Beware the Four Horsemen

How far would you go to protect your children from sexual predators? How much privacy would you give up to try to prevent the sharing of child pornography? We are now faced squarely with those questions because Apple has just announced some new initiatives that it believes will curb the viewing and sharing of pornographic images. But we need to be extremely careful here. The Four Horsemen of the Infocalypse are pedophiles, terrorists, drug dealers and organized crime. When someone asks you what privacy and civil liberties you would be willing to give up to stop these undeniably bad things, you need to replace their bogeyman with other straw men and make sure your convictions still hold. Technologies that can be used to stop something you hate today can also be used to stop things you don’t tomorrow. Today I’ll discuss Apple’s new “child safety” initiatives and explain why I think they’re making the wrong tradeoffs. And also why they are actually not that effective and even potentially harmful to children. In other news: Both T-Mobile and AT&T appear to have suffered massive data breaches of current and even prospective customers; Microsoft’s PrintNightmare continues, despite several attempts to fix the issues; millions of home routers, web cams and baby monitors are vulnerable to a new attacks; Facebook is trying to help Afgans hide their friends lists in the face of Taliban reprisals; your IoT devices are horrible with random numbers, and that’s a huge security risk; a secret terrorist watch list with almost 2 million people has leaked; and the OAuth web app authentication system is ripe for hacking, potentially putting several of your accounts at risk. Article Links Blocking the Exploitation of PrintNightmare https://securityboulevard.com/2021/08/blocking-the-exploitation-of-printnightmare/ Disabling your Print Spooler (see “Workarounds”): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Millions of home Wi-Fi routers under attack by botnet malware https://www.tomsguide.com/news/arcadyan-router-malware SEE ALSO: Router Security: https://routersecurity.org/  T-Mobile Data Breach: 100 Million Customer Data Records Compromised Including Social Security, Driver’s License & Unique Device Numbers https://www.cpomagazine.com/cyber-security/t-mobile-data-breach-100-million-customer-data-records-compromised-including-social-security-drivers-license-unique-device-numbers/ Hacker Selling Private Data Allegedly from 70 Million AT&T Customers https://restoreprivacy.com/att-data-breach-70-million-customers/  Millions of Web Camera and Baby Monitor Feeds Are Exposed https://www.wired.com/story/kalay-iot-bug-video-feeds/  Secret terrorist watchlist with 2 million records exposed online https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/  To protect users, Facebook says it’s hiding friends lists on accounts in Afghanistan https://www.nytimes.com/2021/08/20/world/asia/afghanistan-facebook.html  Web apps have become so complex that they’re unsafe to use, researchers say https://www.tomsguide.com/news/unsafe-web-apps-oauth  DEFCON “You’re doing IoT RNG” paper: https://labs.bishopfox.com/tech-blog/youre-doing-iot-rng  Apple’s New ‘Child Safety’ Initiatives, and the Slippery Slope https://daringfireball.net/2021/08/apple_child_safety_initiatives_slippery_slope We built a system like Apple’s to flag child sexual abuse material — and concluded the tech was dangerous https://www.washingtonpost.com/opinions/2021/08/19/apple-csam-abuse-encryption-security-privacy-dangerous/ Open letter to Apple from 90+ world orgs https://cdt.org/insights/international-coalition-calls-on-apple-to-abandon-plan-to-build-surveillance-capabilities-into-iphones-ipads-and-other-products/  Tell Apple not to scan our phones: https://act.eff.org/action/tell-apple-don-t-scan-our-phones  Further Info Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/