Tag Archive for: surprising

Cured DNS hack makes a surprising comeback



As per the group of researchers from Tsinghua University and UC Riverside, the vulnerability affects a majority of the popular DNS services, including Google’s 8.8.8.8 and CloudFlare’s 1.1.1.1.   The …

Source…

In A Surprising Decision, European Court Of Human Rights Says Sweden’s Mass Surveillance Is Fine

In the wake of Snowden’s revelations of the scale of mass surveillance around the world, various cases have been brought before the courts in an attempt to stop or at least limit this activity. One involved Sweden’s use of bulk interception for gathering foreign intelligence. A public interest law firm filed a complaint at the European Court of Human Rights (ECtHR). It alleged that governmental spying breached its privacy rights under Article 8 of the European Convention on Human Rights (pdf). The complaint said that the system of secret surveillance potentially affected all users of the Internet and mobile phones in Sweden, and pointed out that there was no system for citizens to use if they suspected their communications had been intercepted. The ECtHR has just ruled that “although there were some areas for improvement, overall the Swedish system of bulk interception provided adequate and sufficient guarantees against arbitrariness and the risk of abuse”:

In particular, the scope of the signals intelligence measures and the treatment of intercepted data were clearly defined in law, permission for interception had to be by court order after a detailed examination, it was only permitted for communications crossing the Swedish border and not within Sweden itself, it could only be for a maximum of six months, and any renewal required a review. Furthermore, there were several independent bodies, in particular an inspectorate, tasked with the supervision and review of the system. Lastly, the lack of notification of surveillance measures was compensated for by the fact that there were a number of complaint mechanisms available, in particular via the inspectorate, the Parliamentary Ombudsmen and the Chancellor of Justice.

When coming to that conclusion, the Court took into account the State’s discretionary powers in protecting national security, especially given the present-day threats of global terrorism and serious cross-border crime.

One expert in this area, TJ McIntyre, expressed on Twitter his disappointment with the judgment:

It might have been too much to expect bulk intercept ruled out in principle, but it is surprising to see a retreat from existing standards on safeguards.

McIntyre played a leading role in one of the key cases brought against mass surveillance, by Digital Rights Ireland in 2014. It resulted in the EU’s top court, the Court of Justice of the European Union (CJEU), ruling the EU’s Data Retention Directive was “invalid”. As McIntyre notes, the detailed ECtHR analysis mentions the CJEU decision, but not the more recent ruling by the latter that struck down the “Safe Harbor” framework because of mass surveillance by the NSA.

The judgment significantly waters down safeguards previously developed by the ECtHR in relation to notification and possibility of a remedy against unlawful surveillance.

For example, McIntyre points out the ECtHR accepted that it is necessary for the Swedish signals intelligence service to store raw material before it can be manually processed:

Remarkably weak controls on storage and downstream use of intercept material were accepted by the ECtHR — in particular, it was satisfied with retention of bulk intercept “raw material” for one year!

Something of a setback in terms of limiting mass surveillance, the latest judgment goes against the general trend of decisions by the arguably more important CJEU court. In 2014 the latter effectively ruled that its own decisions should take precedence over those of the ECtHR if they came into conflict. That is now more likely, given the CJEU’s hardening position against mass surveillance, and the diverging judgment from the ECtHR, which shows some softening.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Permalink | Comments | Email This Story

Techdirt.

Blackhole exploit kit makes a surprising encore appearance

The Blackhole exploit kit has made a surprising reappearance two years after cybercriminals stopped using it, according to security vendor Malwarebytes.

Exploit kits are frameworks planted on Web pages that try to find software flaws on the computers in order to silently install malware.

Blackhole was one of most popular exploit kits, but it faded from prominence after its alleged creator, who went by the nickname Paunch, was arrested in Russia. The kit was sold or rented to other cybercriminals in the underground economy for hacking tools.

To read this article in full or to leave a comment, please click here

Network World Security

New, Surprising Facts About iPhone Security – The Mac Observer


The Mac Observer

New, Surprising Facts About iPhone Security
The Mac Observer
Initially, Juniper Networks sent me a copy of its report, “Trusted Mobility Index,” a rather dry title, but full of interesting tidbits about the state of mobile security. That's a subject near and dear to my heart, so I followed up, and I was invited
Employees Bypassing IT as BYOD Takes HoldIT Business Edge (blog)

all 3 news articles »

“mobile security” – read more