Recently Browsing 0 members
No registered users viewing this page.
President Trump's Twitter password was 'maga2020!', says researcher
by Paul Hill
Victor Gevers, a Dutch hacker, was able to break into President Donald Trump’s Twitter account on October 16, 2020, by using the password 'maga2020!' according to reports. To prove his feat, he shared a screenshot with the Dutch outlet, Vrij Nederland (VN), showing the edit profile dialog box where he could have changed Trump’s display name, profile picture, and cover image.
There were two astounding details about the breach; the first was that it only took Gevers seven attempts to guess the correct password, the other was that there was no two-factor authentication enabled to tighten up security on the account.
Luckily for Trump, Victor Gevers is an ethical hacker so rather than deface or steal data from the account, which he could have done, he sent an email to Trump to inform him that he had managed to hack the account; this is known as responsible disclosure. If Gevers had malicious intent, he could have downloaded the president's data file which includes all information including deleted direct messages.
At the time of writing, Vrij Nederland has reached out to Twitter to ask why the account of such a well-known figure is not protected with more security. It said that the social media firm had not responded to those queries yet.
Source: Vrij Nederland (Dutch)
By Usama Jawad96
WhatsApp Business to get improved privacy, service fees
by Usama Jawad
Facebook launched WhatsApp Business back in 2018 to help small businesses interact with customers and sell their products. In the current pandemic, the need for a central hub to communicate with online retailers has become more important than ever. The company says that over 175 million people message a WhatsApp business account daily.
To further improve upon this experience, WhatsApp has detailed a host of new changes that it will be making to its service.
First and foremost, it will be making it easier for businesses to sell products directly from the chat, and allow them to integrate these features with their existing solutions for customer and business management.
It will also be expanding its roster of business solution providers for companies that want to work with other firms for hosting and managing their communications. To that end, it plans to roll out Facebook's own hosting services soon too, which businesses will be able to utilize to manage inventories and respond to messages to customers.
Furthermore, WhatsApp will also be charging business accounts a fee for the services that are offered to them. The company says:
Lastly, new privacy features will also be introduced to protect customer conversations, although the company hasn't gone into the details of what this entails. All of these changes will be gradually rolled out to customers over the next few months, and we'll likely learn more about them closer to their respective launches.
United States DOJ sues Google for monopolistic practices
by João Carrasqueira
Today, the Department of Defense in the United States filed an antitrust lawsuit against Google, claiming the company has violated antitrust laws to maintain its monopoly on the search engine and advertising markets. The lawsuit is backed by 11 Attorneys General from the states of Arkansas, Florida, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Missouri, Montana, South Carolina, and Texas.
The Department's announcement labels Google as the "monopoly gatekeeper to the internet", as the company's search engine has accounted for over 90% of searches made in the United States for years. Additionally, the lawsuit claims that Google has used anticompetitive strategies to maintain its hold on the market, including a series of exclusionary agreements that force companies to sell or distribute products with Google preinstalled or set as the default search engine.
Specifically, the complaint mentions the following cases where Google has bought its way into more users' lives:
The Department of Justice calls back to 1998, when Microsoft was at the center of a similar investigation, as well as another similar case involving AT&T in 1974. Citing the case against Microsoft, the Department says it recognizes that "high-technology monopolists" are forbidden from entering agreements that force companies to use their products as default, or cut off distribution channels for rivals. The lawsuit against Google follows that same spirit.
Naturally, the lawsuit claims the Google's practices have harmed the quality of products in the field by stifling its competitors. For consumers, this means that things such as user privacy and data protection have been lost or degraded in the process.
Google has already fired back at the Department of Justice in a blog post, saying that it's easy for users to change search engines on any device they use. The company also mentions that Bing is the default search engine on Windows 10, though Bing is nowhere near market dominance in the search space. The company finishes by saying it's "focused on delivering the free services that help Americans every day".
The search giant has been the target of many investigations and fines in the European Union in recent years, but has remained relatively untouched in the United States. It will be interesting to see how the lawsuit develops.
By Usama Jawad96
Microsoft urges organizations to ensure data privacy instead of relying on state legislature
by Usama Jawad
With remote working environments becoming the new normal with the ongoing pandemic, digital data privacy and security has become more important than ever. To that end, over the past few weeks, Microsoft has launched the Zero Trust Deployment Center, new Threat Protection APIs, and initiatives to promote cybersecurity awareness.
Now, the company is urging individual organizations to do more in ensuring the privacy and security of customer data rather than solely relying on the state legislature in the U.S.
In a blog post penned by Julie Brill, Corporate Vice President for Global Privacy and Regulatory Affairs and Chief Privacy Officer at Microsoft, the executive has stated that as society transitions to recovering from the pandemic, data will play a critical role in rebuilding an equitable economy that is just for all. This data includes personal information and in order to fully utilize it, it is essential that people trust that their data will not be misused. Over the past few years, data breaches have led people to be extra cautious about how companies store and use their data, and Microsoft says that customer trust is quite fragile currently.
Brill went on to say that while some U.S. states, the EU, and other countries have recently developed individual data privacy laws like General Data Protection Regulation (GDPR), the United States as a whole is still using decades-old laws that are only limited to protecting a subset of data. The executive stated:
Moving forward, Brill believes that while laws are important, the responsibility to ensure data security and privacy still lies with individual organizations. Recent YouGov surveys have shown that people in the United States believe that this is the responsibility of companies rather than the government. However, companies are instead placing this responsibility on customers themselves by pressuring them to navigate across various websites and apps to make decisions about how their data will be used. Brill stated:
To that end, Microsoft has outlined four principles that it believes will create a framework of trust. These are:
Microsoft believes that building this trust with customers is doable provided that both organizations as well as the government actively work together to develop and enforce laws about data privacy. It has also encouraged companies to take responsibility for protecting customer data, stating that it is the only way forward in the path to a robust and just economic recovery.
End-to-end encryption coming to Zoom next week
by Paul Hill
Zoom has announced that it will finally roll out end-to-end encryption (E2EE) from next week. Initially, it will be launched as a technical preview where Zoom will ask for feedback from users. This period will last for about 30 days so that any issues can be ironed out.
Once E2EE is launched to the public, users on both the free and paid tiers will be able to host up to 200 participants in an E2EE meeting on Zoom. These meeting rooms will provide increased privacy and security for those who need it.
According to the firm, Zoom’s E2EE uses the same GCM encryption that is in use right now in Zoom meetings, the difference is that with E2EE, the meeting’s host generates encryption keys and uses public-key cryptography to distribute these keys to other participants. This means that Zoom’s servers never see the encryption keys required to decrypt a meeting’s content.
Commenting on the launch of E2EE, Zoom CEO Eric S. Yuan, said:
To begin using E2EE when it launches next week, users will need to enable E2EE meetings at the account level and opt-in on a per-meeting basis. It should be noted that not all of Zoom’s features are available in E2EE mode, these include join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions. To learn more about E2EE on Zoom, check out the FAQ at the bottom of the announcement.