WikiLeaks Reveals the ‘Snowden Stopper’: CIA Tool To Track Whistleblowers

schwit1 quotes a report from Zero Hedge: As the latest installment of it’s “Vault 7” series, WikiLeaks has just dropped a user manual describing a CIA project known as “Scribbles” (a.k.a. the “Snowden Stopper”), a piece of software purportedly designed…

schwit1 quotes a report from Zero Hedge: As the latest installment of it’s “Vault 7” series, WikiLeaks has just dropped a user manual describing a CIA project known as “Scribbles” (a.k.a. the “Snowden Stopper”), a piece of software purportedly designed to allow the embedding of “web beacon” tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon’s creator without being detected. Per WikiLeaks’ press release. But, the “Scribbles” user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA’s watermarks become visible to the end user and their cover is blown.

Read more of this story at Slashdot.

WikiLeaks Reveals the ‘Snowden Stopper’: CIA Tool To Track Whistleblowers

schwit1 quotes a report from Zero Hedge: As the latest installment of it’s “Vault 7” series, WikiLeaks has just dropped a user manual describing a CIA project known as “Scribbles” (a.k.a. the “Snowden Stopper”), a piece of software purportedly designed…

schwit1 quotes a report from Zero Hedge: As the latest installment of it’s “Vault 7” series, WikiLeaks has just dropped a user manual describing a CIA project known as “Scribbles” (a.k.a. the “Snowden Stopper”), a piece of software purportedly designed to allow the embedding of “web beacon” tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon’s creator without being detected. Per WikiLeaks’ press release. But, the “Scribbles” user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA’s watermarks become visible to the end user and their cover is blown.

Read more of this story at Slashdot.

Lawsuit: Fox News Group Hacked, Surveilled, and Stalked Ex-Host Andrea Tantaros

An anonymous reader quotes a report from Ars Technica: Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, curren…

An anonymous reader quotes a report from Ars Technica: Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 “John Doe” defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her. Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News’ then-Chairman and CEO Roger Ailes, Bill O’Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment. Tantaros claims that as early as February of 2015, a group run out of a “black room” at Fox News engaged in surveillance and electronic harassment of her, including the use of “sock puppet” social media accounts to electronically stalk her. Tantaros’ suit identifies Peter Snyder and Disruptor Inc. as the operators of a social influence operation using “sock puppet” accounts on Twitter and other social media.

Read more of this story at Slashdot.

‘World’s Most Secure’ Email Service Is Easily Hackable

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the “world’s most secure email service.” The startup goes on to suggest that “everything else is insecure.” So it was only a matter of time before someone decide…

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the “world’s most secure email service.” The startup goes on to suggest that “everything else is insecure.” So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx’s claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) — hence the brand name — servers, which the company claims to be inherently “vulnerable.” Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx’s “code is riddled with bad examples of how to do things.” The worst issue, Helme explained, is that the Nomx’s web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. “I could read emails, send emails, and delete emails. I could even create my own email address,” Helme told Motherboard in an online chat.

Read more of this story at Slashdot.

‘World’s Most Secure’ Email Service Is Easily Hackable

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the “world’s most secure email service.” The startup goes on to suggest that “everything else is insecure.” So it was only a matter of time before someone decide…

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the “world’s most secure email service.” The startup goes on to suggest that “everything else is insecure.” So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx’s claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) — hence the brand name — servers, which the company claims to be inherently “vulnerable.” Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx’s “code is riddled with bad examples of how to do things.” The worst issue, Helme explained, is that the Nomx’s web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. “I could read emails, send emails, and delete emails. I could even create my own email address,” Helme told Motherboard in an online chat.

Read more of this story at Slashdot.

Bose Headphones Secretly Collected User Data, Lawsuit Reveals

The audio maker Bose, whose wireless headphones sell for up to $350, uses an app to collect the listening habits of its customers and provide that information to third parties — all without the knowledge and permission of the users, according to a law…

The audio maker Bose, whose wireless headphones sell for up to $350, uses an app to collect the listening habits of its customers and provide that information to third parties — all without the knowledge and permission of the users, according to a lawsuit filed in Chicago. From a report: The complaint accuses Boston-based Bose of violating the WireTap Act and a variety of state privacy laws, adding that a person’s audio history can include a window into a person’s life and views. “Indeed, one’s personal audio selections — including music, radio broadcast, Podcast, and lecture choices — provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity,” says the complaint, noting a person’s audio history may contain files like LGBT podcasts or Muslim call-to-prayer recordings.

Read more of this story at Slashdot.

Bose Headphones Secretly Collected User Data, Lawsuit Reveals

The audio maker Bose, whose wireless headphones sell for up to $350, uses an app to collect the listening habits of its customers and provide that information to third parties — all without the knowledge and permission of the users, according to a law…

The audio maker Bose, whose wireless headphones sell for up to $350, uses an app to collect the listening habits of its customers and provide that information to third parties — all without the knowledge and permission of the users, according to a lawsuit filed in Chicago. From a report: The complaint accuses Boston-based Bose of violating the WireTap Act and a variety of state privacy laws, adding that a person’s audio history can include a window into a person’s life and views. “Indeed, one’s personal audio selections — including music, radio broadcast, Podcast, and lecture choices — provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity,” says the complaint, noting a person’s audio history may contain files like LGBT podcasts or Muslim call-to-prayer recordings.

Read more of this story at Slashdot.

Virgin Media Starts Turning Customer Routers Into Public Wi-Fi Hotspots

UK ISP Virgin Media is expanding its public Wi-Fi network by co-opting customers’ home routers as hotspots. Only the most recent router design (the SuperHub v3) will be recruited at first, and customers can opt-out from the program if they wish. Virgin…

UK ISP Virgin Media is expanding its public Wi-Fi network by co-opting customers’ home routers as hotspots. Only the most recent router design (the SuperHub v3) will be recruited at first, and customers can opt-out from the program if they wish. Virgin says the change will have “no impact on customers” because affected homes will be allocated extra bandwidth. ArsTechnica offers more context: A little background: a couple of years ago, Virgin Media started trialling a public Wi-Fi service very similar to “BT Wi-Fi with FON,” where residential BT customers have their routers turned into hotspots. For some reason the broad rollout of Virgin’s service was delayed until now. There are some curious differences between BT and Virgin Media’s approach, though. For starters, it seems only Virgin Media customers will have access to this nationwide Wi-Fi network; BT grants free access to BT customers, but non-customers can pay for access ($5 per hour). The owner of that subverted hotspot doesn’t get any of the money, of course. Furthermore, while BT customers must share their ADSL or VDSL bandwidth with any public Wi-Fi users, Virgin Media promises that “your home network is completely separate from Virgin Media WiFi traffic, meaning the broadband connection you pay for is exclusively yours, and just as secure.”

Read more of this story at Slashdot.

Microsoft Says US Foreign Intelligence Surveillance Requests More Than Doubled

Microsoft Corp says it received at least a thousand surveillance requests from the U.S. government that sought user content for foreign intelligence purposes during the first half of 2016. From a report: The amount, shared in Microsoft’s biannual trans…

Microsoft Corp says it received at least a thousand surveillance requests from the U.S. government that sought user content for foreign intelligence purposes during the first half of 2016. From a report: The amount, shared in Microsoft’s biannual transparency report, was more than double what the company said it received under the Foreign Intelligence Surveillance Act (FISA) during the preceding six-month interval, and was the highest the company has listed since 2011, when it began tracking such government surveillance orders. The scope of spying authority granted to U.S. intelligence agencies under FISA has come under renewed scrutiny in recent weeks, sparked in part by evolving, unsubstantiated assertions from President Donald Trump and other Republicans that the Obama White House improperly spied on Trump and his associates.

Read more of this story at Slashdot.

Microsoft Says US Foreign Intelligence Surveillance Requests More Than Doubled

Microsoft Corp says it received at least a thousand surveillance requests from the U.S. government that sought user content for foreign intelligence purposes during the first half of 2016. From a report: The amount, shared in Microsoft’s biannual trans…

Microsoft Corp says it received at least a thousand surveillance requests from the U.S. government that sought user content for foreign intelligence purposes during the first half of 2016. From a report: The amount, shared in Microsoft’s biannual transparency report, was more than double what the company said it received under the Foreign Intelligence Surveillance Act (FISA) during the preceding six-month interval, and was the highest the company has listed since 2011, when it began tracking such government surveillance orders. The scope of spying authority granted to U.S. intelligence agencies under FISA has come under renewed scrutiny in recent weeks, sparked in part by evolving, unsubstantiated assertions from President Donald Trump and other Republicans that the Obama White House improperly spied on Trump and his associates.

Read more of this story at Slashdot.