Tech News

Messaging your mates on WhatsApp could soon be a thing of the past. The popular app is facing a total UK ban as new laws being rushed through would stop people sending any form of encrypted messages. WhatsApp, iMessage and Snapchat currently scramble communications between users and if they dont conform they will face a ban. Speaking earlier this year David Cameron warned: In our country, do we want to allow a means of communication between people which we cannot read? My answer to that question is no we must not. If I am Prime Minister, I will make sure it is a comprehensive piece of legislation that makes sure we do not allow terrorist safe spaces to communicate with each other. And the controversial law, nicknamed the snoopers charter, could be in place by the Autumn. Home Secretary Theresa May, has warned that the Government will push the legislation through – with the recent terrorist atrocities in Tunisia and France forcing the government to act quickly. The laws would mean online services such as WhatsApp, Google, Facebook and Apple would be forced to hand over messages, sent by users, to government security agencies such as MI5. It is currently unclear what the full extent of the powers will be, however many are already condemning the bill. Executive director of The Open Rights Group Jim Killock told the BBC... The government is signalling that it wants to press ahead with increased powers of data collection and retention for the police and GCHQ, spying on everyone, whether suspected of a crime or not. This is the return of the snoopers charter, even as the ability to collect and retain data gets less and less workable. And Liberty, which campaigns for civil liberties and human rights in the UK added...We take no issue with the use of intrusive surveillance powers per se - targeted surveillance can play an important part in preventing and detecting serious crime. But the current regime just does not provide sufficient safeguards to ensure that such surveillance is conducted lawfully, and in a necessary and proportionate way.

Fresh research has cast further doubt on the ability of virtual private networks (VPNs) to protect users privacy from intelligence agencies and criminal hackers. VPNs are secure lines of communication that set up a private network between devices across public networks. They protect users privacy by setting up an encrypted tunnel between the device being used and the VPN providers servers when accessing online services, in theory making it more difficult for hackers to siphon or steal data mid-transit. You can download a VPN as a browser extension if you want to make it harder for others to see what youre looking at on the web. The research was published by Queen Mary University in London, in a paper titled A Glance Through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN Clients. The scientists examined the Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad, and Hotspot Shield Elite services security.

A couple of days ago it was discovered that Samsung laptops were disabling Windows Update. For those unfamiliar with Windows Update, it is a tool included on every copy of Windows that basically helps search for the latest updates to help keep your computer patched and updated to the latest Windows software. Instead Samsung decided to disable it and use their own SW Update tool in its place. Naturally many users weren’t too pleased with this and the good news is that Samsung has agreed to stop doing it. In a statement provided to VentureBeat, Samsung has promised that they will be issuing a patch to its software in which it will stop disabling Windows Update. According to Samsung, “We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days.” For those wondering why this is a big deal, it is because while there is no issue with Samsung’s own software, the fact that it ignores the user’s commands is disturbing. Basically if you were to re-enable Windows Update, upon reboot the SW Update tool will disable it again. The only way to ensure your Windows Update settings are not being messed with is by uninstalling SW Update. In any case if you’re a Samsung laptop owner, this is an update you’ll want to keep an eye out for.

Detecting pieces of malware and powerful cyberweapons of all types is what cybersecurity companies do, therefore it is clear the creators of Duqu 2 were so confident that it would never be discovered they decided to attack one of the worlds best-known cybersecurity companies directly. Kaspersky Lab has revealed how it uncovered the Duqu 2 attack against its own network and believes it is a generation ahead of anything wed seen earlier in terms of its thinking and the techniques it uses to remain undetectable. So, what is Duqu 2, where did it come from and how was it detected An evolution of Duqu Duqu was a sophisticated piece of malware discovered in 2011 having been used in a number of intelligence-gathering attacks against a range of industrial targets. Duqu had a number of similarities to the infamous Stuxnet worm, leading many to believe it was also developed by the US and Israel. Duqu was detected after being deployed in Hungary, Austria, Indonesia, the UK, Sudan and Iran, and there are clues that the cyberweapon was used to spy on the Iran nuclear programme and also to compromise certificate authorities to hijack digital certificates. How was it discovered Duqu was discovered because it attacked the one group which could have possibly recognised it was under attack - Kaspersky Lab. The Russian security company was testing a very early version of its Anti-APT solution - a piece of software designed to detect advanced state-sponsored cyberattacks such as Stuxnet, Gauss, Flame, Red October, The Mask... and of course Duqu. Kaspersky said it detected the exceptional attack in early spring this year after the attackers had been inside their system for a number of months thanks to the expertise of our researchers and our technologies. How powerful is Duqu 2 This is how Kaspersky Lab founder Eugene Kaspersky put it: We found something really big here. Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a generation ahead of anything wed seen earlier – it uses a number of tricks that make it really difficult to detect and neutralise. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed.

The computer of German Chancellor Angela Merkel was used to spread Trojan malware during a cyberattack on the German parliament (Bundestag), Bild am Sonntag reports. BERLIN (Sputnik) – German Bundestag’s internal computer network was hacked in May. It was unclear whether the cybercriminals, which some reports said were Russian, obtained any classified information as a result of the breach. Bild am Sonntag said on Sunday that Merkel’s computer was one of the first attacked by the hackers, who accessed the system using Trojan malware. The chancellor’s name was then used to spread the virus to other computers through a fake invitation to a conference. A link in the letter would activate the Trojan virus. None of the sources close to Merkel could say whether the hackers stole any data from the chancellor’s computer, the German newspaper said. Merkel was at the center of a spying scandal in 2013, when former US intelligence contractor Edward Snowden revealed that the US National Security Agency (NSA) tapped the chancellor’s phone and eavesdropped on millions of Germans using a listening post in Bavaria.

An independent review of U.K. surveillance powers conducted by QC David Anderson published its findings this week. Among its recommendations the report calls for judges to sign off interception warrants, and for a new law to govern surveillance powers — replacing the problematic patchwork of outdated and amended legislation that currently exists with stricter and more coherent oversight. The report also supports continued use of “bulk data collection” (aka mass surveillance) by U.K. intelligence agencies — so long as “strict additional safeguards” oversee its usage and minimize privacy impacts. Anderson writes: …if the acceptable use of vast state powers is to be guaranteed, it cannot simply be by reference to the probity of its servants, the ingenuity of its enemies or current technical limitations on what it can do. Firm limits must also be written into law: not merely safeguards, but red lines that may not be crossed. He also weighs in on encryption, although his recommendations here are rather more murky. In essence, he is taking the view that more widespread use of strong encryption ultimately sanctions mass surveillance — and even hacking activities by state agencies — as necessary workarounds to get at information that’s otherwise locked out of reach. The 300-page+ report was commissioned by U.K. Prime Minister David Cameron last year in the wake of NSA whistleblower Edward Snowden’s revelations. Since then Cameron has stepped up his rhetoric in support of state surveillance powers, making hawkish pronouncements arguing for expanded capabilities — to the point where, earlier this year, he appeared to be calling for an effective ban on strong encryption. “Are we going to allow a means of communication between people which even in extremis, with a signed warrant from the Home Secretary personally, that we cannot read? No we must not. The first duty of any government is to keep our country and our people safe,” said Cameron back in January. Anderson’s review backs Cameron’s notion that encryption should not be an ultimate barrier to security agencies — arguing that the power to “intercept a particular communication” or “track a particular individual” “needs to exist”, although he also qualifies this by saying such a power might only be usable “where skill or trickery can provide a way around the obstacle”.