Tag Archives: Data Security

China Fines Didi Global $1.2 Billion For Violating Laws!

China Fines Didi Global $1.2 Billion For Violating Laws!

China just fined Didi Global a whopping $1.2 billion for violating its cybersecurity, data security and privacy laws!

 

China Fines Didi Global $1.2 Billion For Violating Laws!

On Thursday, 21 July 2022, the Cyberspace Administration of China (CAC) announced that Didi Global breached the country’s cybersecurity law, data security law, and personal information protection law.

The Chinese cyberspace regulator fined Didi Global 8 billion yuan ($1.2 billion), as well as a personal fine of 1 million yuan ($148,000) each on Chairman and CEO Cheng Wei, as well as President Liu Qing (also known as Jean Liu).

The facts of violations of laws and regulations are clear, the evidence is conclusive, the circumstances are serious, and the nature is vile.

Didi Global responded to the regulator’s announcement with a contrite statement “sincerely” accepting the judgement and penalties :

We sincerely accept this decision, and resolutely obey it. We will strictly follow the penalty decision and the requirements of relevant laws and regulations, conduct comprehensive and in-depth self-examination, and actively cooperate with supervision and complete rectification carefully.

We will take this as a warning and further strengthen the construction of cyberspace security and data security, strengthen the protection of personal information, and earnestly fulfill our social responsibilities. We will serve every passenger, driver and partner well, and realize the safe, healthy and sustainable development of the enterprise.

 

What Did Didi Do To Incur China’s Wrath?

According to an FAQ by the CAC, its investigators started their investigation of Didi in July 2021.

After conducting an extensive investigation, they found that Didi conducted data processing activities that “seriously affected national security”, and refused to comply with “the explicit requirements of regulatory authorities” and conducted “malicious evasion” of regulatory supervision.

They also stated that Didi Global committed 16 violations of China’s laws, including :

  1. Didi illegally collected 11.9639 million screenshots from its users’ mobile phone photo albums.
  2. Didi excessively collected 8.323 billion pieces of its users’ clipboard information, and application list information.
  3. Didi excessively collected 107 million pieces of passenger face recognition information, and 53.5092 million pieces of age group information, 16.3556 million pieces of occupational information, 1.3829 million pieces of family relationship information, and 153 million pieces of taxi address information.
  4. Didi excessively collected passengers’ evaluation of the drivers, when the app is running in the background, and 167 million pieces of precise location (longitude and latitude).
  5. Didi excessively collected 142,900 pieces of driver education information, and 53.976 billion pieces of “intent information”, 1.538 billion pieces of resident city information, and 304 million pieces of non-local business/travel information.
  6. Its users are frequently asked to provide “telephone permissions” while using its services.
  7. Inaccurate and clear description of user personal information processing, including device information.

The CAC noted that Didi started its bad practices in June 2015, and continued even after the Cybersecurity Law was implemented in June 2017, the Data Security Law started in January 2022, and the Personal Information Protection Law was implemented in November 2021.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Chinese Netizens Explode Over WPS Office Censorship!

Chinese netizens are incensed over evidence that WPS Office was monitoring and deleting their files!

Find out what’s going on, and what it means for the digital privacy of WPS Office users!

 

Chinese Netizens : WPS Office Is Monitoring + Blocking Our Documents!

Chinese company, Kingsoft, is under fire for claims that its productivity suite WPS Office is actively monitoring and deleting user documents that might displease Beijing!

At the heart of this issue is the WPS Cloud platform that works like Microsoft 365, allowing users to store their documents in the cloud, or locally.

Chinese netizens are alleging that WPS Office was actively monitoring their documents, and even deleting those that were detected to contain content that might displease the Chinese authorities.

One novelist who goes by the pseudonym Mitu, claimed that she was unable to access her unpublished 1.3 million character document. Not only was it blocked in her cloud storage, she couldn’t access the local copy using the desktop WPS client.

She was told that “the file may contain sensitive content and access has been disabled“.

Mitu shared her experience on Lkong – an online Chinese literature forum, and the social media platform Xiaohongshu, in late June 2022; and it only began trending in Weibo in early July after an influencer reposted her complaint.

A Weibo post on her complaint appears to have been deleted, but fortunately a screenshot was captured. This was the post in Chinese, machine translated into English :

Simply put, WPS seems to have some kind of sensitive word harmony function, Then after being detected, not only the ones stored on the cloud disk will be harmonized

According to the victim’s complaint, it is not only on the cloud, but also on local files. It’s hard to escape a harmony.

At present, according to some netizens, it may be checked after being saved.Sensitive words are detected and then determined to be files that may contain sensitive information,

Directly blocked, or it may be directly locked after being remotely detected by the background server local files There is no other way but to appeal (and it will be fixed in time) but this Is it remote from the server?

Now there is a lot of panic in the online literature circle, for fear that hundreds of thousands of words of manuscripts will be blocked overnight. Asking both online and offline harmony, many people re-use ms and writing pads write file

Mitu said she reported the problem to Kingsoft, which eventually apologised and restored access to the file within two days. The company admitted that “the file was not problematic”.

However, her story spurred other Chinese netizens to come forward with their own stories. A writer in Guangzhou who goes by the pseudonym Liu Hai also said that his WPS Office document of nearly 10,000 words was similarly blocked on July 1, 2022.

These incidents have sparked concerns about privacy in China. While the Chinese government routinely monitors and censors social media content, monitoring and blocking of personal documents would represent a new level of censorship in China.

 

WPS Office Admits Blocking File Access

After the online furore over claims that WPS Office deleted user files, the software developer issued a terse public statement on July 11, 2022.

It said that WPS Office does not delete the “user’s local files”, and that it was a misunderstanding. They only deleted the “online document link”, and blocked “others from access the link according to the law”.

Here is the Weibo post in Chinese, machine translated into English :

Statement on the exposure of online transmission #WPS will delete the user’s local files

A recent online document link shared by a user is suspected of violating the law, and we have prohibited others from accessing the link according to law. This has been misrepresented as #WPS delete user local files.

To this end, we specifically declare: WPS, as an office software developed for more than 30 years, has always put user experience and user privacy protection first.

WPS Office cleverly claims that it never “censors, locks or delete users’ local files”, which is technically correct but as Mitu and Liu Hai described, WPS Office blocks access to their users’ local files.

It was discovered that the files can still be opened by other software, like Microsoft Word or Tencent Docs. But the blocked files cannot be opened by WPS Office, even if they are stored locally (in the user’s computer).

It should be noted that Mitu never shared her file online. So WPS Office’s claim that they only blocked “others” from accessing the file is misleading.

 

WPS Office Not The Only Cloud Provider Monitoring Content

To be fair to WPS Office and Kingsoft, they are not the only ones monitoring content uploaded to the cloud. They just took things one step further by blocking access to local files.

By default, traffic to and from cloud-based productivity services like Google Docs, Microsoft 365 and WPS Office are not end-to-end encrypted.

That means they can and most likely are reading / monitoring EVERYTHING you type or upload. This includes files uploaded and stored in cloud-based storage services like Google Drive and Microsoft OneDrive.

That is the right of cloud service providers, because you are using their servers to store your content.

Google, for example, lists content that can be automatically removed and could even lead to a ban :

  • Account hijacking
  • Account inactivity
  • Child sexual abuse and exploitation
  • Circumvention
  • Dangerous and illegal activities
  • Harassment, bullying, and threats
  • Hate speech
  • Impersonation and misrepresentation
  • Malware and similar malicious content
  • Misleading content
  • Non-consensual explicit imagery
  • Personal and confidential information
  • Phishing
  • Regulated goods and services
  • Sexually explicit material
  • Spam
  • System interference and abuse
  • Unauthorized images of minors
  • Violence and gore
  • Violent organizations and movements

People need to be aware of this, and stop assuming that they have privacy on such cloud services, even if they paid to use them.

So it is not surprising that WPS Office monitors everything its users do. If they stopped at blocking access to the online files that contravened local laws, no one would bat an eye.

What is unusual though is that it also blocked access to the users’ local files! That means that their desktop and mobile apps were specifically designed to enforce a list of blocked files issued by WPS Office / Kingsoft.

If WPS Office / Kingsoft goes to that extent, does it mean that they would also alert the Chinese authorities about users producing content that displease them?

That is something everyone should think about, not just Chinese netizens who are justifiably concerned about WPS Office.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Science | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!

Find out what’s going on, and what this data breach entails!

 

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.

He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.

In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen.

Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.

He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.

 

Shanghai Police Database Left Unsecured For 14 Months!

ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.

Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.

Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).

And best of all – they made the data available to anybody who registers for an account!

The site that I found it on is public, anybody (could) access it, all you have to do is register for an account. Since it was opened in April 2021, any number of people could have downloaded the data.

Either they forgot about it, or they intentionally left it open because it’s easier for them to access. I don’t know why they would. It sounds very careless.

Read more : Did Hackers Release Pfizer + Moderna Vaccine Death Data?!

 

This Was Second Hack Of Shanghai National Police Database!

Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.

By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.

It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.

Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.

Maybe there was some junior developer who noticed it and tried to remove the notes before senior management noticed them.

This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.

Read more : Was Facebook Taken Down By 13 Year-Old Chinese Hacker?

 

Most Of China Affected By Shanghai Police Data Leak!

The Shanghai National Police data leak is currently the largest leak of public information ever.

It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.

The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.
– Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison

This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.

Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.

 

China Censors Coverage Of Shanghai Police Data Leak

The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.

Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.

Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.

China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.

Read more : Chinese Media Accidentally Leaks Ukraine Censorship Order!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | EnterpriseTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

US Mil Contractor Admits Selling Aviation Secrets To China!

A US military contractor just pleaded guilty to selling classified aviation secrets to China!

 

US Mil Contractor Admits Selling Aviation Secrets To China!

On 23 June 2022, Shapour Moinian, 67, of San Diego, pleaded guilty to selling classified aviation secrets to “representatives of the Chinese government”.

Moinan admitted that he knew that those individuals were employed by, or directed by, t he government of the People’s Republic of China.

He also admitted making false statements to cover that up, by lying on his government background questionnaires in July 2017 and March 2020 that he did not have any close or continuing contacts with foreign nations, and that no foreign national had offered him a job.

He now faces a maximum penalty of 10 years in prison, and a fine of up to $250,000 for action as an agent of a foreign government, and up to 5 years in prison and a $250,000 fine for making false statements.

His sentencing is scheduled for August 29, where federal prosecutors have agreed to recommend a sentence of no more than 20 months, as part of his plea agreement.

As Special Agent in Charge Stacey Moy of the FBI’s San Diego Field Office explains :

The defendant admitted to being an unregistered agent of a foreign power, lying on his background check paperwork to obtain his security clearance, knowingly providing proprietary information to people controlled by the Chinese government, and willingly receiving payments from them. This is another example of how the Chinese government enhances its defense capabilities through the illicit exploitation of U.S. technology.

When someone holds a security clearance, they know what information should be reported to security officials. In this case, the defendant betrayed his sacred oath, knew his actions were wrong, and subsequently lied about it. The FBI and our partners on the Counterintelligence Task Force will pursue anyone who abuses their placement and access to obtain proprietary information on behalf of a foreign government. I specifically want to thank the Naval Criminal Investigative Service (NCIS) for their continued partnership on this case.

 

How This Military Contractor Sold Aviation Secrets To China!

Moinan was a former US Army helicopter pilot who served in the United States, Germany and South Korea from 1977 to 2000. After leaving the US Army, he worked for various “cleared” defence contractors in the United States.

The term “cleared” indicates that the contractor has been vetted and cleared to work on projects involving classified information.

While working for a cleared defence contractor on various aviation projects involving the US military and intelligence agencies, Moinan was contacted by an individual in China, who claimed to be working for a technical recruiting company.

This Chinese individual offered Moinan the opportunity to consult for the aviation industry in China. In March 2017, Moinan travelled to Hong Kong to meet with this recruiter.

At that meeting, he agreed to provide information and materials related to multiple types of aircraft designed and/or manufactured in the United States, in exchange for money. Moinan accepted between $7,000 to $10,000 during that meeting.

On returning to the United States, Shapour Moinan began gathering aviation-related materials for the Chinese government.

In one instance, he copied classified materials obtained from a cleared defence contractor into a thumb drive, which he handed over to Chinese government officials during a stopover in the Shanghai airport in September 2017.

Moinan arranged for payment for this transfer to be paid through his stepdaughter’s South Korean bank account. He told her that these funds were payments for his overseas consulting work, and instructed her to transfer the funds to him in multiple transactions – to avoid scrutiny.

Moinan also accepted a mobile phone, and other equipment from these Chinese government officials to securely communicate with them, and to aid in the electronic transfer of classified materials and information.

At the end of March 2018, Moinan travelled to Bali to meet with the same individuals again. After that meeting, his step daughter received thousands of dollars in her South Korean bank account, which she wired to him in multiple transactions.

Later in 2018, Moinan went to work for another cleared defence contractor, and in August 2019, he travelled with his wife to Hong Kong to meet with the same Chinese government officials.

This time, he received $22,000 in cash for his services, which Moinan and his wife smuggled into the United States that trip.

It is currently unknown how the US government discovered Moines’s activities, but he was investigated by the FBI’s Counterintelligence Division and the Naval Criminal Investigation Service (NCIS).

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Military | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

TikTok Leak : China Repeatedly Accessed Private User Data!

Leaked audio from internal TikTok meetings show that private user data has been repeatedly accessed from China!

Here is what you need to know…

 

Privacy Promise By TikTok : Overseas Data Stored In US + Singapore

For many years now, TikTok has repeatedly assured users that all data collected from users outside of China, stays out of China and is thus, not accessible to anyone in China.

To ensure that the Chinese government has no access to the data, one of the measures they took was to store all data collected overseas in servers located in the United States, with backups in Singapore.

This was explicitly stated in their New Privacy Policy :

We store the information described in the What Information We Collect section in servers located in the United States and Singapore.

Most people may not realise this, but they also added a caveat right after that, stating that their Corporate Group (in China) may remotely access the data…

When entities in our Corporate Group need information to help us provide the Platform, they remotely access the information pursuant to authorised and secure access controls.

 

TikTok Leak : China Repeatedly Accessed Private User Data!

Buzzfeed News recently received audio recordings from more than eighty (80) internal TikTok meetings, in which employees admitted that engineers in China accessed private user data.

This was despite a TikTok executive’s sworn testimony at an October 2021 US Senate hearing at the same time period, that a “world-renowned, US-based security team” decides who gets access to the private user data.

Instead, the leaked audio revealed that US staff did not have permission or knowledge of how to access the data. Rather, it was their colleagues in China who determined how and who accessed the private user data.

The leaked tapes ultimately show that TikTok may have misled lawmakers, users, and the public by downplaying the fact that their private data is readily accessible by employees in China, and potentially, the Chinese government.

Everything Is Seen In China

Eight different employees stated in nine statements that they had to refer to their colleagues in China to make those decisions.

Everything is seen in China“, said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

In another September 2021 meeting, a TikTok director referred to a Beijing-based engineer as a “Master Admin” who “has access to everything“.

There’s Some Backdoor To Access User Data…

Fourteen of the leaked audio recordings were with, or about, a team of Booz Allen Hamilton consultants that TikTok brought in to investigate how data flows through TikTok and ByteDance’s internal tools.

In September 2021, one Booz Allen Hamilton consultant told colleagues that the tools felt like they had backdoors to access user data :

I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting.

Oracle Only Providing Storage For Project Texas

TikTok has been working on what they call Project Texas – securely storing overseas data in Oracle cloud servers to comply with CFIUS (Committee on Foreign Investment in the United States).

Project Texas is limited to protecting the private information of US users, like phone numbers and birthdays – details that are not publicly visible, or have been set to private.

Such data will be stored at an Oracle datacenter in Texas – hence the name, and would only be accessible to specific US-based TikTok employees.

However, TikTok’s head of global cyber and data defense made clear that Oracle was only providing the data storage space for Project Texas. Ultimately, TikTok would be setting up the servers, and controlling everything.

It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our VMs [virtual machines] on top of it.

Unique IDs Not Protected Information

In one of the leaked audio recordings from a January 2022 meeting, TikTok’s head of product and user operations announced with a laugh that the Unique ID (UID) will not be amongst the protected content under the CFIUS agreement.

The conversation continues to evolve. We recently found out that UIDs are things we can have access to, which changes the game a bit.

Other Data Not Stored On Oracle Servers

The problem with Project Texas is that it only addresses US users… and only a small subset of their data.

Everything else – including private user data from non-US countries – will stay in their US and Singapore servers that remain accessible to ByteDance’s Beijing offices.

 

Response By TikTok : 100% US Data Traffic Routed To Oracle

TikTok publicly announced on the same day – June 17, 2022, that it changed the “default storage location of US user data“, and that “100% of US user traffic is being routed to Oracle Cloud Infrastructure“.

Although they “expect” to fully pivot to Oracle cloud servers located in the US, they will continue to use their existing US and Singapore servers for backup, and delete US users’ private data over time.

While this may address some of the privacy concerns for US users, it does not address the other privacy concerns revealed in the leaked audio recordings… or the privacy concerns of non-US users.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

CD PROJEKT RED Hack : Source Codes + Docs Stolen!

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

 

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

 

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

  • FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
  • ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

 

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

 

Recommended Reading

Go Back To > Cybersecurity | Games | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ministry of Education Website Uses Plain Text CAPTCHA!

It is unbelievable, but the Malaysia Ministry of Education’s website uses plain text CAPTCHA that can be copied and pasted!

Take a look at this incredulous security lapse, and find out why it could put your data at risk!

 

Ministry of Education Website Uses Plain Text CAPTCHA!

The recent threat by Anonymous Malaysia to attack government websites over their lack of security appears to be well-justified.

Qusyaire Ezwan spotted an incredulous security lapse in the official Malaysia Ministry of Education website – plain text CAPTCHA!

On top of that, the code can actually be copied and pasted!

 

Ministry of Education Plain Text CAPTCHA : A Serious Cybersecurity Risk!

The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test is something most of us are familiar with.

It is a test that helps to identify real humans, and weed out bots, before they are allowed to access a service. This prevents bot fraud and hacking attempts.

In the Ministry of Education website, the plain text CAPTCHA was used to “secure” the retrieval of forgotten passwords for their Student Management Module.

A real CAPTCHA uses distorted images to prevent a bot from “reading” the numbers or letters, thereby ensuring that only a real human being would be able to key in the correct code.

As this screenshot shows, the CAPTCHA used in the Ministry of Education website just uses random sequences of letters and numbers in PLAIN TEXT!

This means a bot can easily copy and paste the plain text code, and bypass the CAPTCHA test.

Frankly, this doesn’t even qualify as a CAPTCHA test, because it cannot differentiate between humans and bots.

Now, the password is still sent to the registered email accounts, not to the hackers or bots. So your data is not in immediate danger.

However, this is still a SERIOUS cybersecurity risk, because a hacker can pair this design flaw with compromised email accounts.

It would allow their bots to easily and quickly make password retrieval requests for compromised email accounts, and then retrieve your Ministry of Education password.

Having access to the Student Management Module would give hackers access to a ton of information on children and their parents :

  • child : name, date of birth, telephone number, home address
  • school : location, class name, teacher’s name,
  • parent : name, occupation, workplace address, contact number, declared salary

On top of that, many people reuse their passwords, so hackers will use the password retrieved from the Ministry of Education website on other websites and online services you may use.

If you use the same password for your banking account, for example, that would expose your banking account to the hacker.

That is why CAPTCHA is important. It doesn’t prevent hacking attempts, but it greatly slows it down by blocking bots from making mass requests.

The use of plain text CAPTCHA in an official government website is a fiasco. A basic cybersecurity checklist would have prevented software vendors from using plain text CAPTCHA in government websites.

The Malaysian government needs to take the security of official websites seriously. This is a disgrace.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Why You Should NOT Move WhatsApp Chats To Telegram!

Telegram just highlighted the ability to migrate WhatsApp chats to their app, but you really should NOT do that.

Find out why this is a BIG security and privacy risk than just leaving your chats in WhatsApp!

 

Telegram : Moving Chat History From WhatsApp, Line + KakaoTalk

In a recent version 7.4 update for their iOS app, Telegram announced a new feature – the ability to move your chat messages from other apps like WhatsApp, Line and Kakaotalk to their app.

Curiously, that ability has actually been part of WhatsApp since 2018, when they introduced the ability to export chats to email and other apps.

And while this feature is purportedly available only with the iOS version of Telegram Messenger, you can already do that with existing versions of WhatsApp and Telegram.

 

Why You Should NOT Move WhatsApp Chats To Telegram!

You should note that the privacy risks with WhatsApp have been grossly exaggerated by the media and many Internet “experts”.

For one thing – WhatsApp users have been sharing metadata with Facebook since September 2016, a fact initially lost on many media outlets and “experts”.

But we understand the fear – Facebook is a real snoop. Even so, it would be a mistake to migrate from WhatsApp to Telegram.

Let us share with you why you should NOT migrate from WhatsApp to Telegram, and why it is a BIG mistake to migrate your WhatsApp data to Telegram.

Fact #1 : Telegram Is LESS Secure Than WhatsApp

WhatsApp fully implemented end-to-end encryption across all of their apps and network since 5 April 2016.

End-to-end encryption prevents WhatsApp or Facebook from reading your messages. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Telegram, on the other hand, has STILL NOT implemented end-to-end encryption for all messages by default.

Instead, they still insist on offering end-to-end encryption only when you create a Secret Chat.

This leaves the bulk of your messages completely readable by Telegram and anyone who intercepts those messages as they travel from your device through the Internet to the recipient.

The very presence of Secret Chats between certain people is itself metadata that can help oppressive regimes identify their enemies or whistleblowers.

Fact #2 : Your Data Is Stored In Telegram Cloud Servers

All WhatsApp data is stored only in your registered device. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

It’s the opposite with Telegram – all of your data – messages, photos, videos, documents – is stored in their cloud servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

This ability has its advantages like convenient access across multiple devices, but it also makes Telegram less secure.

Telegram has access to your encrypted files, including the ability to decrypt them for authorities that legally compels them to do so.

Fact #3 : Moving Your Messages + Media To Telegram Exposes Them

While your chats and media remain within your WhatsApp app, they are encrypted and not available to anyone but yourself (and the recipients).

Migrating your chat messages and media to Telegram would involve sending them unencrypted to Telegram’s servers.

This exposes your hitherto secure chats and media to a man-in-the-middle attack – allowing a third party to snoop or grab a copy of the data as it travels unencrypted to the Telegram servers.

Fact #4 : Facebook Already Has Your Metadata

As we pointed out earlier, WhatsApp has been sharing our metadata with Facebook since September 2016.

So moving your existing chats out of WhatsApp won’t limit or reduce your exposure. That horse has long bolted from the stable.

Moving your chat history and files to Telegram will just offer a new attack surface for cybercriminals and oppressive regimes.

Fact #5 : Facebook Will Still Have Your Data If You Still Use Facebook!

Here is the other thing that people don’t realise – migrating from WhatsApp to another messaging app is pointless if you do not also stop using Facebook.

As long as you still use Facebook, they will still have access to a consideration amount of metadata. Losing your WhatsApp metadata just gives them less metadata.

After all, Facebook can track your movements and activity even if you are NOT on Facebook! This is what they call Off-Facebook Activity.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Is WhatsApp Forcing Us To Share Data With Facebook In February 2021?

Many websites are claiming that WhatsApp is forcing us to share our data with Facebook in February 2021.

Find out what’s going on, and what the FACTS really are!

 

WhatsApp Sharing Data With Facebook : What’s Going On?

We wrote about this earlier, but it looks like many websites (including very influential ones) are still peddling the claim that WhatsApp is going to force us to share data with Facebook in February 2021.

It all started with this pop-up alert that started appearing on WhatsApp a few days ago, alerting us to a change in its terms and privacy policy.

You must accept this new privacy policy to continue using WhatsApp from 8 February 2021 onwards. Otherwise, the alert subtly suggests, you should “delete your account”.

Since then, numerous articles have been written about how this new privacy policy is forcing us to share our WhatsApp data with Facebook.

This has led to many people switching to alternatives like Telegram and Signal, in fear that the new privacy policy would allow Facebook to access and read all of their WhatsApp messages.

 

No, WhatsApp Is Not Forcing You To Share Data With Facebook

As we shared earlier, NO, the new WhatsApp privacy policy does not force you to share data with Facebook, because…

Fact #1 : It Has Been A Requirement Since September 2016!

It is perplexing why so many websites claim that this new privacy policy forces us to let WhatsApp share data with Facebook. After all, this has been a requirement since September 2016!

Back in August 2016, WhatsApp announced that they would start sharing data with Facebook. At that time, they gave existing users 30 days to opt-out.

This was a one-time offer that has never been repeated. Since then, every new and current user MUST agree to let WhatsApp share data with Facebook.

Fact #2 : WhatsApp Will Still Honour The Opt-Out

If you are a WhatsApp veteran who opted out of data sharing in August 2016, WhatsApp will still honour that opt-out.

You can safely agree to the new privacy policy – your data opt-out will remain active.

Fact #3 : WhatsApp Will Share MORE Information With Facebook

The new WhatsApp privacy policy is mainly focused on enabling Businesses on WhatsApp.

So while they DO NOT need your permission to continue sharing data with Facebook, they still need your permission to SHARE MORE data with Facebook.

This is the list of additional data that we must agree to let WhatsApp share with Facebook :

  • Status Information. You may provide us your status if you choose to include one on your account. Learn how to use status on Android, iPhone, or KaiOS.
  • Transactions And Payments Data. If you use our payments services, or use our Services meant for purchases or other financial transactions, we process additional information about you, including payment account and transaction information. Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount). If you use our payments services available in your country or territory, our privacy practices are described in the applicable payments privacy policy.
  • Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.
  • User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and reported user.
  • Businesses On WhatsApp. Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.When you message with a business on WhatsApp, keep in mind that the content you share may be visible to several people in that business. In addition, some businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers. For example, a business may give such third-party service provider access to its communications to send, store, read, manage, or otherwise process them for the business. To understand how a business processes your information, including how it might share your information with third parties or Facebook, you should review that business’ privacy policy or contact the business directly.

Fact #4 : WhatsApp + Facebook Cannot Read Your Messages

WhatsApp finished implementing end-to-end encryption on 5 April 2016, about 4.5 months before instituting the requirement to share data with Facebook.

Since then, WhatsApp nor Facebook can no longer read your messages, as they are encrypted. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Fact #5 : Telegram Is Less Secure!

For those who are fleeing to Telegram, you should note that Telegram does not encrypt messages (only Secret Chats).

In fact, all of your data – messages, photos, videos, documents – are stored in Telegram servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

In contrast, WhatsApp data is only stored in your devices. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

WhatsApp will, however, store the time and date of the messages you send and receive.

Fact #6 : Signal Is The Most Secure Alternative

Those who want a more private and secure messenger should opt for Signal, instead of Telegram.

It offers end-to-end encryption using the open-source Signal protocol, the same protocol which WhatsApp uses in its own proprietary format.

On top of that, it offers a Sealed Sender feature which prevents everyone – including Signal – from knowing the sender and recipient of a message.

But best of all, Signal does not share your data with any third-party company. In fact, the only metadata it collects is your phone number, and even that is not linked to your identity.

That said, Signal lacks features found in WhatsApp and Telegram, so we cannot call it the best alternative, only the most secure alternative.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Fact Check : Fat Bidin Claims On MySejahtera Snooping!

Wan Azlee, who goes by Fat Bidin, claims that MySejahtera is mining private information from our phones.

Find out what he discovered, and what the FACTS really are!

Updated @ 2020-12-03 : Added MySejahtera version history for more context.

Updated @ 2020-12-01 : Added more information, including how to disable permissions in Android and iOS for the paranoid.

Originally posted @ 2020-11-30

 

Fat Bidin : MySejahtera Is Mining Information From Our Phones!

In Episode 41 of Fat Bidin Knows Everything, Wan Azlee claimed (between mouthfuls of oats) that MySejahtera is mining a wealth of private information from our phones.

His evidence? A report by the Exodus Privacy website, stating that MySejahtera has 6 trackers and 24 permissions.

He went through the 24 permissions and made these concerning observations about MySejahtera :

  • it can take control of your phone and pair it with your Bluetooth devices
  • directly call phone numbers
  • find accounts on your phone
  • read your contacts in your phone
  • read the contents of your SD card
  • modify or delete the contents of your SD card
  • prevent your phone from sleeping
  • modify your contacts

Phwoarrrr…. shocking, isn’t it? Wan Azlee / Fat Bidin then asks the Malaysia Ministry of Health to be transparent and tell us what’s going on.

Well, let’s take a closer look at his claims…

 

Fat Bidin On MySejahtera Is Mining Our Information : A Fact Check

Wan Azlee is very articulate, but Fat Bidin honestly doesn’t quite know everything… and here’s why.

Fact #1 : That MySejahtera Version Was From April 2020

Fat Bidin posted his video on 24 November 2020, and we noticed that he was checking an old version of MySejahtera – version 1.0.10, that was posted way back in April 2020.

For the record, there has been FOURTEEN UPDATES since that version :

  • 1.0.11 : 23 April 2020
  • 1.0.12 : 28 April 2020
  • 1.0.13 : 3 May 2020
  • 1.0.15 : 4 May 2020
  • 1.0.16 : 13 May 2020
  • 1.0.17 : 23 May 2020
  • 1.0.18 : 30 May 2020
  • 1.0.19 : 3 June 2020
  • 1.0.20 : 28 June 2020
  • 1.0.21 : 30 June 2020
  • 1.0.22 : 21 July 2020
  • 1.0.23 : 29 July 2020
  • 1.0.24 : 11 August 2020
  • 1.0.25 : 5 November 2020

The latest version of MySejahtera – version 1.0.25 –  was released on 5 November 2020 – 19 days before Wan Azlee posted his video.

Why on Earth would he focus on a 6 month-old version of the app, when there is a much newer version?

Fact #2 : Exodus Posted Their Latest MySejahtera Report On 20 November 2020

Exodus posted their latest report on the latest version of MySejahtera (version 1.0.25) on 20 November 2020 at 10:47 am (as you can see in this screenshot).

That was 4 days before Wan Azlee posted his video, so why didn’t he use this new report instead?

Fact #3 : MySejahtera Has 1 Tracker + 14 Permissions According To Exodus

According to the November 20 Exodus report, MySejahtera has 1 tracker – Google Firebase Analytics, and 14 permissions, of which the highlighted ones were :

  • ACCESS_COARSE_LOCATION : access approximate location (network-based)
  • ACCESS_FINE_LOCATION : access precise location (GPS and network-based)
  • CALL_PHONE : directly call phone numbers
  • CAMERA : take pictures and videos
  • READ_EXTERNAL_STORAGE : read the contents of your SD card
  • WRITE_EXTERNAL_STORAGE : modify or delete the contents of your SD card

We immediately noticed that several controversial permissions are no longer in it :

  • GET_ACCOUNTS : find accounts on the device
  • READ_CONTACTS : read your contacts
  • WRITE_CONTACTS : modify your contacts

So if you are worried that MySejahtera is reading your contacts or modifying them, just UPDATE it to the latest version 1.0.25!

Fact #4 : Actual Permissions Are Fewer

When we checked MySejahtera 1.0.25 as installed in our phone, we found that it actually asked for and used only 11 permissions, instead of 14 as reported by Exodus.

The report also offered a bit more context about those permissions. For instance, location data is only made available when you are actively using the app.

That’s because the location data is used by MySejahtera for its Hotspot Tracker and Locate Health Screening Facility features.

In your phone, you can tap on them for more information on what they allow the app to do.

Fact #5 : Apps Need To Read, Modify + Delete Their Own Data

The permission to read, modify and delete content on our phone may seem ridiculous, but it is a necessity for most apps.

Unless the apps is merely a container for a website or web service, it needs to store data, and modify or delete it when necessary.

Fact #6 : Access To External / SD Card Is Necessary

Most developers will also ask for the permission to read, modify and delete content to the (micro) SD card, because of Adoptable Storage.

Adoptable Storage is a feature that lets smartphones use external storage (like a microSD card) as if it is part of their internal storage.

When a microSD card is used this way, apps like MySejahtera can be installed on it. Therefore, it would require permission to read, modify and delete its own data on the external storage card.

Fact #7 : Android Restricts Data Snooping

Apps that have access to read / modify / write external storage are allowed to access files from other apps. However, this is limited to only these three media collections :

  • MediaStore.Images
  • MediaStore.Video
  • MediaStore.Audio

MySejahtera, or any other app with similar permissions, cannot read / modify / delete data outside of those three media storage locations.

Fact #8 : MySejahtera Has A Privacy Policy

Like all other Android and iOS apps, MySejahtera has a privacy policy, where it is stated clearly that

MySejahtera is owned and operated by the Government of Malaysia. It is administrated by the Ministry of Health (MOH) and assisted by the National Security Council (NSC) and the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU). The Government assures that the collection of your personal information is align with Personal Data Protection Act 2010 (Act 709).

The app will not record user’s Personal Data except with the permission and voluntarily provided by the user. Information collected are used for monitoring and enforcement purposes by Government authorities in dealing with the COVID-19 pandemic. This information is not shared with other organizations for other purposes unless specifically stated.

Fact #9 : You Are Protected By PDPA 2010 (Act 709)

We are all protected by the Personal Data Protection Act 2010 (Act 709).

Anyone who is caught sharing our personal data without permission is be liable to a fine not exceeding three hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.

Fact #10 : You Can Disable Permissions

You can view and disable any permission that worries you :

Android

  1. Go to Settings > Apps >  MySejahtera > Permissions.
  2. Tap on the permission you don’t want, and select Deny.

Apple iOS

  1. Go to Settings > MySejahtera.
  2. Disable the permissions you don’t want.

But note that doing this will likely break some features in MySejahtera.

Fact #11 : Many Other Apps Are Worse For Your Privacy

When it comes to privacy, we have bigger fishes to fry. Take a look at how many trackers and permissions these four popular apps require.

They make MySejahtera look absolutely privacy-conscious!

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Dell EMC PowerProtect Cyber Recovery for Sheltered Harbor!

Dell EMC PowerProtect Cyber Recovery just received a Sheltered Harbor endorsement!

Find out what this means for financial services organisations looking for a Sheltered Harbor-certified turnkey data vault!

 

Dell EMC PowerProtect Cyber Recovery : Endorsed by Sheltered Harbor!

On 10 November 2020, Dell EMC PowerProtect Cyber Recovery was officially endorsed by Sheltered Harbor – the non-profit initiative to improve the stability and resiliency of the financial sector.

This is the culmination of two years of work between Dell and Sheltered Harbor teams, to develop a solution designed for financial services organisations.

If your organisation is a Sheltered Harbor participant, or eligible to be one, you can now purchase and quickly deploy the Dell EMC PowerProtect Cyber Recovery – a turnkey data vault that meets all of the stringent Sheltered Harbor criteria.

The Dell EMC PowerProtect Cyber Recovery Solution for Sheltered Harbour helps participants achieve compliance with data vaulting standards and certification, and plan for operational resilience and recovery against any cyber attack.

If your organisation is not part of the Sheltered Harbor community, you can still deploy PowerProtect Cyber Recovery to protect your data with the same stringent Sheltered Harbor standards.

 

Dell EMC PowerProtect Cyber Recovery : What Is It?

Dell EMC PowerProtect Cyber Recovery is an on-premise turnkey data vaulting solution that protects customers from all kinds of cyber threats.

Its CyberSense analytics and machine learning capabilities allow customers to monitor data integrity, ensuring the continued quality of their data.

It also comes with forensic tools to let customers discover, diagnose and remediate ongoing attacks.

 

Recommended Reading

Go Back To > Enterprise IT | Cybersecurity | Home

Support Tech ARP!

If you like this review, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


PowerProtect Data Manager Nov 2020 Update: What’s New?

Dell Technologies just announced enhancements to PowerProtect Data Manager available globally in November 2020!

Find out what’s new in the latest Dell EMC PowerProtect Data Manager!

 

PowerProtect Data Manager : What Is It?

Dell EMC PowerProtect Data Manager provides software-defined data protection, automated discovery, and deduplication for physical, virtual and cloud environments.

Its software-defined architecture allows for greater operational agility, and faster IT transformation, while delivering next-generation data protection.

 

PowerProtect Data Manager November 2020 Update : What’s New?

In its November 2020 update, PowerProtect Data Manager offers these new enhancements :

  • In-cloud workloads in Microsoft Azure and AWS are now protected
  • VMware Tanzu portfolio is now supported
  • Native vCenter Storage Policy-Based Management integrated for VM protection
  • VMware-certified solution to protect VMware Cloud Foundation infrastructure layer.
  • Protection for containerised apps with open source databases, including PostgreSQL and Apache Cassandra, in Kubernetes environments.
  • Customers can now protect Amazon Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) to back-up Kubernetes cluster-level resources.

 

PowerProtect Data Manager November 2020 Update : Availability

The November 2020 enhancements are available globally with immediate effect.

 

Recommended Reading

Go Back To > Enterprise IT  | Software  | Cybersecurity | Home

Support Tech ARP!

If you like this review, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


2020 Dell EMC PowerProtect DP Series IDPA : What’s New?

Dell Technologies just announced the 2020 Dell EMC PowerProtect DP Series appliances!

Here is what you need to know about the next-generation integrated data protection appliances!

 

2020 Dell EMC PowerProtect DP Series : What Is It?

The 2020 PowerProtect DP series is the next-generation family of integrated data protection appliances (IDPA) from Dell Technologies.

They offer a complete solution for backup, recovery, replication, deduplication, cloud readiness with disaster recovery, and long-term rotation to the public cloud!

The 2020 Dell EMC DataProtect DP series are all-in-one data protection solutions that offer :

  • Storage capacities from 8 terabytes to 1 petabyte
  • Greater efficiency, with up to 65:1 data reduction
  • Up to 38% faster backups, and up to 45% faster restores, compared to previous generation.
  • Instant access and restore of up to 50% greater IOPS, compared to previous generation.
  • Consumes up to 23% less power than the previous generation
  • Cloud long-term retention, and cloud DR-ready
  • VMware integration

The 2020 Dell EMC DataProtect DP series is also guaranteed under the Future-Proof Program, and is part of the Dell Technologies on Demand program.

 

2020 Dell EMC PowerProtect DP Series : Models + Key Specifications

The 2020 Dell EMC PowerProtect DP series consists of four models – DP4400, DP5900, DP8400 and DP8900. Here are their key specifications.

Specifications DP4400 DP5900 DP8400 DP8900
Physical Capacity 8 TB to 96 TB 96 TB to 288 TB 192 TB to 768 TB 576 TB to 1 PB
Physical Capacity
with Cloud Tier
Up to 288 TB Up to 864 TB Up to 2.3 PB Up to 3 PB
Logical Capacity Up to 4.8 PB Up to 18.7 PB Up to 49.9 PB Up to 65 PB
Logical Capacity
with Cloud Tier
Up to 14.4 PB Up to 56.1 PB Up to 149.7 PB Up to 195 PB
Max Throughput Up to 9 TB/hr Up to 33 TB/hr Up to 57 TB/hr Up to 94 TB/hr
Drive Type SAS 12 TB SAS 4 TB SAS 8 TB SAS 8 TB
Networking 8 x RJ45, or
8 x SFP
4 x 40 GbE uplinks
Each Quad SFP port can be split into 4 x 10 GbE
Max. Power 475 VA 2,830 VA 5,480 VA 7,250 VA
Thermal Rating 1,620 BTU/hr 9,300 BTU/hr 17,800 BTU/hr 23,400 BTU/hr

 

2020 Dell EMC PowerProtect DP Series : Availability

The 2020 Dell EMC PowerProtect series appliances – DP4400, DP5900, DP8400 and DP8900 – will be available globally in December 2020.

 

Recommended Reading

Go Back To > Enterprise IT  | Cybersecurity | Home

Support Tech ARP!

If you like this review, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Lazada RedMart Data Breach : What You Need To Know!

Lazada just admitted that a data breach involving their RedMart customer database that could affect some 1.1 million customers!

Find out what happened, and what it could mean for Lazada and RedMart customers!

 

Lazada RedMart : What Is It?

RedMart is an online grocery platform in Singapore that was founded in August 2011.

Lazada acquired RedMart in November 2016, and started to integrate it into their platform in March 2019.

This March 2019 date is important, because that was when the RedMart database was last updated.

 

Lazada RedMart Data Breach : What Happened?

The Lazada RedMart database was spotted for same in an online forum, amongst many other databases stolen from other e-commerce websites.

In this screenshot, you can see that it claims to have details on 1.1 million Lazada RedMart customers :

  • Email address
  • Password
  • Mailing address
  • Name
  • Phone number
  • Partial credit card information

Picture Credit : CNA

In a statement posted on 30 October 2020, Lazada confirmed the data breach involving their RedMart database.

They assert that only the old RedMart database that was “18 months out of date” when it was last updated in March 2019.

Singapore, 30 October 2020 – Lazada places great importance on protecting your personal information, and we value the trust you have placed with us. On 29 October 2020, as part of our proactive monitoring, our cybersecurity team discovered a data security incident in Singapore, involving a RedMart-only database hosted on a third-party service provider. The customer data hosted on this database is more than 18 months out of date as it was last updated in March 2019.

The customer information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords and partial credit card numbers of RedMart customers. We have taken immediate action to block unauthorised access to the database. This data was used on the previous RedMart app and website, which are no longer in use. Lazada customer data in Southeast Asia is not affected by this incident.

Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.

We want to be transparent about this incident with all of our customers and reassure you that we are taking it seriously.

They also set their platform to log out all Lazada users, and require them to register a new password.

They are also warning their users to be on the alert for spam mails requesting personal information.

 

Lazada RedMart Data Breach : What’s The Implication?

A Data Breach Is A Data Breach Is A Data Breach

Lazada may claim that the data and privacy of their users are of the utmost importance, but the data breach says otherwise.

They left a database they no longer used since March 2019 on a third-party service provider, and accessible online all this time.

Any half-decent cybersecurity specialist would have told them to take the database offline, unless it was essential to the operation of the website.

Closing The Barn Door After The Horses Have Bolted

Lazada immediately blocked unauthorised access to their RedMart database, but that’s like closing the barn door after the horses have bolted.

Once the data was stolen, all it does is prevent other attackers from stealing the data for themselves.

Lazada Migrated RedMart Users In March 2016

It seems a little disingenuous for Lazada to announce that the data was used in “the previous RedMart app and website, which are no longer in use“.

They appear to have migrated RedMart users to Lazada on 15 March 2016 using the same data that was just stolen.

Unless RedMart users changed their passwords, addresses, phone numbers, email addresses or credit card details AFTER they were migrated to the Lazada platform, they remain exposed by the data breach.

The Data Isn’t Necessarily Outdated

Most of us don’t change our logins and passwords that often. And we often reuse the same login and password combination for different websites.

So it is scant assurance that their RedMart database was last updated in March 2019, even if we take their word that it was more than 18 months out of date.

This data breach exposes all affected RedMart users to the possibility of their other accounts being breached as well.

Only Ex-RedMart Users Affected

The only saving grace we can see here is that it looks like only former RedMart users are affected by this data breach.

That means Lazada users who never registered or used the RedMart app or website are not affected.

 

Lazada RedMart Data Breach : What Can You Do?

If you ever registered for, or used, RedMart before their migration to the Lazada platform in March 2016, we highly recommend that you :

  • change your Lazada password
  • change the password of accounts that use the same password as your Lazada / RedMart account
  • do NOT click on links in emails warning you about this data breach and asking you to change your password
  • do NOT respond to calls or messages warning you about this data breach
  • do NOT respond to requests for personal information

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

VMware vSphere 7 Now Supports AMD SEV-ES Encryption!

VMware just announced that vSphere 7 Update 1 will add support for AMD SEV-ES encryption!

Find out what this means for enterprise security, and the future of AMD EPYC processors!

 

AMD SEV-ES Encryption : What Is It?

SEV-ES, short for Secure Encrypted Virtualization-Encrypted State, is a hardware-accelerated encryption capability in AMD EPYC processors.

Leveraging both the AMD Secure Processor and the AES-128 encryption engine built into every AMD EPYC processor, SEV-ES encrypts all CPU register contents when a virtual machine stops running.

This prevents the leakage of information from the CPU registers to components like the hypervisor. It can even detect malicious modifications to a CPU register state.

 

VMware vSphere 7 Now Supports AMD SEV-ES Encryption!

VMware vSphere 7 Update 1 adds support for both AMD SEV-ES and AMD EPYC processors.

The AMD Secure Processor in the first-generation EPYC processors can handle up to 15 encryption keys.

That increases to more than 500 encryption keys with the second-generation EPYC processors.

ESXi has many layers of isolation within its virtualised infrastructure, but all of that is implemented in software. They still require a level of trust in the hardware, which is where AMD SEV-ES comes in.

A guest operating system that supports SEV can ask the AMD Secure Processor to issue it an encryption key, for full in-memory, in-hardware encryption.

SEV-ES extends that protection to CPU registers, so that the data inside the CPU itself is encrypted. This protects the data from being read or modified when the virtual machine stops running.

Even a compromised hypervisor that accesses the register data cannot make use of it, because it is now encrypted.

Needless to say, adding support for AMD SEV-ES in vSphere 7 will spur the uptake of AMD EPYC processors in the datacenter.

 

Recommended Reading

Go Back To > Enterprise IT | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How Hackers Attack Healthcare During COVID-19 Pandemic!

Even during the COVID-19 pandemic, hackers have been attacking the healthcare system already buckling under pressure.

Take a look at the first part of a newly-released documentary on how hackers are attacking the healthcare system, and what it means for us and the world!

 

How Hackers Attack Healthcare During COVID-19 Pandemic!

Cybercriminals and state-sponsored hackers do not care that almost a million people have died from COVID-19. In fact, they see the pandemic as an opportunity.

Over the last few months, the creators of this documentary spoke to hospitals, law enforcement agencies, health organisations and research centres across the world, to understand how they are coping with increased cyberattacks and malware.

This particular feature was directed by Didi Mae Hand, and produced by Max Peltz.

 

Hackers Increased Attacks On Healthcare During COVID-19 Pandemic

The documentary reveals a shocking surge in cyberattacks on healthcare systems during the COVID-19 pandemic. The World Health Organisation (WHO), for example, reported a 5X increase in cyberattacks on its systems since March 2020.

State-sponsored hackers are mainly looking for biodata, including research on COVID-19 vaccines. Meanwhile, cybercriminals are capitalising on the fact that hospitals may be more willing than usual to pay a ransom.

For example, the Brno University Hospital, which was responsible for running a big share of COVID-19 testing in the Czech Republic, was held to ransom and forced to shut down its IT network at a critical time.

Fortunately, the surge in cyberattacks was met with an incredible response by the cybersecurity community. Some 3000 cybersecurity volunteers created the CV19 group to provide hospitals and healthcare institutions with free support to protect their systems.

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


WD NAS Can’t Be Seen In Windows? Here Are The Solutions!

You may be wondering why your WD NAS is no longer visible in Windows 10.

Where did it go? How do you get it back?

Find out why your WD NAS cannot no longer be seen in Windows, and what are the solutions!

 

WD NAS Can’t Be Seen In Windows : What Happened?

You may have been using your WD NAS for some time, but one day, its network share – the “drive” that you directly access – can no longer be seen in Windows 10.

The NAS links in Windows File Explorer will only lead you to the login page for the WD NAS management page, not the actual drive where you can directly read, copy, write or edit your files.

All these NAS issues are happening because Microsoft disabled the Network Browse function from Windows 10 v1709 onwards.

The problems started after Windows 10 Fall Creators Update 1709, which :

The Computer Browser service relies on the SMB 1.0 protocol to discover network devices and display them in the Windows Network Neighbourhood.

Disabling SMB 1.0 breaks the Computer Browser service, so it is automatically uninstalled and your NAS drives “disappear” from Network Neighbourhood.

Disabling guest access prevents guest or public access to your NAS drives, even to folders you specifically set to allow for public access. Hence, the Public folder they had access to earlier “disappears”.

 

Why Did Microsoft Disable Those Network Features?

The SMB1 network protocol was first implemented in Windows back in 1992, so it’s old… very old.

It’s so old that it lacks encryption. Everything transmitted via SMB1 can be captured and read, and even modified, by any attacker who gains access to the network.

Guest logins even on SMB2 do not support standard security features like signing and encryption. This makes them vulnerable to man-in-the-middle attacks.

That’s why Microsoft (finally) disabled them both, starting with the Windows 10 Fall Creators Update 1709.

 

WD NAS Can’t Be Seen In Windows : Before We Start…

Preliminary Step #1 : Update Your NAS

Before you do anything, you should log into your WD NAS management system and update its firmware, in case it’s not already set to automatically update.

Updating its firmware will ensure that your NAS supports at least SMB 2, if not SMB 3 as well.

WD NAS Windows URL macOS URL
My Cloud EX2100 http://wdmycloudex2100 http://wdmycloudex2100.local
My Cloud DL2100 http://wdmyclouddl2100 http://wdmyclouddl2100.local
My Cloud EX4100 http://wdmycloudex4100 http://wdmycloudex4100.local
My Cloud DL4100 http://wdmyclouddl4100 http://wdmyclouddl4100.local

Preliminary Step #2 : Use A Higher SMB Protocol

Then, enable the highest SMB protocol your WD NAS supports (Settings > Network). Set it to SMB 3 if possible.

This will ensure that both your WD NAS and your network support the most secure network protocol possible, for your security.

 

WD NAS Can’t Be Seen In Windows : The Solutions!

Best Solution : Map Your WD NAS By Device Name

The best way is to manually map your WD NAS by its device name. This lets you use the more secure SMB2 or SMB3 network protocols, with direct access to your files as usual.

  1. Determine your WD NAS network path, which is based on the device name.If you changed your WD NAS device name to TechARPCloud (for example), the network name will be \\TechARPCloudHere is a list of default network paths for different WD NAS :
WD NAS Default Network Path
My Cloud Home \\MYCLOUD-last 6 digits of serial number
Example : \\MYCLOUD-123456
My Cloud Home Duo
My Cloud \\WDMYCLOUD
My Cloud Mirror \\WDMYCLOUDMIRROR
My Cloud Mirror Gen 2
My Cloud EX2 \\WDMYCLOUDEX2
My Cloud EX2 Ultra \\MYCLOUDEX2ULTRA
My Cloud EX4 \\WDMYCLOUDEX4
My Cloud EX2100 \\WDMYCLOUDEX2100
My Cloud EX4100 \\WDMYCLOUDEX4100
My Cloud DL2100 \\WDMYCLOUDDL2100
My Cloud DL4100 \\WDMYCLOUDDL4100
My Cloud PR2100 \\MYCLOUDPR2100
My Cloud PR4100 \\MYCLOUDPR2100
  1. Open Windows File Explorer and click on Network on the left pane.
  2. Key in the network path of the WD NAS, which is based on its device name. Make sure you include \\ before the network path.

  1. You will be asked to key in a user name and password.
    This can be the administrator’s login, or the login of any registered user of your WD NAS.
    Remember – Windows 10 no longer allows guest logins or public access. So you will need to create a password-protected account even for guests to use.

  1. Once you successfully authenticate your user name and password, the network shares of your WD NAS will become visible in File Explorer under Network!You can stop here, but you will need to keep keying in the network path and login to access your NAS every time you boot into Windows.

  1. For more convenience, you can create a password-protected Private Share.Start by right-clicking on a network share from your WD NAS and select Map network drive…

  1. Select a drive letter for the network share.
    Check Reconnect at sign-in if you don’t want to automatically log into the drive.
    Then click Finish to map the drive.

That’s it! If you expand This PC in Windows File Explorer, you should now see that the WD NAS network drive has now been mapped by its device name!

 

Alternate Solution : Enable Network Discovery Without SMB1

This Windows 10 workaround can be used if your WD NAS supports SMB2 or SMB3 and you prefer not to map the network drives.

  1. Go to Windows Services.
  2. Start these two services :
    Function Discovery Provider Host
    Function Discovery Resource Publication
  3. Set the Startup type for both those services to Automatic (Delayed Start).
  4. Open Windows File Explorer and go to Network.
  5. When prompted, enable Network Discovery.

Your WD NAS shares should now be visible in Windows File Explorer.

 

Worst Case Solution : Enable Network Discovery Without SMB1

This should only be attempted if your WD NAS simply cannot support SMB2 or SMB3, and can only use SMB1.

  1. Go to Control Panel > Programs.
  2. Click on Turn Windows features on or off.
  3. Expand the SMB 1.0/CIFS File Sharing Support option.
  4. Check the SMB 1.0/CIFS Client option.
  5. Click the OK button.
  6. Restart Windows 10

After Windows 10 restarts, your WD NAS shares should now be visible in Windows File Explorer.

 

Recommended Reading

Go Back To > Computer Hardware | Home

Support Tech ARP!

If you like this review, please support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


HUAWEI 5G Aces GSMA NESAS Security Audit : The Impact?

In a bit of good news after months of bad news, HUAWEI announced that their 5G wireless and core network equipment passed the GSMA NESAS cybersecurity audit!

While that is great news for them, what exactly is the impact on the deployment of HUAWEI 5G equipment globally?

 

HUAWEI 5G Passes GSMA Network Security Assurance Audit!

In a bit of good news after months of bad news, HUAWEI announced that their 5G wireless and core network equipment passed the GSMA Network Equipment Security Assurance Scheme (NESAS) audit!

  • 5G RAN gNodeB
  • 5G Core UDG, UDM, UNC, UPCF
  • LTE eNodeB

Here is a summary of the twenty NESAS assessment categories and the compliance levels of the HUAWEI 5G equipment that were tested :

Prior to passing the GSMA NESAS audit, these HUAWEI 5G equipment also passed the 5G cybersecurity test by China’s IMT-2020 (5G) Promotion Group, using test specifications based on 3GPP International standards for 5G security assurance.

 

HUAWEI 5G Faces Political, Not Technical, Pressures

Passing the GSMA NESAS audit will help assuage the cybersecurity concerns of nations planning, or already implementing HUAWEI 5G network equipment.

However, HUAWEI faces political, not technical, pressures with their 5G network equipment.

The 100% compliance score in the NESAS audit will not change minds in the US, and their Five Eyes partners are unlikely to consider HUAWEI 5G equipment.

That said, passing this audit will nevertheless strengthen HUAWEI’s shield against claims that their 5G equipment pose much greater cybersecurity risks than competing platforms.

It will help them win additional contracts in smaller countries whose concerns are far less about cybersecurity and privacy, and more with costs.

 

GSMA Network Security Assurance Scheme (NESAS)

The GSMA Network Equipment Security Assurance Scheme (NESAS) audit is a standardised cybersecurity assessment mechanism, jointly defined by GSMA (GSM Association) and 3GPP, together with regulators, industry partners, major global operators, and vendors.

This is a voluntary program which network equipment vendors can subject their product development and lifecycle processes to a comprehensive and independent security audit.

The GSMA NESAS covers 20 assessment categories, defining security requirements with an assessment framework for 5G product development and product lifecycle processes. It also uses security test cases by 3GPP to assess the security of network equipment.

 

Recommended Reading

Go Back To > Business | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Phone Hack Fact Check : Argentina Is Doing It?

Warnings about a new phone hack called Argentina Is Doing It are circulating on social media.

Find out what the Argentina Is Doing It phone hack is all about, and if it’s really true!

 

Argentina Is Doing It : A Video Phone Hack?

Messages about this new phone hack, called Argentina Is Doing It, started circulating today on WhatsApp and Twitter :

Just a heads up….They are going to start circulating a video on WhatsApp that shows how the Covid19 curve is flattening in Argentina. The file is called “Argentina is doing it”, do not open it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends.

Now they also said it on CNN

Hackers are going to start circulating a video on WhatsApp that shows how the Covid19 curve is flattening in Argentina. The file is called “Argentina is doing it”, do not open it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends.

Now they also said it on CNN

There is a video circulating WhatsApp that shows how the Covid19 curve is flattening in Argentina. The file is called “Argentina is doing it”, do NOT open it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. RT!!

 

Argentina Is Doing It Phone Hack : Complete Bullshit

As you may surmise from the HOAX overlay we placed on the screenshots, there is no such phone hack that uses a COVID-19 video called Argentina Is Doing It. Here are the reasons why…

Reason #1 : There Is No Such Video

There is no COVID-19 video called Argentina Is Doing It. It simply does not exist.

Reason #2 : Argentina Is Far From Flattening The Curve

And such a video on Argentina flattening the curve is unlikely to be created for some time to come, because Argentina is FAR from flattening the curve.

As this graph shows, the number of new cases are increasing weekly. On 16 July, over 3600 new cases were detected, bringing the total of COVID-19 cases to just under 115,000.

Reason #3 : The Story Is Illogical

Consider this for a second – how would anyone know what hackers are planning to do? Or what they are calling it?

If hackers actually created such a malware, they would have released it. Why wait?

Reason #4 : A Video Cannot Hack Your Phone Just Like That

While not completely impossible, it would be impossible for a video to hack phones that easily.

It is plausible for a video to be created to exploit a bug in a specific video player or operating system, just like how the Android wallpaper malware worked.

Such a malware would only be able to attack specific operating systems (Android or iOS), or a specific media player. It cannot just work on every phone – that only happens in movies.

Reason #5 : CNN Never Reported On Such A Video

While the hoax claims that CNN reported on this video, they did no such thing. There is no CNN report on a phone hack using a video called Argentina Is Doing It.

The most recent post on CNN about Argentina’s COVID-19 situation was a report on 26 June 2020, about the reimposition of the Buenos Aires lockdown, due to accelerated COVID-19 spread.

 

Recommended Reading

Go Back To > CybersecurityMobile | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Google Cloud Confidential VM With 2nd Gen AMD EPYC!

Google recently introduced Confidential Computing, with Confidential VM as the first product, and it’s powered by 2nd Gen AMD EPYC!

Here’s an overview of Confidential Computing and Confidential VM, and how they leverage the 2nd Gen AMD EPYC processor!

 

Google Cloud Confidential Computing : What Is It?

Google Cloud encrypts customer data while it’s “at-rest” and “in-transit“. But that data must be decrypted because it can be processed.

Confidential Computing addresses that problem by encrypting data in-use – while it’s being processed. This ensures that data is kept encrypted while in memory and outside the CPU.

 

Google Cloud Confidential VM, Powered By 2nd Gen AMD EPYC

The first product that Google is unveiling under its Confidential Computing portfolio is Confidential VM, now in beta.

Confidential VM basically adds memory encryption to the existing suite of isolation and sandboxing techniques Google Cloud uses to keep their virtual machines secure and isolated.

This will help customers, especially those in regulated industries, to better protect sensitive data by further isolating their workloads in the cloud.

Google Cloud Confidential VM : Key Features

Powered By 2nd Gen AMD EPYC

Google Cloud Confidential VM runs on N2D series virtual machines powered by the 2nd Gen AMD EPYC processors.

It leverages the Secure Encrypted Virtualisation (SEV) feature in 2nd Gen AMD EPYC processors to keep VM memory encrypted with a dedicated per-VM instance key.

These keys are generated and managed by the AMD Secure Processor inside the EPYC processor, during VM creation and reside only inside the VM – making them inaccessible to Google, or any other virtual machines running on the host.

Your data will stay encrypted while it’s being used, indexed, queried, or trained on. Encryption keys are generated in hardware, per virtual machine and are not exportable.

Confidential VM Performance

Google Cloud worked together with the AMD Cloud Solution team to minimise the performance impact of memory encryption on workloads.

They added support for new OSS drivers (name and gvnic) to handle storage traffic and network traffic with higher throughput than older protocols, thus ensuring that Confidential VM will perform almost as fast as non-confidential VM.

Easy Transition

According to Google, transitioning to Confidential VM is easy – all Google Cloud Platform (GCP) workloads can readily run as a Confidential VM whenever you want to.

Available OS Images

In addition to the hardware-based inline memory encryption, Google built Confidential VM on top of Shielded VM, to harden your OS image and verify the integrity of your firmware, kernel binaries and drivers.

Google currently offers images of Ubuntu v18.094, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2.

They are currently working with CentOS, Debian and other distributors to offer additional OS images for Confidential VM.

 

Recommended Reading

Go Back To > Computer | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


NX Technology from The Tech ARP BIOS Guide!

NX Technology

Common Options : Enabled, Disabled

 

NX Technology : A Quick Review

The NX Technology BIOS feature is actually a toggle for the processor’s No Execute feature.

In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

NX Technology : The Full Details

Buffer overflow attacks are a major threat to networked computers. For example, a worm may infect a computer and flood the processor with code, bringing the system down to a halt. The worm will also propagate throughout the network, paralyzing each and every system it infects.

Due to the prevalence of such attacks, AMD added a feature called No Execute page protection, also known as Enhanced Virus Protection (EVP) to the AMD64 processors. This feature is designed to protect the computer against certain buffer overflow attacks.

Processors that come with this feature can restrict memory areas in which application code can be executed. When paired with an operating system that supports the No Execute feature, the processor adds a new attribute bit (the No Execute bit) in the paging structures used for address translation.

If the No Execute bit of a memory page is set to 1, that page can only be used to store data. It will not be used to store executable code. But if the No Execute bit of a memory page is set to 0, that page can be used to store data or executable code.

The processor will henceforth check the No Execute bit whenever it executes code. It will not execute code in a memory page with the No Execute bit set to 1. Any attempt to execute code in such a protected memory page will result in a page-fault exception.

So, if a worm or virus inserts code into the buffer, the processor prevents the code from being executed and the attack fails. This also prevents the worm or virus from propagating to other computers on the network.

The NX technology BIOS feature is actually a toggle for the processor’s No Execute feature. In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

Recommended Reading

Go Back To > Tech ARP BIOS GuideComputer | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How AMD CPUs Work In A Secured-core PC Device!

Microsoft just announced their partnership with AMD, Intel and Qualcomm to protect the PC’s firmware and operating system through the Secured-core PC initiative.

With help from Akash Malhotra, AMD Director of Security Product Management, here is everything you need to know about how AMD CPUs work in a Secured-core PC device!

 

What Is A Secured-core PC Device?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices are targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.

Recommended : The Microsoft Secured-core PC Initiative Explained!

 

What Security Features Are Already In AMD CPUs?

Before we look at how AMD CPUs work in a Secured-core PC device, let’s take a look at what security features they ship with :

SKINIT: The SKINIT instruction helps create a “root of trust” starting with an initially untrusted operating mode. SKINIT reinitializes the processor to establish a secure execution environment for a software component called the secure loader (SL) and starts execution of the SL in a way to help prevent tampering SKINIT extends the hardware-based root of trust to the secure loader.

Secure Loader (SL): The AMD Secure Loader (SL) is responsible for validating the platform configuration by interrogating the hardware and requesting configuration information from the DRTM Service.

AMD Secure Processor (ASP): AMD Secure Processor is dedicated hardware available in each SOC which helps enable secure boot up from BIOS level into the Trusted Execution Environment (TEE). Trusted applications can leverage industry-standard APIs to take advantage of the TEE’s secure execution environment.

AMD-V with GMET: AMD-V is set of hardware extensions to enable virtualization on AMD platforms. Guest Mode Execute Trap (GMET) is a silicon performance acceleration feature added in next gen Ryzen which enables hypervisor to efficiently handle code integrity check and help protect against malware.

 

How AMD CPUs Work In A Secured-core PC Device

In a Secured-core PC powered by an AMD CPU, the firmware and bootloader will initialise, and shortly after, the system will transition into a trusted state with the hardware forcing the firmware down a well-known and measured code path.

That means the firmware is authenticated and measured by the security block in the AMD CPU, and that measurement is stored securely in TPM for verification and attestation by the operating system.

At any point after that, the operating system can request that the AMD security block remeasure and compare the firmware against the old values, before executing further operations. This way, the operating system can help verify the integrity of the system over time.

In AMD processors, the firmware protection is handled by the AMD Dynamic Root of Trust Measurement (DRTM) Service Block that is made up of SKINIT CPU instruction, ASP and the AMD Secure Loader (SL).

This block is responsible for creating and maintain a chain of trust between components by performing these functions:

  • Measure and authenticate firmware and bootloader
  • Gather the following system configuration for the OS, which will in turn validate them against its security requirements and store information for future verification.
    • Physical memory map
    • PCI configuration space location
    • Local APIC configuration
    • I/O APIC configuration
    • IOMMU configuration / TMR Configuration
    • Power management configuration

 

AMD SMM Supervisor

Although the method above protects the firmware, AMD points out that the System Management Mode (SMM) also needs to be protected.

SMM is a special-purpose x86 CPU mode that handles power management, hardware configuration, thermal monitoring, etc. Because SMM code executes in the highest privilege level and is invisible to the operating system, it is an attractive target for attackers.

To help isolate SMM, AMD introduced a security module called AMD SMM Supervisor that will :

  • Block SMM from being able to modify Hypervisor or OS memory. An exception is a small coordinate communication buffer between the two.
  • Prevent SMM from introducing new SMM code at run time
  • Block SMM from accessing DMA, I/O, or registers that can compromise the Hypervisor or OS

 

Recommended Reading

Go Back To > Cybersecurity | ComputerHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The Microsoft Secured-core PC Initiative Explained!

Microsoft and their hardware partners just announced the Secured-core PC initiative to combat threats that target the PC’s firmware and operating system.

With help from David Weston, Partner Director of Microsoft OS Security, here is everything you need to know about the Secured-core PC initiative!

 

What Is The Secured-core PC Initiative?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices will be targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.

 

Is There A Need For Secured-core PC?

As more protection is built into the operating system and connected services, attackers are exploring other methods with firmware emerging as a top target.

The NIST’s National Vulnerability Database shows a near 5X increase in the number of firmware vulnerabilities in the last 3 years :

In late 2018, security researchers discovered that the hacking group Strontium targeted systems in the wild with malware that made use of firmware vulnerabilities.

Because it targeted firmware, the malicious code was hard to detect, and difficult to remove. It even persists after the operating system is reinstalled, or the storage drive replaced!

 

Why Is Firmware The New Target?

Firmware is used to initialise the hardware and software when a device is started up. It therefore has a higher level of access and privileges than the hypervisor and operating system kernel.

This means firmware attacks that succeed can undermine protective mechanisms like Secure Boot that the hypervisor or operating system use to protect against malware.

Firmware attacks can more easily evade endpoint protection and detection solutions, because the latter run under the operating system layer, and therefore have limited visibility of the firmware layer.

 

What Is A Secured-core PC Made Up Of?

Secured-core PCs will combine multiple layers of protection – identity, virtualisation, operating system, hardware and firmware – to prevent attacks, rather than simply detecting them.

They all ensure that the device will boot securely and is protected against firmware vulnerabilities, shielding the operating system from attacks and preventing unauthorised access to the device and data.

Recommended : How AMD CPUs Work In A Secured-core PC Device

System Guard Secure Launch

Microsoft is now implementing System Guard Secure Launch in Windows 10 as a key Secured-core PC requirement.

System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities built into the latest processors from AMD, Intel and Qualcomm, to protect the boot process from firmware attacks.

The firmware is used to start the hardware, and then shortly after, re-initialise the system into a trusted state. This helps to limit the trust assigned to the firmware, greatly mitigating against firmware attacks.

This method also helps protect the integrity of the Virtualisation-Based Security (VBS) feature in the hypervisor against firmware vulnerabilities. This is critical because VBS is used for important OS security functions like Windows Defender Credential Guard and Hypervisor-protected Code Integrity (HVCI).

Trusted Platform Module 2.0

Microsoft is also implementing Trusted Platform Module 2.0 (TPM) as a device requirement for Secured-core PCs.

It is used to measure the components that are used during the secure launch process, allowing for zero trust networks using System Guard runtime attestation.

 

Secured-core PC Availability

Secured-core PC devices are available from Dell, Dynabook, HP, Lenovo, Panasonic and Microsoft’s own Surface brand.

 

Recommended Reading

Go Back To > Cybersecurity | ComputerHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Why AI Digital Intuition Will Deliver Cyberimmunity By 2050!

In his first prediction for Earth 2050, Eugene Kaspersky believes that AI digital intuition will deliver cyberimmunity by 2050. Do YOU agree?

 

What Is Earth 2050

Earth 2050 is a Kaspersky social media project – an open crowdsourced platform, where everyone can share their visions of the future.

So far, there are nearly 400 predictions from 70+ visionaries, from futurologist Ian Pearson, astrophysicist Martin Rees, venture capitalist Steven Hoffman, architect-engineer Carlo Ratti, writer James Kunstler and sci-fi writer David Brin.

Eugene himself dabbles in cyberdivination, and shares with us, a future of cyberimmunity created by AI digital intuition!

 

Eugene Kaspersky : From Digital Intuition To Cyberimmunity!

In recent years, digital systems have moved up to a whole new level. No longer assistants making life easier for us mere mortals, they’ve become the basis of civilization — the very framework keeping the world functioning properly in 2050.

This quantum leap forward has generated new requirements for the reliability and stability of artificial intelligence. Although some cyberthreats still haven’t become extinct since the romantic era around the turn of the century, they’re now dangerous only to outliers who for some reason reject modern standards of digital immunity.

The situation in many ways resembles the fight against human diseases. Thanks to the success of vaccines, the terrible epidemics that once devastated entire cities in the twentieth century are a thing of the past.

 

However, that’s where the resemblance ends. For humans, diseases like the plague or smallpox have been replaced by new, highly resistant “post-vaccination” diseases; but for the machines, things have turned out much better.

This is largely because the initial designers of digital immunity made all the right preparations for it in advance. In doing so, what helped them in particular was borrowing the systemic approaches of living systems and humans.

One of the pillars of cyber-immunity today is digital intuition, the ability of AI systems to make the right decisions in conditions where the source data are clearly insufficient to make a rational choice.

But there’s no mysticism here: Digital intuition is merely the logical continuation of the idea of machine learning. When the number and complexity of related self-learning systems exceeds a certain threshold, the quality of decision-making rises to a whole new level — a level that’s completely elusive to rational understanding.

An “intuitive solution” results from the superimposition of the experience of a huge number of machine-learning models, much like the result of the calculations of a quantum computer.

So, as you can see, it has been digital intuition, with its ability to instantly, correctly respond to unknown challenges that has helped build the digital security standards of this new era.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Fine For Scratching Nose A Wake-Up Call On AI Surveillance!

The recent case of a Chinese driver getting fine for scratching his face is a funny example of current AI surveillance technology. Yet it is also a wake-up call on the dangers of pervasive AI surveillance by the state.

 

Fined For Scratching Nose By AI Surveillance System!

A Jinan resident, Mr. Liu, was driving his car in the eastern Shandong province, when he raised his hand to touch his face. Most of us unconsciously do that 2 to 5 times per minute!

Unbeknownst to him, one of the many AI surveillance cameras in the city noticed his action, and issued him a fine of 50 yuan* and 2 demerit points for “driving while holding a phone“.

* Approximately $7.25 / £5.70 / €6.50 / RM 30

The Jinan AI surveillance system also sent him this screenshot of his traffic violation, as captured at 7:20 AM on 20 May 2019.

Just like many automated systems (looking at you, Facebook and Google!), there was no way to dispute the charge. Mr. Liu tried to sort out the situation over the phone, but “no one would help him“.

He only got justice by appealing to the court of public opinion on Sina Weibo, where his post went viral. Only then did the Jinan traffic police department take notice and investigate his complaint.

Two days later, they cancelled his ticket after confirming that he was only touching his face, and not actually using a phone while driving.

 

AI Surveillance In Chinese Cities

China has been working hard at developing smart cities, as part of their social engineering efforts to quell political dissent and encourage Chinese citizens to “behave properly”.

There are already over 170 million surveillance cameras across China, with a projected 400 million surveillance cameras installed by next year. And they are all controlled by AI surveillance systems.

Such extensive surveillance coverage has allowed the Chinese government to detect crimes and punish their citizens for them. It also feeds the new Social Credit System – a national reputation system that assess the economic and social reputation of every Chinese citizen and business.

However, such pervasive surveillance has led to serious privacy implications for the Chinese citizenry. Anyone who wants to understand the power, allure and dangers of AI surveillance should watch the TV series, Person of Interest.

 

The Dangers Of AI Surveillance

While AI surveillance technology is now quite incredible, this case has exposed its vulnerabilities and limitations.

  1. Human oversight is still necessary, because AI surveillance is not accurate enough to detect false positives.
  2. It may be tempting to make the AI surveillance system the judge, jury and executioner, but such systems need to implement the principle of “guilty beyond a reasonable doubt“, and that means ignoring anything that is not close to a 99.9% match.
  3. There should be an appeal system in place. It took a viral social media post to alert the Jinan traffic police department to the mistake.
  4. There is also the question of personal data security. Can the government securely store the data, without unsanctioned or illegal access? How long should they store the information before they are deleted?

 

Alibaba Cloud + The Malaysia City Brain

Alibaba Cloud is one of the chief architects of Chinese smart city initiative and AI surveillance capabilities with their ET City Brain that runs on their Tianchi Platform.

Last year, Alibaba Cloud announced their collaboration with the Malaysia Digital Economy Corporation (MDEC) to introduce the Malaysia City Brain.

The first phase of the Malaysia City Brain will kickstart with 382 AI traffic cameras at 281 traffic light junctions in Kuala Lumpur.

Although the Malaysian government is ostensibly implementing the Malaysia City Brain to “optimise the flow of vehicles and timing of traffic signals“, it is really a short step to the Chinese model of population and crime surveillance.

 

Recommended Reading

Go Back To > Cybersecurity| Enterprise | AutomotiveHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Google Password Checkup Guide – Read Before You Install!

Google just released a new Chrome extension called Password Checkup. Practically everyone thinks it is the best thing since sliced bread.

Is it really that good? Should YOU install it? Find out what it does, and what you should know about Password Checkup, before you install it.

 

Password Checkup

Google will already warn you if your Google Account is compromised in any way, forcing you to change your password. However, they were not able to do that for your non-Google accounts.

That changes with Password Checkup.

What Does Password Checkup Do?

Once added to Google Chrome, Password Checkup will work like a password watchdog. Every time you log into a non-Google website, it will check your login and password against a database of about 4 million leaked logins.

What Happens If It Detects A Match?

If it detects a match, you will be alerted and asked to change your password. If you are using the same login and password combination in other websites, you should obviously also change them as well.

Your New Password Will Be Verified Too

The Password Checkup extension will also verify the your new password has not been compromised either.

Sounds awesome? Well, not so fast…

 

Does Password Checkup Share My Data?

Google promises that Password Checkup would not report any identifying information. But it will still collect some information that Google may share or utilise :

  • number of lookups that reveals an unsafe credential
  • whether an alert leads to a password change, and
  • the website domain involved

That said, Google will find a way somehow to benefit from it… See the next section.

 

Caveat : You Must Be Signed-In

Most privacy-conscious individuals who use Google Chrome do not sign into their Google Account. This allows them to anonymise their browsing history, and prevent data sharing across the many Google services.

However, Password Checkup explicitly requires you to be logged into your Google Account. It will only work if you stay logged into your Google Account while using Chrome.

[adrotate group=”1″]

 

Should You Install Password Checkup?

The requirement to stay logged into your Google Account is, frankly, troubling because the extension should not need you to be logged in to verify your password against a database of leaked passwords.

After all, you can already do the same anonymously at HaveIBeenPwned.

Now, we are not saying that it’s wrong for Google to try and benefit from this. This requirement is literally the price you pay for this free checking service – you must log into your Google Account and let Google track and monetise your browsing habits.

If you are fine with that, head over to the next page for our guide on how to install Password Checkup, turn it on and off, and more!

 

Workaround For The Privacy Conscious

If you are privacy-conscious, there is a way to have your cake and eat it too. Like all workarounds, it does entail some hassle, so you decide if it’s worth the effort.

You can install and use Password Checkup periodically. Google actually allows you to disable and re-enable it (see next page) whenever you wish. However, you can disable it just by logging out of your Google Account.

Login credentials don’t leak all the time, so it’s perfectly alright NOT to use Password Checkup every day. Once a week or month, just log into your Google Account and log into your non-Google accounts, to make sure they have not been compromised.

Then you can log out of your Google Account, effectively disabling Password Checkup, and use Google Chrome without sharing your browsing history with Google.

Next Page >  Password Checkup – Installation | Turning On / Off | Muting Warnings | Deleting Data

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How To Add Password Checkup

Password Checkup only works on Google Chrome, so obviously, you should have Google Chrome installed in the first place. Then…

  1. Open Google Chrome and sign in to your Google Account.
  2. Go to the Chrome store and download Password Checkup.
  3. Follow the steps on your screen.

 

How To Turn Password Checkup On / Off?

  1. Open Google Chrome and sign in to your Google Account.
  2. In the top right, select More   More tools Extensions.
  3. Find Password Checkup in the list of extensions.
  4. Turn Password Checkup on or off.

But note that turning it off does not delete data created and stored by the extension.

How To Mute Warnings For A Website

When you receive a warning, you should IMMEDIATELY change your password. But if for some reason, you need to do this later, you can choose to mute the warnings you receive for a particular website :

  • Select the Ignore for this site option to mute all future warnings for the website.
  • To restore future warnings for that website (or others that you have muted too), you will need to delete the stored information (see the next section).

 

How To Delete Data Stored By Password Checkup

If Password Checkup finds that a login and password combination has been compromised, it will create and store a hashed, partial code for that combination in your Chrome browser. This partial code can’t be used to recreate a complete version of your login info.

To delete this code on your Chrome browser, change your unsafe password or follow these steps:

  1. Open Google Chrome, and sign in to your Google Account.
  2. At the top, select Password Checkup from the Toolbar  Advanced Settings  Clear Extension Data.

Note: This info is used to stop all future notifications about an unsafe password. If you delete this info, you might see notifications about unsafe passwords you’ve chosen to ignore.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > First PageSoftware | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


FB Messenger, Instagram + WhatsApp Integration Clarified!

Since the story broke about the Facebook Messenger, Instagram and WhatsApp integration plan, the world exploded in a mixture of shock, apoplexy, and righteous indignation.

Take a DEEP BREATH and CALM DOWN. Let us tell you exactly what the FB Messenger + Instagram + WhatsApp integration plan is really about, and what it really means for Facebook and all of us…

 

The FB Messenger + Instagram + WhatsApp Integration Plan Clarified!

What Is Going On?

The New York Times broke the story on 25 January 2019, that Facebook CEO Mark Zuckerberg is working to integrate the messaging services that power Facebook Messenger, Instagram and WhatsApp.

Essentially, he wants all three platforms to use the same messaging platform or protocol to communicate.

Are The Three Apps Being Merged?

NO.

Some reports (looking at your, Forbes and BBC!) have claimed that WhatsApp is merging with Facebook Messenger and Instagram, or that WhatsApp and Instagram will be integrated with Facebook Messenger. That is NOT TRUE.

Facebook is not going to combine all three apps into a single mega-app – the one app to rule them all. WhatsApp, Instagram and Facebook Messenger will continue to be separate apps.

What Exactly Has Changed?

NOTHING at the moment. This FB Messenger + Instagram + WhatsApp integration project is scheduled to be completed by the end of 2019, or early 2020.

Until the new unified messaging protocol is complete and implemented in all three apps, nothing will change. At the moment, all three apps continue to use their existing messaging protocols.

What We Know About The Messenger + Instagram + WhatsApp Integration Plan So Far

Let’s enumerate what we know about the FB Messenger + Instagram + WhatsApp integration plan :

  1. All three apps will still function independently
  2. All three apps will use the same messaging protocol
  3. The new unified messaging protocol will support end-to-end encryption

Why Does Facebook Want To Do This?

Migrating all three apps to a unified messaging protocol or platform has some real advantages for Facebook :

  • far less work is needed to maintain a single platform or set of protocols, than three different platforms or sets of protocols
  • it will extend the reach of their three apps, helping to “encourage” users of one app to use the other two apps.
  • it will make it easier for them to harvest more information, to create more accurate user profiles.
  • it should make it easier to introduce or extend new features into all three apps, e.g. time-limited Stories.

Is This Good Or Bad For Users?

There are some potential advantages for users…

  • users of any one of those three apps will be able to communicate with each other, without installing the other apps.
  • users of any one of those three apps will be able to share data (photos, videos, files, etc.) with each other, without installing the other apps.
  • it will introduce end-to-end encryption to Instagram, which does not yet support it.
  • potentially, it could mean end-to-end encryption will be enabled by default for Facebook Messenger (which currently only supports end-to-end encryption if you turn on Secret Conversations).
  • it could promote greater accountability and transparency, with a reduction in fake accounts and profiles.

On the other hand, the tighter integration has some serious potential ramifications…

  • it will be harder to obfuscate or separate your profile in one app, from your profiles in the other two apps.
  • any bug or vulnerability in the unified messaging protocol will affect all three apps.
  • any successful attack will cause far greater damage, with far more data lost or stolen.
  • it does not address serious privacy concerns – even if end-to-end encryption is enabled by default for all three apps in the new unified messaging protocol, the metadata isn’t.
  • it may make it more difficult for users to consider alternative apps or services.
  • abusing one app (intentional or otherwise) could get you banned or blocked on all three apps.

How Serious Are These Concerns?

The New York Times reported that Mark Zuckerberg’s “championing” of the FB Messenger + Instagram + WhatsApp integration plan led to “internal strife” over privacy concerns. How bad?

Apparently, it led to the founders of both Instagram (Kevin System and Mike Krieger) and WhatsApp (Jan Koum and Brian Acton) leaving Facebook. Dozens of WhatsApp employees also clashed with Mark Zuckerberg over this integration plan.

But Don’t Panic Just Yet…

There is no need to be one of those headless chickens running around, screaming that the world has ended or is about to end. The WhatsApp Messenger you have come to rely on has not changed, or will change for many more months to come.

The project is still in its infancy. Facebook is internally planning to complete the project by the end of 2019, and probably early 2020. There is still the better part of the year to consider alternative messaging apps out there.

 

Recommended Reading

[adrotate group=”2″]

Go Back To >  Software | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The Lenovo ThinkShield Tech Briefing by Thorsten Stremlau!

Lenovo recently introduced ThinkShield – a complete end-to-end security solution to keep all of their devices secure throughout their life cycle. Join us for the official Lenovo ThinkShield tech briefing by Thorsten Stremlau!

 

The Lenovo ThinkShield Tech Briefing

Lenovo ThinkShield is a comprehensive suite of hardware, software and policies that are designed to protect Lenovo devices from the design and manufacturing stages, and all the way through their lifespans.

Thorsten Stremlau, Lenovo Commercial Chief Technology Officer, flew in to give us a briefing on Lenovo ThinkShield. Check it out!

Lenovo ThinkShield Secures Devices through the Entire Lifecycle

  • From secure BIOS and firmware development to features like ThinkPad Privacy Guard security screens and the industry’s first laptop camera shutters, Lenovo builds protection into its products.
  • Security doesn’t stop at design: Lenovo has unique control over its global supply chain, setting strict security standards and policies for its manufacturing facilities.
  • Lenovo’s strategic partnership with Intel has enabled them to align with the Intel Transparent Supply Chain, which allows customers to locate the source of each component of their new system.
  • Lenovo oversees the security of suppliers who build intelligent components, making sure they conform to rigorous Trusted Supplier Program guidelines and best practices. For an extra layer of transparency, Lenovo Quality Engineers can audit suppliers at any time.

Lenovo ThinkShield Protects Users’ Identities and Credentials

  • A founding member of FIDO®, Lenovo offers the industry’s first and only FIDO-certified authenticators—plus match-on-chip fingerprint technology—to give companies safer, easier ways to protect their employees’ identities.
  • An industry-leading level of integration with Intel Authenticate—up to 7 authentication factors—offers greater security and flexibility than vendors providing fewer authentication methods.
  • BIOS-based Smart USB protection allows IT professionals to configure USB ports to respond only to keyboards and pointing devices, keeping employees’ PCs safer.

Lenovo ThinkShield Protects Users Online

  • Lenovo WiFi Security, in partnership with Coronet, detects threats and notifies users when they are about to connect to unsafe wireless networks.
  • BUFFERZONE technology isolates online threats before they infect the whole organization.
  • Lenovo Endpoint Management, powered by MobileIron, provides a secure, simple way to unify cloud and endpoint security across multiple devices.

Lenovo ThinkShield Protects Users’ Data

  • Absolute Persistence technology provides IT admins with an unbreakable connection to all of their devices so they can leverage enriched asset intelligence, automate endpoint hygiene and stay audit-ready with continuous compliance.
  • Once devices reach the end of their lifecycle, Lenovo keeps potentially sensitive data secure by wiping the drives and securely recycling the parts.
  • Lenovo offers a paid Keep Your Drive service that ensures sensitive information never leaves customers’ hands.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Business + Enterprise | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Tips On Staying Safe While Shopping Online!

Here is a short guide by the Kaspersky Lab team on how to stay safe while shopping online during the holiday sales, whether it’s for Black Friday, Cyber Monday or Christmas! Bookmark it for reference, and share this with your friends!

 

Kaspersky Lab Tips On Staying Safe While Shopping Online!

Why Is This Important?

14 families of malware targeting 67 different popular consumer brands around the world were recently detected. It caused the exposure of a large amount of client emails from a popular online shop.

Emails may seem a small matter but this sort of information is in fact precious to scammers. Any personal data can be used by cybercriminals to target their victims.

Increase in the share of financial phishing in the last years

How Do Scammers Compromise Your Personal Data?

If a company is compromised and scammers get hold of customer’s email addresses, they can create an automatized spam mailout that mimics an authentic email. This would entice users to follow a malicious link or download a malicious file onto their devices.

What Should You Do?

Be very careful as we head into the holiday sales season, from Black Friday till Christmas and Boxing Day sales – the busiest time of the year. Do not compromise your bank accounts by following a phishing link and entering your bank credentials. Research shows that malware designed to steal data from online banking and payment accounts has extended its reach to target online shoppers.

Amazon sent out a warning as soon as the leak was exposed. And, although Amazon’s actions have been criticized for a lack of technical detail and a recommendation not to change users passwords, it’s great that company’s representative’s didn’t hesitate to warn their customers about possible threats, asking them to be on the lookout to minimize possible damage,” said Tatyana Sidorina, security researcher at Kaspersky Lab.

Tips On Staying Safe While Shopping Online

To keep yourself safe from fraudsters while shopping online during this holiday season, Kaspersky Lab recommends taking the following precautionary measures:

  • Always check the link address and the sender’s email to find out if they are genuine before clicking anything – very often phishers create URLs and e-mails that are are very similar to the authentic addresses of big companies, yet differ from them with one or two letters.
  • To make sure you follow a correct link, do not click on it, but type it into your browser’s address line instead.
  • Do not enter your credit card details in unfamiliar or suspicious sites and always double-check the webpage is genuine before entering any personal information (at least take a look at the URL). Fake websites may look just like the real ones.
  • If you think that you may have entered your data into a fake page, don’t hesitate. Change your passwords and pin-codes ASAP. Use strong passwords consisting of different symbols.
  • Never use the same password for several websites or services, because if one is stolen, all of your accounts will be put at risk. To create strong hack-proof passwords without having to face the struggle of remembering them, use a password manager such as Kaspersky Password Manager.
  • To ensure that no one penetrates your connection to invisibly replace genuine websites with fake ones, or intercept your web traffic, always use a secure connection – only use secure Wi-Fi with strong encryption and passwords, or apply VPN solutions that encrypt the traffic. For example, Kaspersky Secure Connection will switch on encryption automatically, when the connection is not secure enough.

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Facebook Privacy Tools Are Now Easier To Find. Yay?

Facebook has been doing a belated job of closing the barn door after the horses have bolted out and rampaged through the village. Now they officially announced that Facebook privacy tools are “easier to find”. Yay for transparency?

Read the official Facebook press release on making privacy tools easier to find… and tell us what you think!

 

Facebook Privacy Tools Now Easier To Find

By Erin Egan, VP and Chief Privacy Officer, Policy and Ashlie Beringer, VP and Deputy General Counsel

Last week showed how much more work we need to do to enforce our policies and help people understand how Facebook works and the choices they have over their data. We’ve heard loud and clear that privacy settings and other important tools are too hard to find and that we must do more to keep people informed.

So in addition to Mark Zuckerberg’s announcements last week – cracking down on abuse of the Facebook platform, strengthening our policies, and making it easier for people to revoke apps’ ability to use your data – we’re taking additional steps in the coming weeks to put people more in control of their privacy.

Most of these updates have been in the works for some time, but the events of the past several days underscore their importance.

Making Data Settings and Tools Easier to Find

Controls that are easier to find and use. We’ve redesigned our entire settings menu on mobile devices from top to bottom to make things easier to find. Instead of having settings spread across nearly 20 different screens, they’re now accessible from a single place. We’ve also cleaned up outdated settings so it’s clear what information can and can’t be shared with apps.

New Privacy Shortcuts menu. People have also told us that information about privacy, security, and ads should be much easier to find. The new Privacy Shortcuts is a menu where you can control your data in just a few taps, with clearer explanations of how our controls work. The experience is now clearer, more visual, and easy-to-find. From here you can:

  • Make your account more secure: You can add more layers of protection to your account, like two-factor authentication. If you turn this on and someone tries to log into your account from a device we don’t recogni​se, you’ll be asked to confirm whether it was you.
  • Control your personal information: You can review what you’ve shared and delete it if you want to. This includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook.
  • Control the ads you see: You can manage the information we use to show you ads. Ad preferences explains how ads work and the options you have.
  • Manage who sees your posts and profile information: You own what you share on Facebook, and you can manage things like who sees your posts and the information you choose to include on your profile.

Tools to find, download and delete your Facebook data.

It’s one thing to have a policy explaining what data we collect and use, but it’s even more useful when people see and manage their own information. Some people want to delete things they’ve shared in the past, while others are just curious about the information Facebook has.

So we’re introducing Access Your Information – a secure way for people to access and manage their information, such as posts, reactions, comments, and things you’ve searched for. You can go here to delete anything from your timeline or profile that you no longer want on Facebook.

We’re also making it easier to download the data you’ve shared with Facebook – it’s your data, after all. You can download a secure copy and even move it to another service. This includes photos you’ve uploaded, contacts you’ve added to your account, posts on your timeline, and more.

The Road Ahead

[adrotate group=”2″]

It’s also our responsibility to tell you how we collect and use your data in language that’s detailed, but also easy to understand. In the coming weeks, we’ll be proposing updates to Facebook’s terms of service that include our commitments to people.

We’ll also update our data policy to better spell out what data we collect and how we use it. These updates are about transparency – not about gaining new rights to collect, use, or share data.

We’ve worked with regulators, legislators and privacy experts on these tools and updates. We’ll have more to share in the coming weeks, including updates on the measures Mark shared last week.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!