Things That Would Not Have Happened On Safe

Periscope and twitter are the same company and work together. So this is not unsurprising.

Its like giving permissions to a addon package to access the product it is being added to.

2 Likes

“after discovering that the phones were regularly found in operations against organised crime groups and that the company was operating from servers in France. Eventually, it was possible to put a technical device in place to go beyond the encryption technique and have access to the users’ correspondence.”

5 Likes

Anyone read that? It sounds from the intro that they cracked into the circles of the various criminal rings and obtained the keys for each criminal ring and then could decode messages for each of those criminal rings.

5 Likes

I think they malware’d the devices, before encryption. Must have got control of the centralized patch/update services.

4 Likes

I guess end to end encryption isn’t as much of a problem to law inforcment - they just have to work harder.

Like in the old days, they will have to invest resources on suspects and not mass data collection.

Bring on safenet.

8 Likes

https://nitter.net/TwitterSupport/status/1283591846464233474?ref_src=twsrc^tfw|twcamp^tweetembed|twterm^1283591846464233474|

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

3 Likes

Worth wondering about how “Things That Would Not Have Happened On Safe”.

Social engineering will always be a liability… and prompted a thought that at some point there will be group accounts… and m.of.n signing. Still, group account actions, could be signed by the individual member so, it’s clearer what is compromised and much easier to manage and limit.

But with the twitter it may have taken one social engineering hack to gain access to every twitter account (for sending tweets at least). But a SAFE twit APP the cracker would have to social engineer the access from each account independently.

Obviously if the one person/organisation runs multiple accounts then its multiple.

Now also add that you are now also trying to social engineer the private keys from the person/organisation, and that arguably is a more difficult task as they prob do not know the private keys anyhow, so the social engineering attack requires them to get the person to either hand over the safe account credentials or a more complex method to obtain the keys. And in my mind this is more difficult. And still one account at a time

6 Likes

What may be possible for example: get the keys/control of a moderator account of a popular/important forum on the SAFE network. With this moderator account you could then filter what is visible on that forum and what not. But you wouldn’t be able to fake messages from other known accounts with this moderator account.

3 Likes

Yes, true

My post was more pointed to the twitter, FB, etc type of account rather than curating type accounts.

But still with SAFE then a compromised moderator account simply means people need to disable that account’s moderation ability for themselves and perhaps the forum site can disable moderators for everyone (unless user overrides)

2 Likes
7 Likes
2 Likes

Another database screw-up…

3 Likes
7 Likes
4 Likes

More than 1,000 unsecured databases so far have been permanently deleted in an ongoing attack that leaves the word “meow” as its only calling card, according to Internet searches over the past day.

https://news.hitb.org/content/ongoing-meow-attack-has-nuked-1000-databases-without-telling-anyone-why

5 Likes

Got to say…

If this cat is going after databases without proper security - i’d prefer the data to be deleted, I hope they are not making copies.

I’d like the cat to become a permanent feature of the internet, a beast that all IT people are warned about…

“If you don’t follow security best practices the cat will get you”

Meow

5 Likes

I don’t know what to say…

Edit: just noting that fits “Who’s Data is it Anyway!”

3 Likes
6 Likes

eek Human Rights Watch too.

1 Like