But the changes go only so far in limiting the risks Recall poses. As I pointed out, when Recall is turned on, it indexes Zoom meetings, emails, photos, medical conditions, and—yes—Signal conversations, not just with the user, but anyone interacting with that user, without their knowledge or consent. Researcher Kevin Beaumont performed his own deep-dive… Read More »
The flow of adding new members to a WhatsApp group message is: A group member sends an unsigned message to the WhatsApp server that designates which users are group members, for instance, Alice, Bob, and Charlie The server informs all existing group members that Alice, Bob, and Charlie have been added The existing members have… Read More »
Security and privacy advocates are girding themselves for another uphill battle against Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store everything a user does every three seconds. When Recall was first introduced in May 2024, security practitioners roundly castigated it for creating a gold mine for malicious insiders,… Read More »
Thomas Reed, staff product manager for Mac endpoint detection and response at security firm Huntress, and an expert in iOS security, said he found NowSecure’s findings concerning. “ATS being disabled is generally a bad idea,” he wrote in an online interview. “That essentially allows the app to communicate via insecure protocols, like HTTP. Apple does… Read More »
Screenshot showing the phishing email sent to Cyberhaven extension developers. Credit: Amit Assaraf A link in the email led to a Google consent screen requesting access permission for an OAuth application named Privacy Policy Extension. A Cyberhaven developer granted the permission and, in the process, unknowingly gave the attacker the ability to upload new versions… Read More »
Both operating systems will display a list of apps and whether they are permitted access always, never, only while the app is in use, or to prompt for permission each time. Both also allow users to choose whether the app sees precise locations down to a few feet or only a coarse-grained location. For most… Read More »
“SimpleX, at its core, is designed to be truly distributed with no central server. This allows for enormous scalability at low cost, and also makes it virtually impossible to snoop on the network graph,” Poberezkin wrote in a company blog post published in 2022. SimpleX’s policies expressly prohibit “sending illegal communications” and outline how SimpleX… Read More »
Getty Images reader comments 90 Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees. Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks had logged user passwords in… Read More »
The Tor Project reader comments 27 The Tor Project, the nonprofit that maintains software for the Tor anonymity network, is joining forces with Tails, the maker of a portable operating system that uses Tor. Both organizations seek to pool resources, lower overhead, and collaborate more closely on their mission of online anonymity. Tails and the… Read More »
Getty Images reader comments 37 When security researcher Johann Rehberger recently reported a vulnerability in ChatGPT that allowed attackers to store false information and malicious instructions in a user’s long-term memory settings, OpenAI summarily closed the inquiry, labeling the flaw a safety issue, not, technically speaking, a security concern. So Rehberger did what all good… Read More »