Weekly Axis Of Easy #152
This Week’s Quote: “What is essential is to develop the will to see things, to see how humanbeings are manipulated, to see where there might be impulses by which people are manipulated” …by ???
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
In this issue:
- New US Bill aims to end warrant-proof encryption
- PayPal preparing to enter Bitcoin marketplace
- Hackers use Google analytics to steal credit cards
- Julian Assange hit with additional conspiracy indictment
- Google to launch news service, will pay publishers for content
- French contact tracing app flops as citizens uninstall en masse
- Wikileaks rival posts files from multiple police departments
- India bans Chinese mobile apps as border conflict goes cyber
- Zimbabweans scramble for bitcoin under capital controls, currency collapse
- AxisOfEasy Salon 10: When Maximum Pessimism meets Irrational Exuberance
A new US Bill called “The Lawful Access to Encrypted Data Act” looks to end so-called “warrant-proof” encryption in products and services. Warrant-proof basically means there is no back door in the encryption that a law enforcement agency could use to access encrypted data. Senators Lyndsay Graham (R-SC), Tom Cotton (R-AR ) and Marsha Blackburn (R-TN) claim that weakens (privacy) national security and want to be able to force tech companies to provide access to encrypted communications with a court order or warrant.
That means back doors will have to be built into US tech platforms and products and pretty well everybody who isn’t a career politician, or a spy, or a prosecutor, thinks it’s a terrible idea that will only accomplish weakening security for all across the board.
It also means all non-US companies who wouldn’t be operating under similar legislation in their own countries would acquire a competitive advantage over US companies, courtesy of the US government.
According to multiple sources informing CoinDesk, PayPal is preparing to offer direct sales of Bitcoin in conjunction with Venmo, its mobile payments subsidiary. The word is the move would be happening in three months “perhaps sooner” and involves some sort of built-in wallet within PayPal itself.
Other payment providers like Square already provide for purchasing Bitcoin and this just furthers the evidence that crypto is here to stay, and the long Bitcoin bear market could finally be in the rear view mirror.
Hackers use Google analytics to steal credit cards
Looks like there’s yet another Magecart credit card scooping malware making the rounds, we reported on a couple other strains here and here.
This one uses Google’s analytics,
A new method to bypass Content Security Policy (CSP) using the Google Analytics API disclosed last week has already been deployed in ongoing Magecart attacks designed to scrape credit card data from several dozen e-commerce sites.
This new tactic takes advantage of the fact that e-commerce web sites using Google’s web analytics service for tracking visitors are whitelisting Google Analytics domains in their CSP configuration (a security standard used to block the execution of untrusted code on web apps).
A couple of security companies (Sansec and Perimeter-X) showed proof-of-concept research that using CSP to prevent credit card skim attacks like Magecart is useless when Google analytics are installed on the target website.
Julian Assange hit with additional conspiracy indictment
The US Government has filed a “superseding indictment” against Wikileaks founder Julian Assange. A superseding indictment is one that takes the place of a previously filed one, in this case the 18 count indictment filed under the old U.S Espionage Act back in May of 2019.
This one contains additional allegations that Assange attended hacker conferences in Europe and Asia with the purpose of recruiting sources of information, and that they conspired with Lulzec and “Anonymous” hackers to commit intrusions.
Google is creating a licensing program to pay publishers “for high quality content” as part of a forthcoming news service to launch later this year. This Axios piece touches on the anti-trust implications of such a move. Given that the search giant is already under regulators sights for possible abuses of its dominant market position, I think the number one search engine in the world coming out with a news channel carries all kinds of implications.
Deals have already been cut in Germany and Australia where publishers who normally paywall their material will be paid by Google, who will then allow users to access it for free.
The news channel will be geared toward local and regional outlets, in order to “create uniquely valuable coverage in communities.”
When asked if they would be signing “hyper-partisan publishers”, the response was that Google “would work to ensure a variety of publishers with different viewpoints, including political viewpoints, would be represented”.
This restores my faith that Google will afford equal access across the full spectrum of allowable political thought, all the way from New York Times, right across to the other side of the Overton Window at Washington Post.
French contact tracing app flops as citizens uninstall en masse
As contact tracing apps proliferate around the world, various countries are having varying degrees of success with digitally tracking the spread of COVID-19 among the populace. We covered a few countries in last week’s AxisOfEasy, including a look at Canada’s forthcoming app, which, I must concede looks poised to be an example of government sponsored contact tracing done correctly: the app will anonymize data, it won’t be stored or leave the device, and the source code is open source and posted to the Canadian Digital Services’s GitHub.
In France, things aren’t going so well. After deploying approximately 1.5 million apps, only 68 persons reported contact which then only notified 14 other people of their exposure risk. As a result, close to half-a-million French…persons have unceremoniously uninstalled it. France’s Digital Service’s minister is downplaying the result, spinning it as proof that infections are down and this is good news.
Speaking of contact tracing apps, this piece over on Mint Press News looks at an “immunity passport” app maker, Covi-Pass, reportedly has their VCode(TM) immunity passport ready to deploy in 15 countries.
“VCode® allows any user to gain information instantaneously on the move in both online and offline environments.”
“VCode® links directly to any form of information such as; websites, videos, photos, books, documents and much more.”
Up next: Implants.
Wikileaks rival site posts files from multiple police departments
It looks like I missed the advent of DDoSecrets when they launched a little over year ago. It’s a Wikileaks style repository of whistleblowing material and data dumps that aims to provide more analysis and background on the material leaked, and they have also released some material Wikileaks didn’t. They make their files available over Tor Hidden Web as well as from their main site.
Most recently, they appear to have posted a repository called “Blueleaks”, which, according to their Twitter account (which is now suspended, I note), contains:
“ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”
Security researcher Brian Krebs contacted an entity named in the dumps and confirmed that the leaked materials were legitimate.
More background: https://www.cjr.org/tow_center/emma-best-ddosecrets.php
India bans Chinese mobile apps as border conflict goes cyber
Tensions are rising between the two nuclear powers India and China, over a disputed border area in the Himilayan Mountains. A recent border clash killed dozens of soldiers on both sides. India has now banned 59 digital apps that originate or have ties to China.
India’s IT ministry, “invoked Section 69A of the IT Act 2000 that lets the government block services if they’re deemed dangerous for sovereignty and integrity of the country”
The banned apps include: TikTok, WeChat and Weibo.
Full list: https://economictimes.indiatimes.com/news/defence/india-and-china-to-hold-talks-every-week-to-discuss-the-ongoing-dispute/liveblog/76680892.cms
Speaking of TikTok, it turns out the app was accessing your clipboard content on iOS devices, even though the company said last year it would stop doing that after the practice came to light. A beta transparency feature in iOS 14 revealed the app was still doing it anyway, forcing TikTok to say they’ll stop doing it all over again.
The country of Zimbabwe is experiencing another currency crisis, only a little over a decade since that country’s currency was destroyed by hyperinflation (although it had the highest performing stock market, in nominal terms). Now the government has ordered the stock market to cease trading and banned all mobile payments. The latter is a huge part of the economy in Zimbabwe because physical cash is hard to come by for most normal people, they use mobile payments, the most popular being Ecocash.
Ecocash has vowed to defy the order, saying that only the central bank can order them to shut down. Meanwhile, Zimbabweans are scrambling to protect their savings and their purchasing power, fleeing to alternatives such as Bitcoin, which now trades with as much as an 18% premium there (Ecocash can be used to buy Bitcoin)
Last week on the AxisOfEasy Salon #10, Charles Hugh Smith, Jesse Hirsh and I discussed the bizarre quantum superposition we seem to exist in these days, a Schroedinger’s Cat-like existence where we exist simultaneously in a state of Maximum Pessimism and Irrational Exuberance. We eagerly await some external observer to collapse the wave function into one reality or the other, but until then, humanity seems to be experiencing both!
Listen here: https://axisofeasy.com/podcast/salon-10-remember-when-maximum-pessimism-and-irrational-exuberance-were-mutually-exclusive/