An anonymous reader shares a report: When French prosecutors charged Pavel Durov, the chief executive of the messaging app Telegram, with a litany of criminal offenses on Wednesday, one accusation stood out to Silicon Valley companies. Telegram, French authorities said in a statement, had provided cryptology services aimed at ensuring confidentiality without a license. In other words, the topic of encryption was being thrust into the spotlight.

The cryptology charge raised eyebrows at U.S. tech companies including Signal, Apple and Meta's WhatsApp, according to three people with knowledge of the companies. These companies provide end-to-end encrypted messaging services and often stand together when governments challenge their use of the technology, which keeps online conversations between users private and secure from outsiders.

But while Telegram is also often described as an encrypted messaging app, it tackles encryption differently than WhatsApp, Signal and others. So if Mr. Durov's indictment turned Telegram into a public exemplar of the technology, some Silicon Valley companies believe that could damage the credibility of encrypted messaging apps writ large, according to the people, putting them in a tricky position of whether to rally around their rival.

Encryption has been a long-running point of friction between governments and tech companies around the world. For years, tech companies have argued that encrypted messaging is crucial to maintain people's digital privacy, while law enforcement and governments have said that the technology enables illicit behaviors by hiding illegal activity. The debate has grown more heated as encrypted messaging apps have become mainstream. Signal has grown by tens of millions of users since its founding in 2018. Apple's iMessage is installed on the hundreds of millions of iPhones that the company sells each year. WhatsApp is used by more than two billion people globally.

A recent indictment (PDF) of an Alaska man stands out due to the sophisticated use of multiple encrypted communication tools, privacy-focused apps, and dark web technology. "I've never seen anyone who, when arrested, had three Samsung Galaxy phones filled with 'tens of thousands of videos and images' depicting CSAM, all of it hidden behind a secrecy-focused, password-protected app called 'Calculator Photo Vault,'" writes Ars Technica's Nate Anderson. "Nor have I seen anyone arrested for CSAM having used all of the following: [Potato Chat, Enigma, nandbox, Telegram, TOR, Mega NZ, and web-based generative AI tools/chatbots]." An anonymous reader shares the report: According to the government, Seth Herrera not only used all of these tools to store and download CSAM, but he also created his own -- and in two disturbing varieties. First, he allegedly recorded nude minor children himself and later "zoomed in on and enhanced those images using AI-powered technology." Secondly, he took this imagery he had created and then "turned to AI chatbots to ensure these minor victims would be depicted as if they had engaged in the type of sexual contact he wanted to see." In other words, he created fake AI CSAM -- but using imagery of real kids.

The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have "created his own public Telegram group to store his CSAM." He also joined "multiple CSAM-related Enigma groups" and frequented dark websites with taglines like "The Only Child Porn Site you need!" Despite all the precautions, Herrera's home was searched and his phones were seized by Homeland Security Investigations; he was eventually arrested on August 23. In a court filing that day, a government attorney noted that Herrera "was arrested this morning with another smartphone -- the same make and model as one of his previously seized devices."

The government is cagey about how, exactly, this criminal activity was unearthed, noting only that Herrera "tried to access a link containing apparent CSAM." Presumably, this "apparent" CSAM was a government honeypot file or web-based redirect that logged the IP address and any other relevant information of anyone who clicked on it. In the end, given that fatal click, none of the "I'll hide it behind an encrypted app that looks like a calculator!" technical sophistication accomplished much. Forensic reviews of Herrera's three phones now form the primary basis for the charges against him, and Herrera himself allegedly "admitted to seeing CSAM online for the past year and a half" in an interview with the feds.

An anonymous reader shares a report: Every day for the last four years, dozens of people have shown up in the comments of one particular YouTube, declaring their love and appreciation for the content. The content: two minutes and six seconds of deep, low buzzing, the kind that makes your phone vibrate on the table, underscoring a vaguely trippy animation of swirled stained glass. It's not a good video. But it's not meant to be. The video is called "Sound To Remove Water From Phone Speaker ( GUARANTEED )." [...] If you believe the comments, about half the video's 45 million views come from people who bring their phone into the shower or bathtub and trust that they can play this video and everything will be fine.

The theory goes like this: all a speaker is really doing is pushing air around, and if you can get it to push enough air, with enough force, you might be able to push droplets of liquid out from where they came. "The lowest tone that that speaker can reproduce, at the loudest level that it can play," says Eric Freeman, a senior director of research at Bose. "That will create the most air motion, which will push on the water that's trapped inside the phone." Generally, the bigger the speaker, the louder and lower it can go. Phone speakers tend to be tiny. "So those YouTube videos," Freeman says, "it's not, like, really deep bass. But it's in the low range of where a phone is able to make sound."

The best real-world example of how this can work is probably the Apple Watch, which has a dedicated feature for ejecting water after you've gotten it wet. When I first reached out to iFixit to ask about my water-expulsion mystery, Carsten Frauenheim, a repairability engineer at the company, said the Watch works on the same theory as the videos. "It's just a specific oscillating tone that pushes the water out of the speaker grilles," he said. "Not sure how effective the third-party versions are for phones since they're probably not ideally tuned? We could test."

Google says it has evidence that Russian government hackers are using exploits that are "identical or strikingly similar" to those previously made by spyware makers Intellexa and NSO Group. From a report: In a blog post on Thursday, Google said it is not sure how the Russian government acquired the exploits, but said this is an example of how exploits developed by spyware makers can end up in the hands of "dangerous threat actors." In this case, Google says the threat actors are APT29, a group of hackers widely attributed to Russia's Foreign Intelligence Service, or the SVR. APT29 is a highly capable group of hackers, known for its long-running and persistent campaigns aimed at conducting espionage and data theft against a range of targets, including tech giants Microsoft and SolarWinds, as well as foreign governments.

Google said it found the hidden exploit code embedded on Mongolian government websites between November 2023 and July 2024. During this time, anyone who visited these sites using an iPhone or Android device could have had their phone hacked and data stolen, including passwords, in what is known as a "watering hole" attack. The exploits took advantage of vulnerabilities in the iPhone's Safari browser and Google Chrome on Android that had already been fixed at the time of the suspected Russian campaign. Still, those exploits nevertheless could be effective in compromising unpatched devices.

According to a new survey from Bitkom, cybercrime and other acts of sabotage have cost German companies around $298 billion in the past year, up 29% on the year before. Reuters reports: Bitkom surveyed around 1,000 companies from all sectors and found that 90% expect more cyberattacks in the next 12 months, with the remaining 10% expecting the same level of attacks. Some 70% of companies that were targeted attributed the attacks to organised crime, the survey found, adding 81% of companies reported data theft, including customer data, access data and passwords, as well as intellectual property such as patents. Around 45% of companies said they could attribute at least one attack to China, up from 42% in the previous year. Attacks blamed on Russia came in second place at 39%.

The increase in attacks has prompted companies to allocate 17% of their IT budget to digital security, up from 14% last year, but only 37% said they had an emergency plan to react to security incidents in their supply chain, the survey showed.

Tumblr is making the move to WordPress. After its 2019 acquisition by WordPress.com parent company Automattic in a $3 million fire sale, the new owner has focused on improving Tumblr's platform and growing its revenue. Now Automattic will shift Tumblr's back end over to WordPress, Automattic said in a blog post published on Wednesday. From a report: The company clarified that it will not change Tumblr into WordPress; it will just run on WordPress. "We acquired Tumblr to benefit from its differences and strengths, not to water it down. We love Tumblr's streamlined posting experience and its current product direction," the post explained. "We're not changing that. We're talking about running Tumblr's backend on WordPress. You won't even notice a difference from the outside," it noted.

Automattic says the move to WordPress will have its advantages, as it will make it easier to share the company's work across the two platforms. That is, Automattic's team will be able to build tools and features that work on both services, while Tumblr will be able to take advantage of the open source developments that take place on WordPress.org. In addition, WordPress will be able to benefit from the "tools and creativity" that are invested into Tumblr.

Microsoft is to discontinue the Microsoft Action Pack and Microsoft Learning Pack on January 21, 2025, sending partners off to potentially pricier and cloudier options. From a report: The Action Pack and Learning Pack, alongside Silver or Gold Membership, gave Microsoft partners access to many on-premises licenses for the company's software. The company's recommended replacements, Partner Success Core Benefits and Partner Success Expanded, abandon those benefits in favor of cloud services. According to Microsoft, it is "evolving the partner benefits offerings to provide partners with the tools and support they need to continue to lead the way in the shifting tech landscape."

Or cutting back on some things in favor of others. After all, it would never do to have all that software running on-premises when Microsoft has a perfectly good cloud ready to take on partner workloads. A Register reader affected by the change told us: "The first impact for us will be cost. We'll need to go from Action Pack ($515 + VAT) to Partner Success Core ($970 + VAT). Secondly, the benefits appear to have moved all online. "That's not a problem for day-to-day operations but it will make it harder when trying to recreate a customer environment with legacy software."

snydeq writes: CSO Online's Sarah Wiedemar reports on a rising trend in the Russia cybersecurity community: bug bounty programs, which the researcher says could have far-reaching implications as the bounty ecosystem matures. From the report: "Given the current uncertainty that Russian bug bounty hunters and vulnerability researchers are facing when dealing with Western bug bounty programs, Russian IT companies have begun to fill that vacuum. [...] Russian bug bounty platforms have a high probability for substantial growth in the next few years. They provide a credible Western alternative not only to Russian hackers, but also for all other vulnerability researchers located in countries that could potentially face international financial sanctions in the future.

From a Western perspective, a potential problematic development could be that Russian hackers decide to sell vulnerabilities found in Western products to Russian zero-day acquisition companies such as Operation Zero. Thus, instead of reporting them to Western bug bounty platforms for free, they sell to the highest bidder. Those zero-day acquisition companies in turn sell them on to Russian law enforcement and security agencies, which could lead to increased espionage campaigns in Western countries. Western policy makers would do well to keep an eye on the evolution of Russia's bug bounty ecosystem." Although bug bounty programs have existed in Russia since 2012, they weren't widely adopted due to distrust from the government and dominance of Western platforms. Recently, new platforms like Bug Bounty RU, Standoff 365, and BI.ZONE have emerged, attracting thousands of bug hunters and major Russian companies. "In 2023, the total number of bug hunters on these platforms amounted to 20,000 people," notes Wiedemar. The Russian government has also begun participating, launching programs for 10 of its e-government systems.

However, legal ambiguities remain, as ethical hacking is still considered illegal in Russia, with potential prison sentences. Despite this, there are ongoing legislative efforts to legalize ethical hacking, alongside broader government initiatives to enhance cybersecurity, including increased fines for data breaches and the potential creation of a cybersecurity agency akin to the US CISA.

A quarter of young adults aged 18-34 never answer phone calls, according to a recent Uswitch survey. The study reveals a generational shift in communication preferences, with 70% of respondents in this age group favoring text messages over voice calls. Experts attribute this trend to the rise of mobile technology and social media. While avoiding calls, younger generations maintain constant contact through group chats and social media platforms. Voice notes have emerged as a compromise, with 37% of 18-34 year-olds preferring them to traditional calls. This communication shift extends to the workplace, causing challenges for some employers.

The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers. From a report: Volt Typhoon has breached four US firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen's unit Black Lotus Labs. Their assessment, much of which was published in a blog post on Tuesday, found with "moderate confidence" that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing.

Versa, which makes software that manages network configurations and has attracted investment from Blackrock and Sequoia Capital, announced the bug last week and offered a patch and other mitigations. The revelation will add to concerns over the susceptibility of US critical infrastructure to cyberattacks. The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country's water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan.

Microsoft has retracted or clarified its statement regarding the deprecation of Windows Control Panel, according to changes made to a support document. The original text, which stated that the Control Panel was "in the process of being deprecated in favor of the Settings app," has been revised. The new version now indicates that "many of the settings in Control Panel are in the process of being migrated to the Settings app." This modification came after widespread media coverage of the initial announcement. It remains unclear whether this change reflects a shift in Microsoft's plans or a correction of an erroneous statement.

SecurityWeek reports: A significant backdoor in millions of contactless cards made by China-based Shanghai Fudan Microelectronics Group allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.

French security services firm Quarkslab has made an eye-popping discovery... Although the backdoor requires just a few minutes of physical proximity to an affected card to conduct an attack, an attacker in a position to carry out a supply chain attack could execute such attacks instantaneously at scale, researcher Philippe Teuwen explained in a paper.
Thanks to Slashdot reader wiredmikey for sharing the article.

Microsoft will meet with CrowdStrike and other security companies" on September 10, reports CNBC, to "discuss ways to evolve" the industry after a faulty CrowdStrike software update in July caused millions of Windows computers to crash: [An anonymous Microsoft executive] said participants at the Windows Endpoint Security Ecosystem Summit will explore the possibility of having applications rely more on a part of Windows called user mode instead of the more privileged kernel mode... Attendees at Microsoft's September 10 event will also discuss the adoption of eBPF technology, which checks if programs will run without triggering system crashes, and memory-safe programming languages such as Rust, the executive said.
Wednesday Crowdstrike argued no cybersecurity vendor could "technically" guarantee their software wouldn't cause a similar incident.

On a possibly related note, long-time Slashdot reader 278MorkandMindy shares their own thoughts: The "year of the Linux desktop" is always just around the corner, somewhat like nuclear fusion. Will Windows 11, with its general advert and telemetry BS, along with the recall feature, FINALLY push "somewhat computer literate" types like myself onto Linux?

Reuters reports that the Iranian hacking team which compromised the campaign of U.S. presidential candidate Donald Trump "is known for placing surveillance software on the mobile phones of its victims, enabling them to record calls, steal texts and silently turn on cameras and microphones, according to researchers and experts who follow the group." Known as APT42 or CharmingKitten by the cybersecurity research community, the accused Iranian hackers are widely believed to be associated with an intelligence division inside Iran's military, known as the Intelligence Organization of the Islamic Revolutionary Guard Corps or IRGC-IO. Their appearance in the U.S. election is noteworthy, sources told Reuters, because of their invasive espionage approach against high-value targets in Washington and Israel. "What makes (APT42) incredibly dangerous is this idea that they are an organization that has a history of physically targeting people of interest," said John Hultquist, chief analyst with U.S. cybersecurity firm Mandiant, who referenced past research that found the group surveilling the cell phones of Iranian activists and protesters... Hultquist said the hackers commonly use mobile malware that allows them to "record phone calls, room audio recordings, pilfer SMS (text) inboxes, take images off of a machine," and gather geolocation data...

APT42 also commonly impersonates journalists and Washington think tanks in complex, email-based social engineering operations that aim to lure their targeting into opening booby-trapped messages, which let them takeover systems. The group's "credential phishing campaigns are highly targeted and well-researched; the group typically targets a small number of individuals," said Josh Miller, a threat analyst with email security company Proofpoint. They often target anti-Iran activists, reporters with access to sources inside Iran, Middle Eastern academics and foreign-policy advisers. This has included the hacking of western government officials and American defense contractors. For example, in 2018, the hackers targeted nuclear workers and U.S. Treasury department officials around the time the United States formally withdrew from the Joint Comprehensive Plan of Action (JCPOA), said Allison Wikoff, a senior cyber intelligence analyst with professional services company PricewaterhouseCoopers.
"APT42 is still actively targeting campaign officials and former Trump administration figures critical of Iran, according to a blog post by Google's cybersecurity research team."

An anonymous reader shares a report: Language models generate text based on statistical probabilities. This led to serious false accusations against a veteran court reporter by Microsoft's Copilot. German journalist Martin Bernklau typed his name and location into Microsoft's Copilot to see how his culture blog articles would be picked up by the chatbot, according to German public broadcaster SWR. The answers shocked Bernklau. Copilot falsely claimed Bernklau had been charged with and convicted of child abuse and exploiting dependents. It also claimed that he had been involved in a dramatic escape from a psychiatric hospital and had exploited grieving women as an unethical mortician.

Copilot even went so far as to claim that it was "unfortunate" that someone with such a criminal past had a family and, according to SWR, provided Bernklau's full address with phone number and route planner. I asked Copilot today who Martin Bernklau from Germany is, and the system answered, based on the SWR report, that "he was involved in a controversy where an AI chat system falsely labeled him as a convicted child molester, an escapee from a psychiatric facility, and a fraudster." Perplexity.ai drafts a similar response based on the SWR article, explicitly naming Microsoft Copilot as the AI system.

Microsoft is stepping up its plans to make Windows more resilient to buggy software [non-paywalled source] after a botched CrowdStrike update took down millions of PCs and servers in a global IT outage. Financial Times: The tech giant has in the past month intensified talks with partners about adapting the security procedures around its operating system to better withstand the kind of software error that crashed 8.5mn Windows devices on July 19. Critics say that any changes by Microsoft would amount to a concession of shortcomings in Windows' handling of third-party security software that could have been addressed sooner.

Yet they would also prove controversial among security vendors that would have to make radical changes to their products, and force many Microsoft customers to adapt their software. Last month's outages -- which are estimated to have caused billions of dollars in damages after grounding thousands of flights and disrupting hospital appointments worldwide -- heightened scrutiny from regulators and business leaders over the extent of access that third-party software vendors have to the core, or kernel, of Windows operating systems. Microsoft will host a summit next month for government representatives and cyber security companies, including CrowdStrike, to discuss "improving resiliency and protecting mutual customers' critical infrastructure," Microsoft said on Friday.

Microsoft plans to phase out Windows Control Panel, a feature dating back to the 1980s, in favor of the modern Settings app, according to a recent support page. The tech giant has been gradually shifting functions to Settings since 2015, aiming for a more streamlined user experience. However, no specific timeline for Control Panel's complete removal has been announced. Microsoft writes in the support page: The Control Panel is a feature that's been part of Windows for a long time. It provides a centralized location to view and manipulate system settings and controls. Through a series of applets, you can adjust various options ranging from system time and date to hardware settings, network configurations, and more. The Control Panel is in the process of being deprecated in favor of the Settings app, which offers a more modern and streamlined experience.

Google is making a new desktop app called Essentials that packages a few Google services, like Messages and Photos, and includes links to download many others. The app will be included with many new Windows laptops, with the first ones coming from HP. From a report: The Essentials app lets you "discover and install many of our best Google services," according to Google's announcement, and lets you browse Google Photos as well as send and receive Google Messages in the app. A full list of apps has not yet been announced, but Google's announcement art showcases icons including Google Sheets, Google Drive, Nearby Share, and Google One (a two-month free trial is offered through Essentials for new subscribers).

HP will start including Google Essentials across its computer brands, like Envy, Pavilion, Omen, and more. Google says you're "in control of your experience" and can uninstall any part of Essentials or the whole thing.

A newly discovered bug causes iPhones and iPads to briefly crash. All you need to trigger the bug are just four characters. From a report: On Wednesday, a security researcher found that typing "":: can cause the Apple mobile user interface, called Springboard, to crash. TechCrunch verified those characters do crash Springboard when typed into the Search bar in the Settings app, as well as if you swipe all the way to the right on your home screen and type them into the App Library search bar.

As others noted, all that's needed is actually "": and any other character. Triggering the bug briefly crashes Springboard, then reloads to your lock screen. In other tests, the bug flashed the screen black for a second. Researchers tell TechCrunch the bug does not appear to be a security issue. "It's not a security bug," said Ryan Stortz, an iOS security researcher who analyzed the bug. Patrick Wardle, who also researches iOS and founded security startup DoubleYou, agreed.

An anonymous reader quotes a report from Reuters: U.S. oilfield services firm Halliburton on Wednesday was hit by a cyberattack, according to a person familiar with the matter. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. The company was also working with "leading external experts" to fix the issue, a spokesperson said in an emailed statement.

The attack appeared to impact business operations at the company's north Houston campus, as well as some global connectivity networks, the person said, who declined to be identified because they were not authorized to speak on the record. The company has asked some staff not to connect to internal networks, the person said. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year.