My Weekly RoundUp #128

Big news, even this week!

Cybersecurity

Hackers Were Inside Citrix for Five Months

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

Krebs on Security

Windows Devices in Hospitals Vulnerable to Potential Exploits

Windows Devices in Hospitals Vulnerable to Potential Exploits According to recent reports, hackers can exploit the vulnerabilities present in health devices, and it can prove dangerous to the health of the patients at the hospital. But, the problem could be avoided by following some simple steps. The health devices have a more likable chance to the Bluekeep exploit than any other devices connected in the hospitals. Health devices can be exploited up to 2 times, using the Bluekeep exploit. This puts both the patients and the hospital staff in danger as witnessing the current scenario, the health sector has recently been one of the primary targets of the hackers.

EHackingNews

Google Removes Dashlane Password Manager from Chrome Web Store

Google has removed the Dashlane password manager extension used by over 3 million users from the Chrome Web Store due to issues with ‘User Data Privacy/ Use of Permissions’.

On Saturday, February 8th, Dashlane posted to the service’s status page that their Chrome extension was removed from the Chrome Web Store and can not be downloaded.

Bleeping Computer

Privacy

Chrome deploys deep-linking tech in latest browser build despite privacy concerns

Google has implemented a browser capability in Chrome called ScrollToTextFragment that enables deep links to web documents, but it has done so despite unresolved privacy concerns and lack of support from other browser makers.

Via Twitter on Tuesday, Peter Snyder, privacy researcher at privacy-focused browser maker Brave Software, observed that ScrollToTextFragment shipped earlier this month in Chrome 80 unflagged, meaning it’s active, despite privacy issues that have been raised.

“Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a ‘don’t break the web,’ never-cross redline,” he wrote. “This spec does that.”

The Register

EU Commission to staff: Switch to Signal messaging app

The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.

The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.”

The app is favored by privacy activists because of its end-to-end encryption and open-source technology.

“It’s like Facebook’s WhatsApp and Apple’s iMessage but it’s based on an encryption protocol that’s very innovative,” said Bart Preneel, cryptography expert at the University of Leuven. “Because it’s open-source, you can check what’s happening under the hood,” he added.

POLITICO

Tutanota is blocked in Russia in an attempt to stop encrypted communication

Tutanota has been blocked in Russia starting Friday, 14th of February. This follows the blocking of other encrypted email services in Russia to prevent Russian citizens from using secure communication channels online.
As the OONI Explorer – a tool to demonstrate censorship online – shows, Tutanota is blocked in parts of Russia. Tutanota is also listed in the registry of blocked sites provided by Russian activists.
At Tutanota we focus on providing a secure and confidential communication channel to citizens, but also to journalists and activists.

Tutanota Blog

California Police Have Been Illegally Sharing License Plate Reader Data

Some of California’s largest police departments have been collecting millions of images of drivers’ license plates and sharing them with entities around the country—without having necessary security policies in place, in violation of state law, according to a newly released state audit.

The audit, published Thursday, found that 230 police and sheriff’s departments in the state currently use automated license plate readers (ALPRs), which can be fixed cameras or devices mounted on patrol cars. Police have touted the technology as necessary for enforcing parking and basic municipal laws, and as a vital tool in child abduction cases and other high-profile investigations.

VICE

Signal is finally bringing its secure messaging to the masses

Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a midwestern-looking man in his 60s, asked for help. He couldn’t figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal.

Ars Technica

Technology

Larry Tesler, of copy-and-paste fame, dies at 74

Larry Tesler, the computer scientist who is widely credited with the copy-and-paste function that is now nearly ubiquitous in user interfaces, has died at 74.

Tesler – note the spelling! – worked at the influential Xerox Palo Alto Research Center, better known as PARC, in the 1970s.

Old-timers in the computer industry will tell you that “everything that we take for granted in computing these days was invented at PARC”, and there’s a grain of truth in that rose-tinted reminiscence.
Xerox, so the story goes, was worried that the paperless office was on its way, which wouldn’t be great for its vast photocopier business.
If everyone in an office had their own computer, companies wouldn’t need copiers because they could share documents electronically, and if they did need a printed copy, then they could just print it out themselves.

Naked Security

Google’s Message to Huawei Device Users: Do Not Use the Side Door to Install Google Apps

Google wants to clear things up for Huawei device users: Google’s apps and services cannot be preloaded on new Huawei devices and are not available due to U.S. government restrictions. If users try to download Google apps and services through a side door, or essentially download them from somewhere other than the Play Store, bad things can happen.

Gizmodo

Data Protection and Brexit

At the moment, the General Data Protection Regulation (or GDPR) is an important piece of legislation protecting personal data, but it is European, not UK law. There is therefore a certain amount of concern about what might happen to data protection in the UK in the future, but there also seems to be some confusion about what is happening now.

The government’s original plan was that, at the point of leaving the EU, all existing EU legislation which took effect in the UK directly (such as the GDPR) would become by default UK legislation. That is what section 3 of the European Union (Withdrawal) Act 2018 would have done. As soon as this happened, the pithily named Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 would immediately step in and perform an extensive series of edits to what would then be renamed the “UK GDPR”.

Almost all of these edits are essentially a global replacement of terms like “European Union” with “United Kingdom”. The GDPR is complicated enough that a simple search and replace would not work and so the edits have more heavy lifting to do. But what you have to imagine is something that looks exactly like the GDPR if the EU contained only the UK and nothing else.

Open Rights Group

Assange lawyer: Trump offered WikiLeaker a pardon in exchange for denying Russia hacked Democrats’ email

Julian Assange was offered a pardon by the White House only if he publicly said Russia did not hack the Democratic National Committee, according to the WikiLeaks supremo’s lawyer.

The bombshell came on Wednesday in Westminster Magistrates’ Court amid Assange’s attempt to block his extradition from the UK to the US – where he faces charges of conspiracy to commit computer intrusion. Assange appeared in the central London court via video link from prison.

According to multiple reports quoting Assange’s lawyers, the super-leaker’s legal team was prepared to show evidence and testimony that former Republican congressman Dana Rohrabacher (R-CA) visited Assange back in 2017 at the Ecuadorian embassy in the British capital, and made the offer: deny Russia was involved in obtaining the emails from DNC servers, and the Trump administration would provide a “pardon or some other way out” of criminal charges in America.

The Register

Science

What to grow to survive an apocalypse


Entertainment

The 15 most underrated Netflix TV shows

Whether you’ve been scrolling for ten minutes or ten hours, finding the right Netflix show can be tricky. You’ll pass up something perfect for you because you don’t recognize the title, watch something you hate because it had a cool thumbnail, then panic and give up.

So, we at Mashable put our heads together to find a whole bunch of shows you’re probably scrolling past but will definitely love. Because we’ve had this problem. Also, we care.

Mashable

New trailers: Westworld, Amazing Stories, and more

I recently watched The Souvenir, Joanna Hogg’s partly autobiographical film about a young filmmaker who gets wrapped up in a toxic and emotionally abusive relationship with an older man. While looking up where to stream it, Google presented me with its “top voted tags” for the movie (I have no idea how these are generated), which were: slow, boring, pretentious, overrated, confusing, strong acting, and “+3 more.” Perfect, I thought.

One fascinating technique the film repeatedly uses is to obfuscate the beginnings of things and drop us into events well past when they’ve begun. The entire beginning of the central romantic relationship is left offscreen, as is all but the ending of a very significant argument between the couple. It’s disorienting and strange, but it helps to convey the feelings of the protagonist — suddenly in over her head, not entirely sure of how things got this way.

There’s apparently a sequel in the works. The film by no means calls for one, but I think there’s something very cool about making a sequel to a film that traditionally wouldn’t get one.

Check out nine trailers from this week below.

The Verge

Related posts

  1. Weekly Cybersecurity Roundup #8
  2. Weekly Tech Roundup #7
  3. Weekly Cybersecurity Roundup #6
  4. Weekly Tech Roundup #5
  5. COVID-19: some concerns about Contact Tracing apps