SECURITY: Germany may dictate no end-to-end encryption

Tuesday, October 14, 2025

https://digitalchew.com/2025/10/05/chat-control-could-break-encryption-warns-signal/

Chat Control Could Break Encryption, Warns Signal
Reginald Edward
October 5, 2025

*** begin quote ***

Key Takeaways

  • Signal’s president warns Germany that Chat Control could destroy user privacy.
  • Chat Control forces apps to scan messages before encryption.
  • The plan would weaken secure chats and allow mass surveillance.
  • Signal says it will leave the EU if Chat Control becomes law.
  • Germany’s vote on Chat Control could shape global privacy rules.

*** end quote ***

And what happens when one Gooferment does it —  whatever the particular “it” is, other Gooferments think “what a great idea” and do it too.

Argh!

— 30 —

Leave a Comment » | SECURITY | Tagged: , , , , , , , , , , , , | Permalink
Posted by reinkefj

SECURITY: Don’t forget the old printer as a “data leak”

Thursday, September 18, 2025

FROM TLDR Information Security 2025-09-10

*** begin quote ***

USB drives are still a problem – but they’re not your only data exfiltration risk (Sponsor)

While most organizations focus on blocking USB devices, attackers and insiders can just as easily steal data through network shares, cloud storage, or even local folder access. You need visibility and control over ALL storage access points.

*** end quote ***

Yeah, but I remember that brokers used to keep a shadow book at home.  Meticulously copying or printing duplicates of “their” Client accounts.  

Now it’s easy to just use your phone to take a picture.  AI or software will even extract the text from the picture so no reentering data drudgery. 

I’ve even seen utilities that will put files into QR codes for backup and recovery.

Never underestimate human inginuity to get what they want. Be it drugs, sex, money, or data.

— 30 —

Leave a Comment » | SECURITY | Tagged: , , , , , | Permalink
Posted by reinkefj

TECHNOLOGY: An idea for a competive App store?

Monday, November 18, 2024

FROM: TLDR Information Security 2024-11-18

North Korean-Linked Hackers Were Caught Experimenting With New macOS Malware (2 minute read)

Three variants of a new macOS malware have been detected. One variant was written in Python, one in Golang, and one using Flutter, which heavily obfuscates code by default. The malware was embedded in a clone of Minesweeper. No evidence of exploitation has been found – the callback domain returns a 404. The malware appeared to target cryptocurrency developers. It had several of the hallmarks of a Lazarus group attack. 

# – # – # – # – # 

If someone would make an App Store that certified apps as “malware free”, then I bet they could make a lot of money.  I’d just surcharge the app’s price by a dollar or two.  Maybe even just charge a fraction of a bitcoin.

If I was younger and richer, then I’d try to exploit that niche.  Alternative App Stores to Google Play and Apple Apps Stores.  The EU and the US Gooferment are going to force Google and Apple to support alternatives.  So you have to make that alternative App Store have a significant value proposition.

IMHO

—30—

Leave a Comment » | Technology | Tagged: , , , , | Permalink
Posted by reinkefj

SECURITY:  YubiKeys are vulnerable to cloning attacks

Wednesday, September 4, 2024

https://tldr.tech/infosec/2024-09-04

TLDR Information Security 2024-09-04

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (3 minute read)

The YubiKey 5 hardware token for two-factor authentication has a cryptographic flaw that makes it vulnerable to cloning attacks when physically accessed by an attacker. Yubico has confirmed that all YubiKey 5 models are susceptible to cloning due to a side channel vulnerability in the Infineon microcontroller used in various authentication devices. Updating firmware on affected YubiKeys is not possible, leaving them permanently vulnerable to potential attacks.

# – # – # – # – # 

Guess that you can toss these in the trash can or trash bin!

Still think that the authenticator app of a phone is the best two factor authentication technique.

—30—

Leave a Comment » | SECURITY | Tagged: , , , , | Permalink
Posted by reinkefj