously - this is a matter of trust for our Sailors. We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach".
The Navy continued in its press release: "For those affected by this incident, the Navy is working to provide further details on what happened, and is reviewing credit monitoring service options for affected Sailors".
The data of 134,386 current and former sailors and service members' personal data leaked - the news of it arriving on Thanksgiving doesn't sit well with me either, with Motherboard reporting: "It's pretty bad to lose the personal information of 134,386 current and former sailors and service members, but letting them-and the rest of the world-know this happened the night before Thanksgiving, in what could easily be construed as an attempt to bury the bad news, certainly doesn't make the Navy look good".
The Belgian Big Brother Awards 2016 yesterday unanimously granted the title of 'ultimate privacy villain of the year' to Facebook, as decided by the public and a professional jury.
"We nominated Facebook for the award because their default settings are noxious for privacy," explained Joe McNamee, Executive Director of European Digital Rights. He later remarked, "Facebook is a multi-billion dollar company that has one commodity - you!"
Digital rights and freedoms association EDRi describes Facebook as having "access to a wide range of personal data, and it tracks your movements across the web, whether you are logged in or not."
It shouldn't be surprising - but it really is, that Yahoo secretly build a custom software program to search through all of its users' incoming emails for information - all on behalf of the US intelligence sector. Yeah... Yahoo spied on your emails, before you had even read them, for the NSA, according to sources of Reuters.
Yahoo complied with classified US government demand, scanning hundreds of millions of Yahoo Mail accounts "at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events", reports Reuters. The site continues: "Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real-time".
Yahoo boss Marissa Mayer gave the order, which pissed some senior executives off to the point that in June 2015, Chief Information Security Officer Alex Stamos, left the company, joining Facebook. Yahoo said to Reuters: "Yahoo is a law abiding company, and complies with the laws of the United States". Yeah Yahoo, you sure are - a snitching little traitor (my words).
Germany's privacy regulatory body has taken issue with Facebook collecting WhatsApp user data, ordering the company to delete the data and cease the practice, calling it "an infringement of national data protection law."
"It has to be [the user's] decision, whether they want to connect their account with Facebook," says Hamburg data protection commissioner Johnnes Caspar. "Therefore, Facebook has to ask for their permission in advance. This has not happened."
Germany -- which boasts 35 million WhatsApp users -- isn't the only European country to take issue with Facebook's approach: France and Britain have both done so, with the former stating it would monitor the situation "with great vigilance."
Does your PC or laptop have a front-facing webcam? Put tape over it immediately, and treat it like locking your doors or setting up an alarm system, says FBI boss James Comey.
During the Center for Strategic and International Studies conference, Comey said: "There's some sensible things you should be doing and that's one of them. You go into any government office and we all have the little camera things that sit on top of the screen. They all have a little lid that closes down on them. You do that so that people who don't have authority don't look at you. I think that's a good thing".
We shouldn't be surprised of this warning, as Facebook CEO and founder Mark Zuckerberg was pictured with the camera on his laptop taped over. Comey has also admitted that he uses tape on his webcam.
Edward Snowden has leaked out some new information about the NSA having a spy base in the UK that has been intercepting satellite and other wireless communications around the world.
The base is Snowden has revealed is the Menwith Hill Station (MHS) in North Yorkshire, a 545-acre base that fronts as the Royal Air Force facility that is capable of "rapid radio relay and conduct communications research". The base had seen protestors, journalists and even terrorists interested, and now Snowden's new leak details what is happening at the base.
In a report by The Intercept, the NSA has been intercepting international communications from the base in two ways: the first is FORNSAT. FORNSAT uses the huge golf ball-shaped domes with powerful antennae to intercept transmissions between foreign satellites. The second method is called OVERHEAD, which has US government satellites finding, and monitoring smartphone calls and Wi-Fi signals on the ground.
Feature-wise, agreeing to the new terms will mean notifications from other services you use, like your bank when a fraudulent transaction comes up, or your airline when a flight is delayed. It also means better friend suggestions and more relevant advertising.
A hacker named Peace has their hands-on the login credentials of 200 million Yahoo accounts, throwing them onto a dark web marketplace 'The Real Deal' for just three Bitcoins, or around $1800 USD.
Yahoo said in a statement to Motherboard that they "are aware of a claim" that Yahoo login credentials were on The Real Deal, but Yahoo has said that while it's aware of the hack, it hasn't confirmed or denied its legitimacy. Motherboard got its hands-on a sampling of the data, which includes usernames, hashed passwords, birth dates and even some backup email addresses.
The data was reportedly stolen in 2012, with the hacker adding they have traded the data privately for a while, but only decided to put it on the market recently. Yahoo hasn't pushed out a mandatory password reset announcement, which is definitely strange.