Georgia’s secretary of state Brian Kemp doxes thousands of absentee voters

Georgia’s secretary of state Brian Kemp and candidate for state governor in the midterm election, has taken the unusual, if not unprecedented step of posting the personal details of 291,164 absentee voters online for anyone to download.

Kemp’s office posted an Excel file on its website within hours of the results of the general election, exposing the names and addresses of state residents who mailed in an absentee ballot — including their reason why, such as if a person is “disabled” or “elderly.” People on Twitter quickly noticed, expressing anger.

The file, according to the

Continue reading "Georgia’s secretary of state Brian Kemp doxes thousands of absentee voters"

Where’s the accountability Facebook?

Facebook has yet again declined an invitation for its founder and CEO Mark Zuckerberg to answer international politicians’ questions about how disinformation spreads on his platform and undermines democratic processes.

But policymakers aren’t giving up — and have upped the ante by issuing a fresh invitation signed by representatives from another three national parliaments. So the call for global accountability is getting louder. Now representatives from a full five parliaments have signed up to an international grand committee calling for answers from Zuckerberg, with Argentina, Australia and Ireland joining the UK and Canada to try to pile political pressure on Facebook. The UK’s Digital, Culture, Media and Sport (DCMS) committee has been asking for Facebook’s CEO to attend its multi-month enquiry for the best part of this year, without success…

In its

Continue reading "Where’s the accountability Facebook?"

Facebook must change and policymakers must act on data, warns UK watchdog

The UK’s data watchdog has warned that Facebook must overhaul its privacy-hostile business model or risk burning user trust for good.

Comments she made today have also raised questions over the legality of so-called lookalike audiences to target political ads at users of its platform. Information commissioner Elizabeth Denham was giving evidence to the Digital, Culture, Media and Sport committee in the UK parliament this morning. She’s just published her latest report to parliament, on the ICO’s (still ongoing) investigation into the murky world of data use and misuse in political campaigns. Since May 2017 the watchdog has been pulling on myriad threads attached to the Cambridge Analytica Facebook data misuse scandal — to, in the regulator’s words, “follow the data” across an entire ecosystem of players; from social media firms to data brokers to political parties, and indeed beyond to other still unknown actors with an interest in also
Continue reading "Facebook must change and policymakers must act on data, warns UK watchdog"

Hours before U.S. election day, Facebook pulls dozens of accounts for ‘coordinated inauthentic behavior’

Facebook has pulled the plug on 30 accounts and 85 Instagram accounts that the company says were engaged in “coordinated inauthentic behavior.”

Facebook’s head of cybersecurity policy Nathaniel Gleicher revealed the latest batch of findings in a late-night blog post Monday. “On Sunday evening, U.S. law enforcement contacted us about online activity that they recently discovered and which they believe may be linked to foreign entities,” said Gleicher, without naming the law enforcement agency. “We immediately blocked these accounts and are now investigating them in more detail.” The company didn’t have much more to share, only that the Facebook Pages associated with the accounts “appear to be in the French or Russian languages, while the Instagram accounts seem to have mostly been in English — some were focused on celebrities, others political debate,” he said. In his post, Gleicher conceded that the company “would be further along
Continue reading "Hours before U.S. election day, Facebook pulls dozens of accounts for ‘coordinated inauthentic behavior’"

A Swedish ISP has blocked Elsevier’s website in protest for forcing it to block Sci-Hub

Bahnhof’s page blocking access to Sci-Hub. (Screenshot: TechCrunch)

A little known fact about Swedes: when they get angry, they will often scribble down a note on paper — sometimes anonymously — and leave it where it will be seen, rather than confront a person face-to-face.

One extremely angry Swedish pro-freedom internet provider took that passive aggression to a whole new level. On Thursday, Stockholm-based Bahnhof was ordered by a Swedish copyright court to block Sci-Hub, a pirate site dedicated to free access to academic papers and research. The site, operated by a Kazakh student Alexandra Elbakyan, has faced court orders and threats of site blocks across Europe, following lawsuits from academic publishers like Elsevier, which brought the most recent case. Bahnhof was forced to block 20 domains associated with Sci-Hub, according to the company’s response to the court order. Resigned to the fact that it was unlikely to win
Continue reading "A Swedish ISP has blocked Elsevier’s website in protest for forcing it to block Sci-Hub"

Security researchers have busted the encryption in several popular Crucial and Samsung SSDs

Researchers at Radboud University have found critical security flaws in several popular Crucial and Samsung solid state drives (SSDs), which they say can be easily exploited to recover encrypted data without knowing the password.

The researchers, who detailed their findings in a new paper out Monday, reverse engineered the firmware of several drives to find a “pattern of critical issues” across the device makers. In the case of one drive, the master password used to decrypt the drive’s data was just an empty string and could be easily exploiting by flipping a single bit in the drive’s memory. Another drive could be unlocked with “any password” by crippling the drive’s password validation checks. That wouldn’t be much of a problem if an affected drive also used software encryption to secure its data. But the researchers found that in the case of Windows computers, often the default policy for BitLocker’s software-based
Continue reading "Security researchers have busted the encryption in several popular Crucial and Samsung SSDs"

Twitter removes thousands of accounts that tried to dissuade Democrats from voting

Twitter has deleted thousands of automated accounts posting messages that tried to discourage and dissuade voters from casting their ballot in the upcoming election next week.

Some 10,000 accounts were removed across late September and early October after they were first flagged by staff at the Democratic Party, the company has confirmed. “We removed a series of accounts for engaging in attempts to share disinformation in an automated fashion – a violation of our policies,” said a Twitter spokesperson in an email to TechCrunch. “We stopped this quickly and at its source.” But the company did not provide examples of the kinds of accounts it removed, or say who or what might have been behind the activity. The accounts posed as Democrats and try to convince key demographics to stay at home and not vote, likely as an attempt to sway the results in key election battlegrounds, according to
Continue reading "Twitter removes thousands of accounts that tried to dissuade Democrats from voting"

A pair of new Bluetooth security flaws expose wireless access points to attack

Security researchers have found two severe vulnerabilities affecting several popular wireless access points, which — if exploited — could allow an attacker to compromise enterprise networks.

The two bugs are found in Bluetooth Low Energy chips built by Texas Instruments, which networking device makers — like Aruba, Cisco and Meraki — use in their line-up of enterprise wireless access points. Although the two bugs are distinctly different and target a range of models, the vulnerabilities can allow an attacker to take over an access point and break into an enterprise network or jump over the virtual walls that separate networks. Security company Armis calls the vulnerabilities “Bleeding Bit,” because the first bug involves flipping the highest bit in a Bluetooth packet that will cause its memory to overflow — or bleed — which an attacker can then use to run malicious code on an affected Cisco or Meraki hardware. The
Continue reading "A pair of new Bluetooth security flaws expose wireless access points to attack"

Anti-fraud startup Shape Security raises $26M in Series E round to drive global expansion

Shape Security, a fraud-fighting cybersecurity company, has closed a $26 million round of Series E funding.

This will be the fifth round of funding — more than $130 million — since the Mountain View, Calif.-based company was founded in 2011. This latest round was led by Norwest Venture Partners, Kleiner Perkins, Allegis Capital and others — including JetBlue Ventures and Singtel. Shape Security said that the addition of JetBlue’s investment was because it has benefitted first-hand from its fraud-fighting technology. The company’s primary focus is on preventing imitation attacks — such as when hackers use stolen logins or malware to walk in through the front door. Shape’s enterprise defense technology protects web and mobile apps against automated attacks by utilizing artificial intelligence to differentiate ordinary customers from hackers. Using its massive trove of data, including geolocation and even mouse movements, combined with Shape’s machine learning technology, the company says
Continue reading "Anti-fraud startup Shape Security raises $26M in Series E round to drive global expansion"

Only half of the Fortune 500 use DMARC for email security

When Homeland Security told all federal government departments last year to roll out a new email security policy to cut down on incoming spam and phishing emails, three-quarters of all federal domains were compliant by the time of their deadline just a few weeks ago.

That’s far more than what the Fortune 500 accomplished in the same period. New data from Agari shows that just half of the Fortune 500 have deployed DMARC — or domain-based message authentication, reporting, and conformance policy. Email systems use DMARC policies to verify the identity of an email sender, ensuring that it’s not impersonating another domain. Depending on the DMARC settings, an email system can either monitor, quarantine or entirely reject spoofed emails, helping to cut down on the number of phishing emails that land in your corporate inbox. The data shows 51 percent of the Fortune 500 — the world’s wealthiest companies — are
Continue reading "Only half of the Fortune 500 use DMARC for email security"

Zuckerberg gets joint summons from UK and Canadian parliaments

Two separate parliamentary committees, in the UK and Canada, have issued an unprecedented international joint summons for Facebook’s CEO Mark Zuckerberg to appear before them.

The committees are investigating the impact of online disinformation on democratic processes and want Zuckerberg to answer questions related to the Cambridge Analytica-Facebook user data misuse scandal, which both have been probing this year. More broadly, they are also seeking greater detail about Facebook’s digital policies and information governance practices — not least, in light of fresh data breaches — as they continue to investigate the democratic impacts and economic incentives related to the spread of online disinformation via social media platforms. In a letter sent to the Facebook founder today, the chairs of the UK’s Digital, Culture, Media and Sport (DCMS) committee and the Canadian Standing Committee on Access to Information, Privacy and Ethics (SCAIPE), Damian Collins and Bob Zimmer respectively, write that they
Continue reading "Zuckerberg gets joint summons from UK and Canadian parliaments"

Apple’s new T2 security chip will prevent hackers from eavesdropping on your microphone

Apple’s newest MacBooks include a new feature that makes it far more difficult for hackers or spies to eavesdrop on your microphone.

Buried in Apple’s latest range of MacBooks — including the MacBook Pro out earlier this year and the just-announced MacBook Air — is the new T2 security chip, which helps protect the device’s encryption keys, storage, fingerprint data and secure boot features. Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed. “This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,” said the support guide. The camera isn’t
Apple Fall Event 2018
Continue reading "Apple’s new T2 security chip will prevent hackers from eavesdropping on your microphone"

Signal rolls out a new privacy feature making it tougher to know a sender’s identity

Signal, regarded as the gold standard of end-to-end encrypted messaging apps, is rolling out a new feature that will further protect the identities of message senders.

“While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is,” Signal revealed in a blog post Monday. Dubbed “sealed sender,” the messaging app will soon hide a sender’s information inside the envelope of an encrypted message. The sender’s “from” information will be removed from outside the message’s envelope and will instead be replaced with an short-term certificate — containing the sender’s phone number, public identity key and an expiry time — which can be used to prove a sender’s identity. The whole envelope is encrypted again. Once it’s delivered, the recipient’s device will validate that certificate and decrypts the message as it normally would — without exposing the sender’s identity at any point. Sounds
Continue reading "Signal rolls out a new privacy feature making it tougher to know a sender’s identity"

The largest software acquisition ever: IBM to buy Red Hat for $34B

At a price typically reserved for semiconductor companies, telecoms, and pharmaceutical giants, IBM announced today it would pay a record $34 billion in cash and debt to acquire enterprise open source provider Red Hat. Eclipsing Microsoft’s $26.2 billion acquisition of LinkedIn, this is the biggest software acquisition in history. It’s not the biggest tech acquisition ever, though, as that title belongs to Dell’s $67 billion buyout of data storage business EMC.

You can learn about what IBM is buying Red Hat to become a hybrid cloud company in TechCrunch editor Ingrid Lunden’s deep dive here:

So how does the IBM-Red Hat deal (if it closes), stack up against the other largest acquisitions of all time?

Top Tech Acquisitions

  1. $67 billion – Personal computer company Dell buys EMC data storage
  2. $37
    Continue reading "The largest software acquisition ever: IBM to buy Red Hat for $34B"

Big tech must not reframe digital ethics in its image

Facebook founder Mark Zuckerberg’s visage loomed large over the European parliament this week, both literally and figuratively, as global privacy regulators gathered in Brussels to interrogate the human impacts of technologies that derive their power and persuasiveness from our data.

The eponymous social network has been at the center of a privacy storm this year. And every fresh Facebook content concern — be it about discrimination or hate speech or cultural insensitivity — adds to a damaging flood. The overarching discussion topic at the privacy and data protection confab, both in the public sessions and behind closed doors, was ethics: How to ensure engineers, technologists and companies operate with a sense of civic duty and build products that serve the good of humanity. So, in other words, how to ensure people’s information is used ethically — not just in compliance with the law. Fundamental rights are increasingly seen by European regulators
Continue reading "Big tech must not reframe digital ethics in its image"

Texas has a long history of problems with Hart eSlate voting machines

During early voting in some Texas counties, a handful of voters reported seeing their straight-ticket votes changed to endorse the opposing party. Others reported that an issue with the voting machines appeared to remove any selection for U.S. Senate altogether.

The Texas Secretary of State’s office told TechCrunch that it has received “15-20 calls” from voters this week who reported being affected by the issue. All of those individuals caught the mistake and were able to correct their ballots before casting them, though that does not account for unreported instances in which voters did not notice the changed votes. In Texas, the Secretary of State serves as the chief elections officer.

Facebook takes down more disinformation activity linked to Iran

Facebook has removed 82 pages, groups and accounts for “coordinated inauthentic behavior” that originated out of Iran.

The social networking giant discovered the “inauthentic behavior” late last week, according to a blog post by the company’s cybersecurity policy chief Nathaniel Gleicher. He said the operation relied on posing as U.S. and U.K. citizens, and “posted about politically charged topics such as race relations, opposition to the President, and immigration.” The company said that although its investigation is in its early stages, it traced the activity back to Iran but does not yet know who is responsible. Facebook said that a little over one million accounts followed at least one of the pages run by the Iranian actors. The takedown also included 16 accounts on Instagram. The company shared its findings with the FBI prior to the takedowns, Gleicher added on a call. It’s the latest batch of account
Continue reading "Facebook takes down more disinformation activity linked to Iran"

Two hackers behind 2016 Uber data breach have been indicted for another hack

Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda, two people familiar with the case have told TechCrunch. Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, were indicted earlier this month in Florida on federal hacking and extortion charges for stealing data on 55,000 Lynda users’ accounts. According to the recently unsealed indictment, the FBI was considering extraditing Mereacre from Canada, but federal agents later learned that he was planning to fly to Miami on October 16. Mereacre was arrested by FBI agents once he landed, and made his initial appearance in court — at which the indictment was unsealed. The indictment accuses the two alleged hackers of obtaining tens of thousands of Lynda user accounts from a company-owned Amazon web server. Prosecutors
Continue reading "Two hackers behind 2016 Uber data breach have been indicted for another hack"

New plans aim to deploy the first U.S. quantum network from Boston to Washington DC

About 800 kilometers of unused fiber optic cable running down the U.S. eastern seaboard is set to become the first stateside quantum network. The aim is to get the quantum network up and running and accepting customers by the end of the year, making it the first time that quantum keys will be exchanged commercially on U.S. soil. Quantum Xchange, a Bethesda, Maryland-based quantum communications provider, has inked a deal for Zayo, a fiber network giant, to provide the stretch of fiber from Boston to Washington DC. Its first aim is to help connect Wall Street financiers with their back operations in nearby New Jersey, but the hope is that other industries — from healthcare to critical infrastructure — will soon use the network for their own secure communications. Quantum cryptography and networking aren’t new concepts but have risen to prominence in recent years as both a threat to
Continue reading "New plans aim to deploy the first U.S. quantum network from Boston to Washington DC"