China bans federal officials from buying Apple products

China’s government has banned its ministries and federal agencies from buying Apple products, as a state-led campaign against US technology companies in China gathers momentum.

Ten Apple products including the iPad, iPad Mini, MacBook Air and MacBook Pro were left off a government procurement approved list distributed last month, after they were included in a June version of the list, Bloomberg and Chinese media reported on Wednesday. China is Apple’s second-biggest market, after the US.

Earlier this week, both foreign antivirus software companies in China, Kaspersky Lab of Russia and Symantec of the US, were also struck off the list.

Copyright The Financial Times Limited 2014.

Full article at: http://www.ft.com/cms/s/0/7e4fb978-1d70-11e4-8b03-00144feabdc0.html

GCHQ has tools to manipulate online information, leaked documents show

By James Ball for The Guardian

Documents leaked by Edward Snowden reveal programs to track targets, spread information and manipulate online debates

 The UK intelligence agency GCHQ has developed sophisticated tools to manipulate online polls, spam targets with SMS messages, track people by impersonating spammers and monitor social media postings, according to newly-published documents leaked by NSA whistleblower Edward Snowden.

Full article at: http://www.theguardian.com/uk-news/2014/jul/14/gchq-tools-manipulate-online-information-leak

 

UN commissioner criticises decision to fast-track emergency surveillance bill

Alan Travis, home affairs editor for The Guardian, 16 July 2014

Navi Pillay says data retention and investigatory powers bill will not address privacy concerns raised by European court of justice

 The UN human rights chief has criticised Britain’s rush through parliament this week of the new emergency law on surveillance and data retention.

The UN high commissioner for human rights, Navi Pillay, said the data retention and investigatory powers bill – known as the Drip bill – will not address key privacy concerns raised by the European court of justice when it struck down the current regime in April and should be the subject of wider public debate.

“To me it’s difficult to see how the UK can now justify rushing through wide-reaching emergency legislation which may not fully address the concerns raised by the court, at time when there are proceedings ongoing by the UK’s own investigative powers tribunal on these very issues,” Pillay said in Geneva on Wednesday.

 

Full article at:  http://www.theguardian.com/uk-news/2014/jul/16/un-commissioner-criticises-decision-fast-track-emergency-surveillance-bill

 

Emergency surveillance bill to be fast-tracked despite 49 MPs’ opposition

Alan Travis, home affairs editor, The Guardian, 

Parliament approves timetable motion for Drip bill as government accepts Labour amendments to strengthen safeguards

Forty-nine MPs have voted against rushing the government’s emergency surveillance legislation through all its Commons stages in just one day.

A deal between the three major parties, however, secured the fast-track timetable by 436 votes to 49, despite accusations from one Labour MP that the move amounted to “democratic banditry resonant of a rogue state”.

 

Full article at:  http://www.theguardian.com/politics/2014/jul/15/emergency-surveillance-legislation-fast-tracked-parliament

Blanket digital surveillance is a start. But how about a camera in every bathroom?

The Data Retention and Investigatory Powers Act needs strengthening. Only terrorists and paedophiles can object. The House stands ready to act.

By Simon Jenkins of the Guardian

Parliament this week passed a law allowing the bulk collection by the government of all internet traffic in the United Kingdom. It was the fifth addition to state surveillance powers since the Regulation of Investigatory Powers Act 2000 (Ripa). The following is an extract from Hansard for 1 April next year.

Full article at:  http://www.theguardian.com/commentisfree/2014/jul/17/blanket-digital-surveillance-is-a-start-but-how-about-a-camera-in-every-bathroom

Why the Security of USB Is Fundamentally Broken

By Andy Greenberg

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

Full article at:  http://www.wired.com/2014/07/usb-security/

Android devices ‘threatened by fake apps’

By Hannah Kuchler in San Francisco

Google’s Android operating system is making mobile devices vulnerable to cyber criminals seeking to access users’ personal information, according to researchers who claim to have found a flaw in the software.

Hackers can create a fake identification code allowing them to pretend to be an existing app with a good reputation, researchers at Bluebox Security have warned – a ruse that enables them to move around a mobile device and tap into its data.

Bluebox Security said it informed Google of the problem in April, and the technology group has since provided all of its Android device partners with a fix. However, any device that has not been updated with the latest version of the Android operating system remains at risk.

Copyright: The Financial Times Limited 2014. 

 

Full article at:  http://www.ft.com/cms/s/0/a77a502c-167e-11e4-8210-00144feabdc0.html

 

The spies in your living room: 70% of smart appliances vulnerable to cyber-attack

By Graham Templeton

Some months ago, the hacker/trolling group DerpTrolling tweetedthat they were attacking Xbox Live with their botnet of refrigerators. Many took this to be a joke, since it sounds so ridiculous, and Derp certainly likes to play up the absurdity of the world that’s available to the modern hacker. But make no mistake: Derp was not joking. When most of your attacks are based on sending one of the simplest possible communications — the simple requests that collectively make up a distributed denial of service (DDoS) attack — you don’t need a bleeding-edge Mac Pro to do it. Even a fridge, or a stove, and certainly a television, is powerful enough to be useful to hackers of all stripes, and new research shows that many of them are almost totally unprotected.

Full article at:  http://www.geek.com/apps/the-spies-in-your-living-room-70-of-smart-appliances-vulnerable-to-cyber-attack-1600725/

ECB hacked in attempt to extort cash

By Claire Jones in Frankfurt

The European Central Bank has been hit by an electronic attack in a breach of security that only emerged following an attempt to extort cash from the institution in return for the information stolen from its website.

The ECB said on Thursday that email addresses and contact data had been taken from part of the website where people sign up for conferences and visits. Twenty thousand email addresses and a smaller number of street addresses and telephone numbers left by people registering for events held by the central bank were compromised by the theft.

No market sensitive information was stolen.

Copyright: The Financial Times Limited 2014.

Full article at:  http://www.ft.com/cms/s/0/67b32a28-1317-11e4-925a-00144feabdc0.html

Easier Ways to Protect Email From Unwanted Prying Eyes

By Molly Wood for The New York Times

It’s time to face reality: Pursuing digital security should be as much of a no-brainer as locking your door before you leave the house.

Identity theft, corporate security breaches and an increased interest in personal privacy are forcing some changes. Many of us are choosing stronger passwords and changing them more often, locking down social media accounts and being more conscious of how we communicate. If you haven’t taken these steps, you should.

But one of our favorite forms of electronic communication — email — remains one of the hardest to secure. Security experts say email is a lot more like a postcard than a letter inside an envelope, and almost anyone can read it while the note is in transit. The government can probably read your email, as can hackers and your employer.

What’s the solution?

Full article at:  http://www.nytimes.com