Weekly Axis Of Easy #49
In this issue:
- Do this now: Disable your email PGP/GPG plugin
- Every O/S in existence hit by same security flaw
- Reports of Cambridge Analytica’s demise may have been premature
- Welcome to the drone wars
- Hardening Drupal: how to protect your sites
- Best Black Mirror ever: China’s Sesame Credit system
- Isis leaders captured using smartphone app
- Over 100K users infected by malicious Chrome extension
A rare “stop the presses” moment occurred when we saw the following this morning: The EFF has issued an urgent alert that new vulnerabilities have been discovered affecting email encryption plugins such as Enigmail, GPGtools and Gpg4Win which “pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”Full details will be published in a paper on Tuesday, 7am UTC (3am ET), in the meantime EFF is urgently recommending anybody using these tools to disable them right away.
Last we reported on the purported demise of Cambridge Analytica and I quipped “watch where the assets end up on liquidation”. What transpired in the days following seems to indicate that the disgraced data miner may have pulled a fast one and simply shed one corporate coil for another and is now reborn as “Emerdata”, a related company with common principles, addresses and directors.
A couple of stories about drone usage, one to police the public and one to thwart the police: In Chicago legislation requires that a warrant be obtained before using a drone for surveillance. Mayor Rahm Emanuel wants to remove that requirement. Critics fear an onslaught of warrantless surveillance drones, equipped with facial recognition software patrolling the city 24 x 7.
In the wake of a couple serious Drupal vulnerabilities which we’ve been following here, security journalist Kim Crawley has released “A quick-and-dirty guide to hardening your Drupal” sites against compromise. Worth a quick review if you’re running Drupal anywhere in your environment.
I keep reporting on China’s Sesame Credit, a system which gamifies obedience to the State and that becomes compulsory for all citizens in 2020 because it’s like a slow motion car crash for me. This is where we’re headed, in our own way, in our own uniquely Western flavour. And we won’t care. That’s the scary part.As Charles Hugh Smith observes: The Chinese system aligns with all states’ desire for Total Information Awareness, but the rules in China are particularly Kafka-esque and may not be there to protect the public from threats as much as to protect the State itself from the public.
5 top ISIS leaders have been captured after authorities used the Telegram app on another captured ISIS member’s phone to lure them into proximity. “Intelligence services used a phone belonging to a detained aide to the group’s leader Abu Bakr al-Baghdadi, to contact the other commanders to set up a meeting in Iraq, Iraqi security adviser Hisham al Hashemi told the Telegraph.”
Last week security firm Radware released their findings on 7 malicious Chrome extensions which made it into the Google Play store. The malware would snarf user login credentials and installed crypto-currency miners on their devices. At least 100,000 browsers were infected.