Security & Privacy Archives • Page 2 of 23 • no more cubes

OpenSSH deprecates SHA-1

Is anyone here still using SHA-1?

Breaking a SHA-1-generated SSH authentication key now costs roughly $50,000, putting high-profile remote servers at risk of attacks.
from ZDNET

Source: OpenSSH to deprecate SHA-1 logins due to security risk

Bella Ciao Ismir

Hacker hacken… Türkische Moscheen und deren Minarette, um auf den Lautsprechern der Einrichtungen “Bella Ciao” anstelle der üblichen Gebete zu spielen.

Bella Ciao blaring from mosques in Izmir. Is this the moment when the workers of the world unite? Turkey’s Office of Religious Affairs currently is investigating who is behind this… pic.twitter.com/2EJVKfMV5n
— Louis Fishman لوي فيشمان לואי פישמן (@Istanbultelaviv) May 20, 2020

Dem Nachrichtensender N-TV zu Folge ein Angriff von türkischen Hackern.

Datenreichtum bei Easyjet

Hacker hacken… Easyjet:

Die Fluggesellschaft Easyjet ist Opfer eines Hackerangriffs geworden. Unbekannte hatten Zugang zu den Daten von rund neun Millionen Reisenden. Bei manchen Kunden geht es auch um Kreditkartendaten.
Der SPIEGEL

Source: Easyjet räumt Datenleck ein, neun Millionen Kunden betroffen – DER SPIEGEL

“Health Officials Say ‘No Thanks’ to Contact-Tracing Tech“, titles Wired. In all these recent debates about how to handle Covid-19 going forward, in particular in Germany, it may be worthwhile looking beyond borders.

Later last month, Engadget reported, that Israel stops phone tracing to enforce Corona quaranties. While Israel seemed to look at phone location information, the Wired article suggests multiple US states and cities evaluated the benefit of other contact tracing technology. The result seems to disappoint:

States like New York, California, and Massachusetts, and cities like Baltimore and San Francisco, have looked carefully at cutting-edge contact-tracing solutions and largely said, “No thanks,” or “Not now.”
via wired.

Foreign perspective is an interesting one, too. Foreign Policy titles “Germany’s Angst Is Killing Its Coronavirus Tracing App“. Which, after all, may be the exact outcome.

Corona

Bruce Schneier, well known cryptologist and security researcher, has a few thoughts on corona tracing apps on his blog. Spoiler: he doesn’t like the idea.

His article is revolving around efficiency much more than privacy, concluding that such apps won’t work in the first place.

Vollkommen überraschend ist Antivirensoftware Schlangenöl und können Schaden auf den Systemen anrichten, die sie schützen sollen. Quote:

Da die Antivirenprogramme mit Root-Rechten laufen, konnten auch wichtige Systemdateien gelöscht werden.
Aus dem Artikel.

Im @leopoldina-Papier wird auch das Hochfahren der Testkapazitäten auf #COVID19 gefordert – Dagegen ist von verstärkter Überwachung nicht die Rede. Die #HandyOrtung ist allein eine Idee der #GroKo https://t.co/6kJPpayPM2
— Peter Schaar (@Peter_Schaar) March 21, 2020

Kurze Durchsage von Peter Schaar zur Telefonortung wegen Corona: Handy-Ortung war demzufolge keine Idee der wissenschaftlichen Beratungskommission für die Corona-Pandemie. Es war die gesellschaftliche Situation, die es der Politik ermöglicht hat, einen lang gehegten Wunsch umzusetzen. Peter Schaar war übrigens von 2003 bis 2013 Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).

Update: Ulrich Kelber, der amtierende Bundesdatenschutzbeauftragte, sieht das wohl ähnlich.

Alle Maßnahmen der Datenverarbeitung müssen erforderlich, geeignet und verhältnismäßig seien. Bisher fehlt jeder Nachweis, dass die individuellen Standortdaten der Mobilfunkanbieter einen Beitrag leisten könnten, Kontaktpersonen zu ermitteln, dafür sind diese viel zu ungenau.
— Ulrich Kelber (@UlrichKelber) March 22, 2020

Weird bad thing:

iOS built-in adult content filter blocks all searches with the keyword "Asian,” assuming it's porn-related. Which means a 12 y/o Chinese-American girl might Google "Asian hairstyles" and find out that her culture is blocked as "adult content."
— Charlie Stigler (@charliestigler) February 18, 2020

Joeseph Redmon, who invented the YOLO Algorithm, quit his research over ethical concerns. These are some dark shadows this is throwing ahead.

“We shouldn’t have to think about the societal impact of our work because it’s hard and other people can do it for us” is a really bad argument. https://t.co/HbZBi1nrgU
— Joe Redmon (@pjreddie) February 20, 2020

I stopped doing CV research because I saw the impact my work was having. I loved the work but the military applications and privacy concerns eventually became impossible to ignore.https://t.co/DMa6evaQZr
— Joe Redmon (@pjreddie) February 20, 2020

‘We’ve created a privacy industry’

‘We’ve created a privacy industry’ was a statement you could often hear when Europe introduced General Data Protection Regulations (GDPR) and the German implementation DatenSchutz GrundVerOrdnung (DSGVO). Already back in 2016 first predictions arrived, that GDPR will boost European software industry and give them a unique selling point. After the regulation became effective in Europe May 25th 2018(!), after a 2 years transition period, perceived only complaints happened. Affected data controllers and processors cited the difficulties implementing these regulations. A BitKom funded survey even indicates the regulation is hurting the European market.

Now, around 1.5years later, the industry seems to have settled on the regulation and business continues as usual. Subjectively perceived, privacy is indeed still an obstacle to decision makers in the market. Even politicians keep on imploring data to be the new oil, demanding a data driven economy and to weakend the underlying ideas of european data protection acts. Meanwhile, the opportunity has moved along. Californian Start-Ups discovered this niche and turn privacy it into value:

Privacy-focused technology companies are offering a variety of services, from personal data scrubbing to business-focused software meant to help companies comply with the law.

Source: ‘We’ve created a privacy industry’: California law fuels wave of startups