API security is crucial. Discover how authentication, #encryption, and design protect APIs. Follow key steps to secure your APIs and safeguard customer data.

https://thehackernews.com/2023/09/how-to-prevent-api-breaches-guide-to.html

#cybersecurity

#Decentralization #TechnologicalResistance #Encryption #P2P: "This book brings together voices from various fields of intellectual inquiry, based on the idea that technological, legal and societal aspects of the information sphere are interlinked and co-dependent from each other. In order to tackle the existing gap in shared semantics, this glossary converges the efforts of experts from various disciplines to build a shared vocabulary on the social, technical, economic, political aspects of decentralised, distributed or sovereign technologies: artefacts which seek to challenge the techno-social status quo by, for example, circumventing law enforcement, resisting surveillance, or being participative.

The idea ofthis glossary arose from the need for a workable, flexible and multidisciplinary resource for terminological clarity, which reflects instead of denying complexity. Situating the terms emerging through technology development in the wider context of multidisciplinary scientific, policy and political discourses, this glossary provides a conceptual toolkit for the study of the various political, economic, legal and technical struggles that decentralised, encryption-based, peer-to-peer technologies bring about and go through.

Choosing relevant technology-related terms and understanding them is to investigate their affordances within a given ecosystem of actors, discourses and systems of incentives. This requires an interdisciplinary, multi-layered approach that is attentive to the interlinkages between technological design nuances and socio-political, economic implications."

https://networkcultures.org/blog/publication/log-out-a-glossary-of-technological-resistance-and-decentralization/

#UK #OSB #Surveillance #Encryption #Privacy #DataProtection: "Let’s be clear: weak statements by government ministers, such as the hedging from Lord Parkinson during this week’s debate, are no substitute for real privacy rights.

Nothing in the law’s text has changed. The OSB gives the U.K. government the right to order message and photo-scanning, and that will harm the privacy and security of internet users worldwide. These powers, enshrined in Clause 122 of the OSB, are now set to become law. After that, the regulator in charge of enforcing the law, Ofcom, will have to devise and publish a set of regulations regarding how the law will be enforced.

Several companies that provide end-to-end encrypted services have said they will withdraw from the U.K. if Ofcom actually takes the extreme choice of requiring examination of currently encrypted messages. Those companies include Meta-owned WhatsApp, Signal, and U.K.-based Element, among others.

While it’s the last minute, Members of Parliament still could introduce an amendment with real protections for user privacy, including an explicit protection for real end-to-end encryption."

https://www.eff.org/deeplinks/2023/09/uk-government-knows-how-extreme-online-safety-bill

Monti #ransomware is back with a new #Linux version, including updated #encryption and evasion tactics. Learn how they're targeting government and legal sectors.🐧

https://thehackernews.com/2023/08/monti-ransomware-returns-with-new-linux.html

#cybersecurity #malware

Britain admits defeat in its controversial fight to break encryption.

Tech companies and privacy activists are claiming victory after an eleventh-hour concession by the British government.

The UK government has admitted that the technology needed to securely scan encrypted messages sent on Signal and WhatsApp doesn’t exist, weakening its controversial Online Safety Bill.

https://www.wired.co.uk/article/britain-admits-defeat-in-online-safety-bill-encryption

#UK #OnlineSafetyBill #OSB #Internet #WhatsApp #Signal #Encryption #Legal #Law

#UK #OSB #Cybersecurity #Encryption #Privacy #Surveillance: "Although the UK government has said that it now won’t force unproven technology on tech companies, and that it essentially won’t use the powers under the bill, the controversial clauses remain within the legislation, which is still likely to pass into law. “It’s not gone away, but it’s a step in the right direction,” Woodward says.

James Baker, campaign manager for the Open Rights Group, a nonprofit that has campaigned against the law’s passage, says that the continued existence of the powers within the law means encryption-breaking surveillance could still be introduced in the future. “It would be better if these powers were completely removed from the bill,” he adds.

But some are less positive about the apparent volte-face. “Nothing has changed,” says Matthew Hodgson, CEO of UK-based Element, which supplies end-to-end encrypted messaging to militaries and governments. “It’s only what’s actually written in the bill that matters. Scanning is fundamentally incompatible with end-to-end encrypted messaging apps. Scanning bypasses the encryption in order to scan, exposing your messages to attackers. So all ‘until it’s technically feasible’ means is opening the door to scanning in future rather than scanning today. It’s not a change, it’s kicking the can down the road.”"

https://www.wired.com/story/britain-admits-defeat-online-safety-bill-encryption/

"The UK government will concede it will not use controversial powers in the online safety bill to scan messaging apps for harmful content"
https://www.ft.com/content/770e58b1-a299-4b7b-a129-bded8649a43b

To be honest, I expected this to happen in spite of troubling statements from gov't. Relieved to see they finally started to get it. Bad news though: Online Safety Bill even without that clause is still a crappy legislation that should be discarded.

#UnitedKingdom #OnlineSafetyBill #Privacy #Encryption #Surveillance #Security

There are coveats here. They've promised to not enforce until technologies are developed to scan this material without privacy being affected.

the UK government pulls back from new #encryption rules in the Online Safety Bill, averting a clash with Big Tech, as the bill enters its final stages.

https://www.ft.com/content/770e58b1-a299-4b7b-a129-bded8649a43b
#Snooper #privacy #SnoopersCharter #Paywall

The UK is poised to force a bad law on the Internet.

WhatsApp and Signal have threatened to shut down services in Britain if the Online Safety Bill includes restrictions that undermine encryption. The government is pushing it through anyway.

https://www.wired.co.uk/article/the-uk-is-poised-to-force-a-bad-law-on-the-internet

#UK #OnlineSafetyBill #OSB #Internet #WhatsApp #Signal #Encryption #Legal #Law

#Cybersecurity #Encryption #Signal #Messaging #AI #Privacy #Surveillance: "Is Signal using Artificial Intelligence (AI)?

Signal does use one small machine learning model which is actually part of our media editing suite of tools. It allows people to click a button to automatically makes faces unrecognizable in a photo; it runs locally on your phone. For example, if you take a photo of a party where you don’t know everyone, and you don’t have consent to share facial biometric data, you can click a button and this model will help you recognize faces and blur them so you can ensure privacy. That’s a nice and useful application of AI and it doesn’t send data to an app company.

What, then, is the problem with AI?

When AI systems are used, they are usually used for surveillance. They profile people’s faces and create data about whose face that is or what kind of person that face indicates. It’s used for ratings or for other purposes, which are surveillance in themselves. To create these AI systems, you first have to have huge amounts of data to train and inform those systems so they can be calibrated. The metastasis of AI as a kind of dominant and very hyped form of technology is antithetical to ensuring real privacy. It entrenches and expands the business model of surveillance, because its insatiable demand for data will naturally lead to more surveillance, more collection and generation of data."

https://schweizermonat.ch/when-ai-systems-are-used-they-are-usually-used-for-surveillance/#

#UK #OSB #Encryption #Surveillance #Cybersecurity: "It’s a 21st-century form of prior restraint, violating the very essence of free speech. It’s a death knell for end-to-end encryption, and with it, every internet user’s right to privacy.

Private communication is a fundamental human right, and in the online world, the best tool we have to defend this right is end-to-end encryption. It ensures that governments, tech companies, social media platforms, and other groups cannot view or access our private messages, the pictures we share with family and friends, or our bank account details. This is a particularly vital protection for the most vulnerable in society, such as children seeking relief from abuse or human rights defenders working in hostile environments."

https://www.thedailybeast.com/crackdowns-on-encrypted-messaging-dont-help-the-children

#Cybersecurity #Encryption #Messaging: "With end-to-end encrypted technology, no one but you and the intended recipients can know what you wrote or said — not hackers, the app companies or the police.

Except, not everything is end-to-end encrypted in end-to-end encrypted apps.

That could mean what you type in chats are saved on company computers that corporations such as Apple or your phone provider could read. Details such as the timestamps of every text to your boyfriend might not be under lock and key, either.
That’s not necessarily bad. Each end-to-end encryption choice has trade-offs. More privacy and security could also make it harder for you to use an app, or can shield activity of terrorists and child predators.

The mess I’m describing — end-to-end encryption but with certain exceptions — may be a healthy balance of your privacy and our safety.

The problem is it’s confusing to know what is encrypted and secret in communications apps, what is not and why it might matter to you.

To illuminate the nuances, I broke down five questions about end-to-end encryption for five communications apps."

https://www.washingtonpost.com/technology/2023/08/22/encryption-imessage-whatsapp-google/

While I totally agree (from my own work experience included) that encrypting firmware is essential, as well as having such guide... IMO I'd like to stress without diversifying encryption keys and making it unique per each device there's not much to gain from it https://interrupt.memfault.com/blog/firmware-encryption-with-python

#Encryption #Embedded #Firmware #ReverseEngineering #Hardware #IoT

Google Chrome will soon support X25519Kyber768, a powerful quantum-resistant #encryption algorithms to safeguard against potential future threats.

https://thehackernews.com/2023/08/enhancing-tls-security-google-adds.html

#cybersecurity #technology

'Changes to UK Surveillance Regime May Violate International Law'

https://www.justsecurity.org/87615/changes-to-uk-surveillance-regime-may-violate-international-law/

#UK #law #legal #encryption #messaging

Do we really need yet another end to end encrypted server and client (App)?

Signal and Matrix / Riot work reasonably well.

Enlighten me.

#Messaging #Encryption

Meta is set to support end-to-end #encryption for Messenger chats by year-end. Meta redesigned over 100 Messenger features to keep your chats both safe and seamless.

https://thehackernews.com/2023/08/meta-set-to-enable-default-end-to-end.html

#cybersecurity #informationsecurity

@Theholypumpkin @toby @bunsenlabs

Also one major "can't use" for me - regardless of #ChipShortages and #Scalpers - is the lack of a convenient #LUKS #Encryption setup in both #RaspberryPiOS and @ubuntu / #Ubuntu for @Raspberry_Pi / #RaspberryPi.

Not gonna argue the lack of @tails or official @torproject #TorBrowser but to make #FullDiskEncryption viable and useable, it just can't be restricted to external media or having to manually fiddle around, cuz that's a pain in the rear.

#UK #Cybersecurity #Surveillance #Encryption #PoliceState: "The United Kingdom (U.K.) government has recently unveiled plans to revise the Investigatory Powers Act 2016 (IPA), the primary legislation governing the surveillance of electronic communications in the United Kingdom. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference (hacking). The proposed changes to the IPA notices regimes include an obligation to comply with the content of a potential notice during the review period and before a notice is actually served, an obligation to disclose technical information about the company’s systems during the same review period, measures to strengthen the extraterritorial application of the notices and obligations for companies to give advance notice to the U.K. Secretary of State before implementing any technical changes. This article focuses on the latter two changes. It examines how the United Kingdom likely would be in breach of international human rights law (IHRL) by interfering with the privacy and security of online users both within and outside of its borders, should it decide to move forward with the proposed revisions."

https://www.justsecurity.org/87615/changes-to-uk-surveillance-regime-may-violate-international-law/

#UK #OSB #Encryption #Cybersecurity #messaging : "The main criticism of the legislation to date has been on freedom of expression grounds. Critics have said it will have a chilling effect, encouraging tech giants to ban users who might get the platforms into trouble with the regulators. Now the companies are warning that the bill has a national security implication too.

Ukraine often uses messaging services to communicate securely with its allies, including the UK. The British armed forces and their allies also use services such as Signal alongside military communications systems. Do ministers really want to weaken western security? Have they thought this through?

If Signal and WhatsApp cannot be used on British-registered phones, anyone who needs access will presumably have to ship in a second, secure device from the US."

https://www.thetimes.co.uk/article/49f0ac72-3c66-11ee-81cd-1bf34cc855cb?shareToken=d65e5c7e06ed75bbcb822945be00dc25