New 'National Security' Law Threatens Hong Kong Pro-Democracy Protesters With Life In Prison

Found on Techdirt on Monday, 06 July 2020
Browse Legal-Issues

Hong Kong was handed back to China in 1997 with the understanding the Chinese government would not strip away the rights granted to Hong Kong residents prior to the handover. The Chinese government has no intention of honoring that agreement, which has prompted months of protests.

Pro-democracy books have been pulled from libraries by the Hong Kong government in order to review them for violations of the new law. And protesters are now carrying blank signs, since the law makes the existence of any anti-Chinese government words a potential violation of the new law, possibly putting protesters in line for life in prison.

After months of battling a rebellious region, the Chinese government has placed Hong Kong firmly under its control. There will be no more "one country, two systems."

Is any of the other nations doing anything, like cutting ties with China? No. So much for their support for democracy: only hollow phrases by politicians.

One out of every 142 passwords is '123456'

Found on ZD Net on Sunday, 05 July 2020
Browse Various

The main discovery was that the 1,000,000,000+ credentials dataset included only 168,919,919 unique passwords, of which more than 7 million were the "123456" string.

In most cases, users chose simplistic passwords such as using only letters (29%) or numbers (13%). This meant that around 42% of all the passwords included in the 1 billion dataset were vulnerable to quick dictionary attacks that would allow threat actors to gain access to accounts without any effort or technical difficulty.

Some things never change.

Remember when we warned in February Apple will crack down on long-life HTTPS certs?

Found on The Register on Saturday, 04 July 2020
Browse Internet

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats.

"Connections to TLS servers violating these new requirements will fail," Apple warned in its official note. "This might cause network and app failures and prevent websites from loading."

Mozilla and other tech giants previously lobbied the CA/Browser Forum – a collective of certificate issuers and browser makers – for shorter cert lifetimes. After those proposals were shot down in a vote, Apple went ahead anyway with a one-year-max policy and bypassed the industry forum, a move backed by the Chromium team.

Long lived certificates are mostly EV certificates. So if these websites decide to switch to DV certificates like Let's Encrypt, they actually lower the bar. In the end, lifetime decisions should be left to the webmaster.

How Police Secretly Took Over a Global Phone Network for Organized Crime

Found on Motherboard on Friday, 03 July 2020
Browse Legal-Issues

Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots.

French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months.

This was malware on the Encrochat device itself, meaning that it could potentially read the messages written and stored on the device before they were encrypted and sent over the internet, a devastating finding for a company whose main mandate is to protect the content of communications for highly sensitive clients.

It would not be too surprising if bodies of people working for Encrochat are found sooner or later.

YouTube TV jumps 30% in price effective immediately

Found on Ars Technica on Thursday, 02 July 2020
Browse Internet

Brand-new customers can expect to pay $65/mo for the service from here on out, while existing customers will see the price jump from $50 to $65 on their July bill.

The other family of streaming and TV services to see a price hike today comes from AT&T, whose AT&T TV (a streaming-only product with rates and plans that resemble standard cable contracts) and DirecTV (a standard satellite-TV product) are each seeing their new-customer rates jump.

These price spikes come less than three months after AT&T disclosed a massive 890,000 drop in premium TV service subscribers.

How many hundreds of dollars are consumers supposed to pay each month, now that everybody seems to roll out their own streaming service?

India bans TikTok, WeChat and dozens more Chinese apps

Found on BBC News on Wednesday, 01 July 2020
Browse Internet

India's Ministry of Information Technology said it was banning the 59 Chinese apps after receiving "many complaints from various sources" about apps that were "stealing and surreptitiously transmitting users' data in an unauthorised manner".

"The compilation of these data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures," the ministry said.

China massively collects each and every bit of information, dubbed "thousand grains of sand".

Facebook will label rule violations as Coke, Pepsi, Starbucks join ad “pause”

Found on Ars Technica on Tuesday, 30 June 2020
Browse Censorship

Facebook CEO Mark Zuckerberg said the company will change the way it handles rule-breaking speech from high-profile politicians in the future amid an advertising boycott that has drawn participation from large firms across several sectors.

"A handful of times a year, we leave up content that would otherwise violate our policies if the public interest value outweighs the risk of harm," Zuckerberg said in a Facebook Live video and accompanying post, repeating his usual argument that everyone should be able to read whatever a politician chooses to say on the platform.

So much for Zuckerberg's earlier promises. As soon as the inflow of money drops, his promises drop too.

Google says it will keep less browser history and location data by default

Found on NBC News on Monday, 29 June 2020
Browse Internet

There will be no automatic change for existing accounts and people who already have location history turned on in their Google settings, but the company plans to inform existing users of the option to set up auto-delete after three to 18 months, he said. People also have the option to turn the setting off.

The change comes after growing scrutiny of the amount of data that tech companies such as Google collect and retain. Personal data helps to fuel Google’s lucrative advertising business by allowing marketers to better target their ads.

Or, they could just keep no data by default.

New polymer easily captures gold extracted from e-waste

Found on Ars technica on Sunday, 28 June 2020
Browse Science

The researchers’ gold-scrubber is based on an organic compound called a porphyrin. Linked together in a polymer, it possesses lots and lots of little pores that, energetically, want to host a metal atom.

The researchers say the polymer costs about $5 per gram to produce, and that gram can capture $64 in gold. And since the polymer can be reused, it would be considerably cheaper than that over time, adding little to the overall cost of a recycling operation.

That will make it a lot easier to retrieve gold, assuming that the polymer itself is harmless and safe.

Popular iPhone and iPad Apps Snooping on the Pasteboard

Found on Mysk on Saturday, 27 June 2020
Browse Software

We found that many apps quietly read any text found in the pasteboard every time the app is opened. Text left in the pasteboard could be as simple as a shopping list, or could be something more sensitive: passwords, account numbers, etc.

We have investigated many popular apps in the App Store and found that they frequently access the pasteboard without the user being aware. Our investigation confirms that many popular apps read the text content of the pasteboard. However, it is not clear what the apps do with the data. To prevent apps from exploiting the pasteboard, Apple must act.

Every bit of data that can be slurped, will be slurped. Don't think it's the usual list of shady apps nobody uses: ABC, NY Times, Fox, Reuters, WSJ, TikTok and so on...