Archiv: Apple Inc. (monopolies)
(1) @AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones.
Spähsoftware: Wie „Pegasus“ aufs Handy kommt
Sicherheitsexperten von Amnesty International fanden auf mehreren, auch aktuellen iPhones Spuren der „Pegasus“-Software, die anscheinend auf diesem Weg auf das Gerät gelangt war. Ihrer Analyse zufolge kann das Spähprogramm unter Ausnutzung des internetbasierten Dienstes iMessage aus der Ferne installiert werden. Die NSO-Kunden müssen dafür nur die Telefonnummer der Zielperson eingeben.
Apple says it didn’t know Trump’s DOJ was asking for Democrats‘ data when it complied with subpoena
Apple on Friday said it didn’t know former President Donald Trump’s Department of Justice was subpoenaed data on Democrats when it complied with the request.
Apple said it was under a gag order not to disclose the subpoena to the affected parties.
Microsoft also acknowledged it received a similar subpoena.
Ausspähung durch Trump-Regierung sorgt für Empörung
Die „New York Times“ schrieb, Angehörige des Justizministeriums hätten 2017 und 2018 von Apple unter Strafandrohung die Herausgabe von Daten der Betroffenen verlangt – als Teil von Untersuchungen zu möglicher Weitergabe offizieller Informationen rund um die Russland-Ermittlungen gegen Trump. Apple sei zugleich verpflichtet worden, Stillschweigen über die Datenanforderung zu wahren.
Der Internet-Putsch
Die großen Medientechnologiekonzerne der Wall Street haben eine beispiellose Säuberungswelle im Internet gestartet. Big Tech löscht nicht mehr länger nur Nutzerbeiträge. Nun wollen Facebook, Google, Twitter, Apple und Amazon aller Welt zeigen, dass sie als Meinungswächter frei entscheiden können, wer sich im Internet äußern darf – und wer nicht.
Patriot Act 2, Censorship, And Other Notes From The Edge Of The Narrative Matrix
“We need to stop fascism so let’s give massive sweeping powers to an elite alliance of unelected authoritarians.”
“Well I’m a leftist and I haven’t been banned on social media.”
That’s because the left is politically impotent in our society. Unless this is just a hobby for you, at some point you should plan on the left becoming a threat to the oligarchs and warmongers. What do you think happens then?
Do you really think if the left actually becomes a threat to the status quo the Neera Tandens and Rachel Maddows aren’t going to suddenly discover a reason why you’re dangerous and need to be censored? The only way to be fine with censorship is to plan on never challenging power.
It’s sorta weird that Twitter does this mass banning of accounts, including, like, Red Scare, and the response from so many people is „Well they were all Nazis.“ Were they? What has Twitter revealed to you guys about the process that they are hiding from the rest of us?
It was a *Democratic-controlled* House sub-committee that just a few months ago issued a lengthy report concluding that FB, Amazon, Google & Apple are *monopolies*. That means competition is impossible. Now Dems are happy that it’s used for them:
I’ve been resisting the conclusion that this is Liberals‘ 9/11 because it at first seemed hyperbolic, even though they’re using the same weapons against their critics (if you question all the new powers they want, it means you love the Terrorists).
But this is Liberals‘ 9/11.
Spoofing: Neue DNS-Angriffsmethode entdeckt
(13. November 2020)
Nachdem der Quellport de-randomisiert worden sei, sei es möglich gewesen, eine böswillige IP-Adresse einzuschleusen und so erfolgreich einen DNS-Cache-Poisoning-Angriff durchzuführen. Die Details haben die Forscher im Paper „DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels“ publiziert.
Weitere Experimente unter realistischen Serverkonfigurationen und Netzwerkbedingungen würden zudem zeigen, dass ihre grundlegende Methode leicht an das gesamte DNS-System angepasst werden könnte.
SAD Reality for DNS
The researchers determined that 35% of open resolvers are open to the attack, as well as four of six home routers made by well-known brands.
They also found that 12 of 14 popular public resolvers (now 11—Cloudflare says they’ve corrected their systems) are susceptible. Even a patched DNS server could be made vulnerable by an unpatched or misconfigured NAT gateway.
Their 19-page paper on the exploit includes lists of devices and services tested. They have since set up a SAD DNS website featuring a Q&A and a tool that anyone can use to determine whether their DNS is vulnerable.
The flaw is being tracked as CVE-2020-25705, and affects Linux 3.18 – 5.10, Windows Server 2019 version 1809 and newer, macOS 10.15 and newer, and FreeBSD 12.1.0 and newer. The researchers did not test earlier versions of the listed operating system.
A Shady Israeli Intel Genius, His Cyber-spy Van and Million-dollar Deals
(31.12.2020)
Aliada, according to the suit, is a group of cyberweapon companies whose products are branded under the name Intellexa. In May 2019, it added, the group recruited Eran Beck, a former head of the Military Intelligence’s cyber department, as its director of development.
According to leaked documents from the @ORF , secret services from the so called „five eyes“ are initiators of the EU Resolution in the #encryptionban. For them this would be a very easy way to monitor all our messages and data, without the possibility to hide them.
INCLO CALLS ON STATES TO DEFEND END-TO-END ENCRYPTION
Fourteen members of INCLO express grave concerns regarding recent moves by various groups to breakencryption. We note with alarm calls from the Council of the European Union, the EuropeanCommission, and the Department of Justice in the US, with support from Australia, Canada, New Zealand, India, Japan and the UK, to allow police authorities intercept encrypted communications.
Joint statement by the EU home affairs ministers on the recent terrorist attacks in Europe
(13.11.2020)
We will also examine with interest the Commission’s announced proposal to designate hate speech and hate crime and incitement as criminal offences that are provided for and regulated under European Union law.
In the same vein, the Council must consider the matter of data encryption so that digital evidence can be lawfully collected and used by the competent authorities while maintaining the trustworthiness of the products and services based on encryption technology.
‘Five Eyes’ alliance demands ways to access encrypted apps
(12.10.2020)
The top justice officials of the United States, Britain, Australia, Canada and New Zealand said in a statement that the growth of end-to-end encrypted apps that make official oversight impossible – like Signal, Telegram, FaceBook Messenger and WhatsApp – “pose significant challenges to public safety.”
“There is increasing consensus across governments and international institutions that action must be taken,” they said.
International Statement: End-To-End Encryption and Public Safety
(11.10.2020)
We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:
– Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
– Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
– Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
Apple, Google, Amazon and Facebook CEOs to appear at antitrust hearing on July 27
The House Judiciary Subcommittee on Antitrust will hear from the tech giants‘ leaders.
Is there a secret Covid tracker on your phone? Android and iPhone users say new feature has suddenly appeared on their handsets – without anyone installing it
Proponents are hailing the arrival of the system as a step towards stamping out the virus and ending lockdown.
The function is automatically disabled in countries without contact-tracing apps, such as Britain and the US.
UK virus-tracing app switches to Google-Apple model
The UK follows Germany, Italy and Denmark among others in switching from a so-called „centralised“ approach to a „decentralised“ one.
The government is expected to confirm the news shortly.
„Corona-App“: Nächster Anlauf des elektronischen Polizeistaates
Nach dem ihr Programm auf E.U.-Ebene ausgerechnet an Google und Apple gescheitert ist, versucht es die Bundesregierung jetzt im Inland – unter fast amüsanter Nachrichtensperre.
Rotkreuz-App „nicht praxistauglich“
„Von Exitstrategie keine Spur, eine ungeeignete Smartphone-App wird als Lösung aller Probleme verkauft“, lautet das Attest der ARGE Daten, die daher empfiehlt: „Finger weg von der App, vernünftige Distanz halten, regelmäßig Hände waschen!“
Apple verspricht 2,5 Milliarden für Wohnraum in Kalifornien
pple kündigte heute ein 2,5 Milliarden Dollar (2,2 Mrd. Euro) schweres Maßnahmenpaket an. Zuvor hatten bereits Google und Facebook jeweils eine Milliarde Dollar zugesagt.
Der Anstieg der Immobilienpreise hat in den vergangenen Jahren Wohnraum für viele unerschwinglich gemacht.
Implant Teardown
The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. We can see here screenshots of the apps on the left, and on the right the contents of the database files stolen by the implant which contain the unencrypted, plain-text of the messages sent and received using the apps:
(…)
There’s something thus far which is conspicuous only by its absence: is any of this encrypted? The short answer is no: they really do POST everything via HTTP (not HTTPS) and there is no asymmetric (or even symmetric) encryption applied to the data which is uploaded. Everything is in the clear. If you’re connected to an unencrypted WiFi network this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server.
This means that not only is the end-point of the end-to-end encryption offered by messaging apps compromised; the attackers then send all the contents of the end-to-end encrypted messages in plain text over the network to their server.
A very deep dive into iOS Exploit chains found in the wild
I recommend that these posts are read in the following order:
Google Hackers Reveal Websites Hacked Thousands of iPhone Users Silently for Years
“To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group,” he said. “All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”
Mysteriöser iOS-Hack: Websites infizierten jahrelang iPhones
Außerdem war die IP-Adresse des Servers, zu dem die Daten versandt wurden, fest in der Malware kodiert. Das erleichtert es, den Angreifer ausfindig zu machen – Google hat aber hierzu keine weiteren Informationen öffentlich gemacht.
Apple ist wieder eine Billion Dollar wert
Techkonzern Apple ist an der Börse wieder mehr wert als eine Billion Dollar (knapp 897 Mrd. Euro).
Antidote for Tox
Antidote is a free Tox client for iOS.
Whether it’s corporations or governments, digital surveillance today is widespread. Antidote is easy-to-use software that connects you with friends and family without anyone else listening in. While other services may require you to pay for features, Antidote is completely free and comes without advertising.
DEA Investigated Honduras President for Cocaine Trafficking
The document, filed Tuesday, sought a court order to force tech companies including Apple, Google and Microsoft, to turn over email information from eight targets of the investigation, including President Juan Orlando Hernandez and Security Minister Julian Pacheco.
Die Verlegerverleger: Google, Apple und Facebook wollen die Paywall kapern
Google hat einen entscheidenden Vorteil: Der Datenkonzern hat die besseren Beziehungen zu Verlagen, die zugleich seine Klienten und Konkurrenten sind. Seit 2015 finanziert Google journalistische Innovationsprojekte mit Millionenbeträgen und bietet den Verlagen nützliche Dienste – von Google Analytics bis zum AMP-Standard, der schnelleres Laden von Inhalten ermöglicht. Der Konzern hat die großen Presseverlage dadurch zu Partnern erzogen.
Der Einstieg von Google, Apple und Facebook ins Abo-Geschäft wird das Machtgefälle zwischen Digitalkonzernen und Nachrichtenmedien ohne Frage verstärken.
Many popular iPhone apps secretly record your screen without asking
Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.
Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”
Inklusive Kreditkartendaten: iPhone-Apps zeichnen Bildschirm ungefragt auf
Doch einige populäre iPhone-Apps erfassen nicht nur, wann und wie oft der Nutzer auf irgendwelche Buttons gedrückt hat. Sie nehmen gleich den ganzen Bildschirm auf, berichtet Techcrunch. Es sind etwa die Apps der Modekette Abercrombie & Fitch, Hotels.com oder verschiedener Airlines, die eine Funktion namens „Session Replay“ mitbringen.
Apples Verschlüsselungs-Experte Jon Callas bei A.C.L.U. unter Vertrag
Die Bürgerrechtsorganisation American Civil Liberties Union (A.C.L.U.) und Jon Callas arbeiten seit dem 3.12.2018 für die nächsten beiden Jahre zusammen. Jon Callas ist Profi auf dem Gebiet der sicheren, verschlüsselten Kommunikation.
Apple left Intel processor management and testing tools unlocked for years
(5.10.2018) The Intel Management Engine (ME) is a subsystem used to handle tasks during the booting process and in the background, and has been in use since 2008. The Register reports the investigation by security firm Positive Technologies looked into how the subsystem could be abused, as a „side-channel threat“ to the processor.
Researchers Maxim Goryachy and Mark Ermolov, who previously were involved in the finding of a related Intel ME firmware flaw one year ago, posted on Tuesday about their latest discovery.
Apple Demands Retraction Of Bloomberg’s Big ‚Chip Infiltration‘ Story; Bloomberg Has Some Explaining To Do
Some companies may misrepresent things, or try to play down stories, but outright fabrication is not at all common (and the consequences of a company doing it would be severe). And here, both Amazon and Apple’s denials were so clear, so specific and so adamant that it raised serious questions about the reporting.
Hype um „chinesische Spionagechips“ kommt vom Pentagon
Die Sensationsmeldung des Wirtschaftsportals Bloomberg über manipulierte Hardware für Cloud Computing stellt sich im FM4-Faktencheck als fast völlig faktenfrei heraus. Am Freitag kam ein langerwarteter Bericht des Pentagon heraus, der vor der Elektronikfertigung in China warnt.
The empire strikes back: Apple, Spotify, Facebook and Google/Youtube all purge Infowars/Alex Jones. Yes, Infowars has frequent nonsense, but also a state power critique. Which publisher in the world with millions of subscribers is next to be wiped out for cultural transgression?
YouTube, Facebook and Apple shut down Alex Jones channels
YouTube, Facebook and Apple have taken steps to remove content associated with InfoWars and its founder Alex Jones.
USA: Technologiekonzerne diskutieren mit Geheimdiensten über Internetzensur
Die New York Times und die Washington Post veröffentlichten diese Woche Berichte über ein privates Treffen zwischen acht großen Technologie- und Social-Media-Konzernen und den amerikanischen Geheimdiensten, das letzten Monat stattfand. Dabei wurde über die gemeinsamen Zensurbestrebungen im Vorfeld der kommenden Zwischenwahlen im November 2018 diskutiert.
Das Treffen fand am 23. Mai im Hauptsitz von Facebook in Menlo Park (Kalifornien) statt. Unter den Teilnehmern waren Vertreter von Facebook, Amazon, Apple, Google, Microsoft, Snap, Twitter und Oath, ein 2017 gegründetes Unternehmen, zu dem auch Yahoo und der Telekommunikationskonzern Verizon gehören, sowie Agenten des FBI und des Heimatschutzministeriums.
Apple schliesst iPhone-Lücke: Empörung beim FBI – und dem organisierten Verbrechen
Trotz Software-Update: Die US-Behörden versuchen weiter, iPhones zu knacken. Kriminelle warten gespannt auf neue Hacks.
Silicon Valley may rethink open campuses after YouTube shooting
When a shooter opened fire on YouTube’s campus before killing herself, Silicon Valley didn’t just experience a tragedy that’s rocked other communities and prompted an intense debate over gun control in the United States. The incident may also have prompted a rethink among tech companies which have enjoyed a culture that’s embraced open spaces, including cafes, restaurants and gift shops, shared with the public.
Tim Cook Blasts Facebook & Google, Calls For Government Regulation
Tim Cook, CEO of Apple, sees things differently. In an interview with Kara Swisher of Recode and Chris Hayes of MSNBC scheduled to air April 6, he tells the two hosts, “I think the best regulation is no regulation, is self-regulation. However, I think we’re beyond that here.” He then goes on to blast Facebook and Google for their despicable business ethics — assuming they have any at all.
Tech-Unternehmen: Plötzlich sind die Giganten verwundbar
Dabei war die Branche in der Vergangenheit durchaus zusammengerückt, wenn Druck von außen aufkam: Als die US-Bundespolizei FBI etwa Apple zwingen wollte, die verschlüsselten Daten eines iPhones preiszugeben, sprangen Google, Facebook und Microsoft dem Konzern zur Seite. Solcherlei Corps-Geist aber kann oder will sich die Branche in Zeiten zunehmender Probleme offenkundig nicht mehr leisten.