Why Hello There,
Another news week wrap-up time, and we got some good stuff this week. Off we go.
- Let’s start off the week with some privacy news, and it’s good news to boot. The Patriot Act might finally be a thing of the past. Major provisions of the act were to expire June 1st, and any efforts to stall look to have failed, in no small part due to the efforts of senator Rand Paul, and a few others that led a filibuster that ensured the act would expire. Finally, it looks like this terrible piece of legislation is dead.
- Read More @ http://www.thedailybeast.com/articles/2015/05/28/the-patriot-act-may-be-dead-for-good.html
These 8 characters crash Skype, and once they’re in your chat history, the app can’t start (Update: fixed)
- Next, a rather nasty Skype bug was discovered that would crash the Skype client on several platforms when it receives the string “http://:”. Crash is bad enough that Skype client needs to be reinstalled. The bug has since been patched.
- Read More @ http://venturebeat.com/2015/06/02/these-8-characters-crash-skype-and-once-theyre-in-your-chat-history-the-app-cant-start/
- Next, news of another large breach, this time affecting the U.S Office of Personnel Management. China is the prime suspect in the breach (no one saw that one coming, eh?). Personal information of about 4 million federal employees was compromised in the breach.
- Read More @ http://news.yahoo.com/us-officials-massive-breach-federal-personnel-data-210302099–politics.html#
- Next, in an interesting role reversal, a Chinese ISP has released a report claiming that China has been a victim of a foreign based APT group since 2012. The report mentions that the said group has been stealing data from Chinese government agencies, maritime institutions. Whether this is true or not is unconfirmed, but it wouldn’t be surprising. Though it also feels a bit like this is China’s attempt to point the finger at other nations over cyber-attack claims as it’s often itself blamed as the source of many attacks on other nations.
- Read More @ http://www.darkreading.com/vulnerabilities—threats/chinese-isp-china-is-victim-of-foreign-state-backed-apt-group/d/d-id/1320716
- Next, another privacy related story. President Obama has signed USA Freedom Act into law. The good news here is that this limits the NSA surveillance powers, especially the metadata collection program. On the other hand, it has also revived some of the questionable provisions of “The Patriot Act”. Overall, this is considered a win for digital rights activists, even though it’s far from a perfect piece of legislation.
- Read More @ https://nakedsecurity.sophos.com/2015/06/04/obama-signs-usa-freedom-act-into-law-clipping-nsas-powers/
- Next, in some other NSA related news, it looks like the agency has also been running a massive IDS on the Internet backbone, at various chokepoints operated by U.S providers. This allowed them to monitor international communication for traffic of interest. Hardly surprising at this point to find out things like this, but it just continues to illustrate how much overreach NSA surveillance has had over the years.
- Read More @ https://www.schneier.com/blog/archives/2015/06/nsa_running_a_m.html
- A new U.N report from the UN’s Office of the High Commissioner for Human Rights indicates that hindering encryption would negatively impact the right to freedom of opinion and encryption. It goes on to say that it protects expression, due process, and peaceful assembly and association. Stating that the governments should only restrict encryption and anonymity according to “principles of legality necessity, proportionality, and legitimacy in objective”. I couldn’t agree more, and it’s fantastic to see that the U.N agrees on this matter.
- Read More @ http://www.scmagazine.com/david-kaye-puts-together-united-nations-encryption-report/article/417501/