Recently Browsing 0 members
No registered users viewing this page.
Twitter says state-actors may have gained access to people's phone numbers
by Paul Hill
Twitter has announced that it has found attempts by hackers to access phone numbers registered with user accounts. The social network became aware of the attack on December 24, 2019, and said that a large number of fake accounts were attempting to exploit its API to match usernames to phone numbers.
Twitter believes that the attack could be state-backed because it observed a high volume of requests coming from individual IP addresses located in Iran, Israel, and Malaysia but beyond that, it’s unclear who the perpetrator is. It said that it was disclosing the possible link to a state “out of an abundance of caution and as a matter of principle.”
The feature is supposed to let new users upload their contact book to find their friends and family already registered on the platform. Users that don’t want to be found in this way can disable the option. Twitter said that users who had the option disabled in the first place or do not have a phone number associated with their account were not affected by this vulnerability.
To address the problem, Twitter has altered the feature so that specific account names are no longer given in response to queries. It has also suspended accounts that were found to be making use of this exploit. The company said that it is “very sorry” for what has happened.
By Hamza Jawad
GitHub confirms heavy restrictions in U.S.-sanctioned regions like Iran and Syria
by Hamza Jawad
U.S. trade sanctions upon certain regions having led to companies limiting their services in these countries isn't something new. Last year, Slack ended up accidentally banning anyone who logged in from Iran, a mistake it soon rectified. However, it has since blocked all Iran-based activity, in compliance with U.S. regulations.
It looks like other firms may now be following suit, with GitHub announcing its stance with regards to the issue in a statement on its website. Availability in these areas, which include Crimea, Cuba, Iran, North Korea, and Syria, is being heavily restricted, with users only being allowed limited access to the world's largest source code repository host for personal, non-commercial usage.
The firm noted that private repositories will be unavailable for residents in the aforementioned regions, with the same applying to paid services such as private organizational accounts or the GitHub Marketplace as well. Essentially, this only leaves behind certain free services that can be utilized. Furthermore, users are also prohibited from disguising their locations through IP proxies and VPNs. Those who now have restricted private repos can choose to make them public, in order to continue accessing them.
In a series of tweets, GitHub CEO Nat Friedman stated the company's pain at people being affected by this move, but effectively acknowledged that it was powerless due to the U.S. trade laws.
As expected, people did not take kindly to the announcement, with many pointing out that alternate arrangements that could have been undertaken. For example, Slack blocks IP addresses in Iran, but does not block all accounts belonging to these regions. This enables users to still retain access through VPNs, though as has been mentioned before, GitHub has chosen not to go down the same route.
The restrictions will be applied based on users' locations, and not their nationality or ethnicity. This means that only those attempting to gain access to GitHub while being present in a sanctioned region will be affected. People who believe their accounts have been banned due to an error will be able to appeal the decision through an account reactivation request process.
By Jay Bonggolto
Slack bans multiple users with links to Iran despite living abroad already
by Jay Bonggolto
In early 2014, the U.S. Treasury Department's Office of Foreign Assets Control added services and software used for personal communications to the list of technologies covered by the U.S. sanctions on Iranian transactions. Now, this regulation might have prompted a series of closures of multiple Slack accounts owned by individuals with links to Iran but were no longer living in that country.
A number of users have reported having received an email from Slack, informing them that their account has been deactivated in compliance with the U.S. economic sanctions on Iran. It's important to note that many of these users claim having left the country already before the account deactivation was enforced. Affected users claim they're now living in Canada or the U.S.
Here's what the email notification from Slack says:
Slack also confirmed that its system is designed to close an entire workspace if it determines that its primary owner "has an IP address originating from a designated embargoed country," including Iran.
For those whose accounts have been deactivated erroneously, Slack provides a review process through which they may recover their account and workspace. Affected users can send an email to the company at firstname.lastname@example.org to reverse the shutdown.
Source: The Verge | Image via Navid Rahimi (Twitter)
Huawei CFO arrested, faces extradition for suspected sanctions violations
by Paul Hill
Huawei’s Chief Financial Officer (CFO) has been arrested in Canada and faces extradition to the United States because it suspects that she was involved in breaking U.S. sanctions against Iran. According to The Globe and Mail, the CFO was arrested in Vancouver, Canada, at the request of U.S. law enforcement. According to Huawei, Meng Wanzhou, was arrested when she transferred between flights in Canada.
In a statement about the arrest of its CFO, Huawei said:
Meng Wanzhou is not only the firm’s CFO, she also holds the post of deputy chair of Huawei’s board and is also the daughter of the company’s founder, Ren Zhengfei. Discussing her arrest, Justice Department spokesman Ian McLeod said:
As was to be predicted, the Chinese government has criticised the move and called for the CFO to be released. This development comes amidst a growing trade war between the U.S. and China, and the chasing out of Huawei in several markets allied with the U.S.
Source: The Globe and Mail