CyberSecurity Pulse 2016-06-30
|“As soon as you stop wanting something, you get it.”|
Welcome to the United States. May We Ask You about Your Twitter Handle, Please?
According to DHS, the social media snooping would add a new level of security to potential foreign visitors, who are already photographed, fingerprinted, and in-person interviewed, alongside numerous database checks which sometimes reveal curious misunderstandings due to false positives. "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyse and investigate the case", says the proposal.
From a technical point of view, these kind of tools already exist as free software tools that are capable of identifying a username on a bunch of different platforms in the internet. However, problems arise for investigaror when they have to disambiguate the results to determine whether a profile is linked to a citizen or not, a harder task to accomplish when the results collected share similar ncknames or very common first names and last names. Anyway, whenever these kind of measures come to light to control those entering the country we are leaving aside other local threats that have also lead to real threats. In this sense and taking into account that the goal is to identify potential terrorist actors, to what extent is it necessary to massively collect this data taking into account the existence of suspects which are already living in the United States?
Russia Approves Bill Requiring Decryption Backdoors
The surveillance laws would enlist messaging apps, social networks, and other services in providing the Federal Security Service (FSB), the successor to the KGB, with access to all communications within Russia upon request. The legislation requires Russia's telecom operators to store phone call and text message metadata for three years, and also requires phone call and text message records storage for six months. Existing Russian law supports an exhaustive surveillance system which was in fact condemned last year by the European Court of Human Rights. The court ruled that Russia's mobile communications surveillance system violates the European Convention on Human Rights.
China Orders Apple to Monitor App Store Users and Track Their Identities
China has long been known for its strict control programs which make it difficult for foreign technology companies to do business in the most populous country in the world which widely surpassed the 1.35 billion people. The new law issued by the Chinese government will expand its already strict Internet monitoring efforts in the area of mobile apps, targeting operators including Apple but not Google, as it currently does not operate its app store in China. In this way, the Cyberspace Administration of China (CAC) has imposed new regulation on distributors of mobile apps that requires both app stores and app developers to keep a close eye on users and maintain a record of their activities for, at least, 60 days.
Rest of the Week´s News
Variants of Cerber Ransomware Target Microsoft Office 365 Users
Variants of Cerber Ransomware are now targetting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools. According to a report published by cloud security provider Avanan, the massive zero-day ransomware attack targeted Microsoft Office 365 users by means of spam or phishing emails carrying malicious file attachments that compromised the users' files.
Chrome DRM Bug Makes It Easy to Download Streaming Video
Security researchers have discovered a vulnerability in the Google Chrome browser that could allow users to bypass its copy protection system and download content from streaming video services like Netflix and Amazon Prime Video. According to Wired, Google was alerted to the problem on May 24, but has not issued a patch yet.
High-severity Bugs in Symantec Products Imperils Millions of Users
Much of the product line from Symantec contains a raft of vulnerabilities that expose millions of consumers to self-replicating attacks that can take complete control of their computers. Tavis Ormandy, a researcher in Google's Project Zero, warned about this on Tuesday: "They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible".