Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.
posted by martyb on Monday September 09 2019, @12:38AM   Printer-friendly
from the own-your-mistakes dept.

Apple takes flak for disputing iOS security bombshell dropped by Google

Apple is taking flak for disputing some minor details of last week's bombshell report that, for at least two years, customers' iOS devices were vulnerable to a sting[sic] of zeroday exploits, at least some of which were actively exploited to install malware that stole location data, passwords, encryption keys, and a wealth of other highly sensitive data.

Google's Project Zero said the attacks were waged indiscriminately from a small collection of websites that "received thousands of visitors per week." One of the five exploit chains Project Zero researchers analyzed showed they "were likely written contemporaneously with their supported iOS versions." The researcher's conclusion: "This group had a capability against a fully patched iPhone for at least two years."

Earlier this week, researchers at security firm Volexity reported finding 11 websites serving the interests of Uyghur Muslims that the researchers believed were tied to the attacks Project Zero identified. Volexity's post was based in part on a report by TechCrunch citing unnamed people familiar with the attacks who said they were the work of [a] nation—likely China—designed to target the Uyghur community in the country's Xinjiang state.

[...]For a week, Apple said nothing about any of the reports. Then on Friday, it issued a statement that critics are characterizing as tone-deaf for its lack of sensitivity to human rights and an overfocus on minor points.

[...]

Nicholas Weaver, a researcher at UC Berkeley's International Computer Science Institute, summed up much of this criticism by tweeting: “The thing that bugs me most about Apple these days is that they are all-in on the Chinese market and, as such, refuse to say something like ‘A government intent on ethnic cleansing of a minority population conducted a mass hacking attack on our users.’"

[...]Apple had an opportunity to apologize to those who were hurt, thank the researchers who uncovered systemic flaws that caused the failure, and explain how it planned to do better in the future. It didn't do any of those things. Now, the company has distanced itself from the security community when it needs it most.

See also: The stakes are too high for Apple to spin the iPhone exploits
Apple says Uighurs targeted in iPhone attack but disputes Google findings

Related: China Forces its Muslim Minority to Install Spyware on Their Phones
China Installs Surveillance App on Smartphones of Visitors to Xinjiang Region


Original Submission

Related Stories

China Forces its Muslim Minority to Install Spyware on Their Phones 25 comments

http://mashable.com/2017/07/21/china-spyware-xinjiang/

China has ramped up surveillance measures in Xinjiang, home to much of its Muslim minority population, according to reports from Radio Free Asia.

Authorities sent out a notice over a week ago instructing citizens to install a "surveillance app" on their phones, and are conducting spot checks in the region to ensure that residents have it.

pic.twitter.com/NnNvc7foV4

— Delinda Tien (@TienDelinda) July 14, 2017

The notice, written in Uyghur and Chinese, was sent by WeChat to residents in Urumqi, Xinjiang's capital. 

Android users were instructed to scan the QR code in order to install the Jingwang app that would, as authorities claimed, "automatically detect terrorist and illegal religious videos, images, e-books and electronic documents" stored in the phone. If illegal content was detected, users would be ordered to delete them.

Users who deleted, or did not install the app, would be detained for up to 10 days, according to social media users.


Original Submission

China Installs Surveillance App on Smartphones of Visitors to Xinjiang Region 19 comments

China Snares Tourists' Phones in Surveillance Dragnet by Adding Secret App

China has turned its western region of Xinjiang into a police state with few modern parallels, employing a combination of high-tech surveillance and enormous manpower to monitor and subdue the area's predominantly Muslim ethnic minorities. Now, the digital dragnet is expanding beyond Xinjiang's residents, ensnaring tourists, traders and other visitors — and digging deep into their smartphones.

A team of journalists from The New York Times and other publications examined a policing app used in the region, getting a rare look inside the intrusive technologies that China is deploying in the name of quelling Islamic radicalism and strengthening Communist Party rule in its Far West. The use of the app has not been previously reported.

China's border authorities routinely install the app on smartphones belonging to travelers who enter Xinjiang by land from Central Asia, according to several people interviewed by the journalists who crossed the border recently and requested anonymity to avoid government retaliation. Chinese officials also installed the app on the phone of one of the journalists during a recent border crossing. Visitors were required to turn over their devices to be allowed into Xinjiang. The app gathers personal data from phones, including text messages and contacts. It also checks whether devices are carrying pictures, videos, documents and audio files that match any of more than 73,000 items included on a list stored within the app's code.

Notepad++ Inundated by Chinese Comments and Hit by DDoS Attack After "Free Uyghur Edition" 28 comments

Just take a look at the carnage on Notepad++'s GitHub: 'Free Uyghur' release sparks spam tsunami by pro-Chinese

On Tuesday, Don HO, the developer of Notepad++, a free GPL source code editor and notepad application for Microsoft Windows, released version 7.8.1, prompting a social media firestorm and a distributed denial of service attack. Notepad++ v7.8.1 was designated "the Free Uyghur edition," in reference to the predominantly Muslim ethnic group in western China that faces ongoing human rights violations and persecution at the hands of Beijing.

"The site notepad-plus-plus.org has suffered DDoS attack from 1230 to 1330 Paris time," HO said in an email to The Register. "I saw the [reduced] amount of visitors via Google analytics then the support of my host confirmed the attack. The DDoS attack has been stopped by an anti-DDoS service provided by our host [Cloudflare]."

[...] For expressing that sentiment, the project's website was DDoSed and its GitHub code repository has been flooded with angry comments in the Issues section – intended for people to report bugs or offer suggestions.

HO said Notepad++'s Tiananmen Square release didn't really attract much attention. The Charlie Hebdo release, however, got his site hacked. "The reaction of this time is more like 'Boycott Beijing 2008 OG' on the Notepad++ website, while Notepad++ was on SourceForge," he said, noting that SourceForge forum was similarly flooded by Chinese spammers in 2008.

Also at The Verge.

Related: China Forces its Muslim Minority to Install Spyware on Their Phones
Massive DNA Collection Campaign Continues in Xinjiang, China
China Installs Surveillance App on Smartphones of Visitors to Xinjiang Region
Apple Lashes Out After Google Reveals iPhone/iOS Vulnerabilities


Original Submission #1Original Submission #2

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Spam) by Anonymous Coward on Monday September 09 2019, @01:01AM (1 child)

    by Anonymous Coward on Monday September 09 2019, @01:01AM (#891475)
    • (Score: -1, Offtopic) by Anonymous Coward on Monday September 09 2019, @01:16AM

      by Anonymous Coward on Monday September 09 2019, @01:16AM (#891478)

      We love takyon and Spam.

  • (Score: 0) by Anonymous Coward on Monday September 09 2019, @02:58AM (2 children)

    by Anonymous Coward on Monday September 09 2019, @02:58AM (#891513)

    It's funny to see the tech giants fight each other. How many ordinary peasants' phones will be bricked as collateral damage?

    • (Score: 0) by Anonymous Coward on Monday September 09 2019, @03:02AM (1 child)

      by Anonymous Coward on Monday September 09 2019, @03:02AM (#891515)

      Considering the prices of iPhones, even with plan purchase discounting, I question how many "peasants" can afford one? Yeah, I know it is simile. So what?

      • (Score: -1, Troll) by Anonymous Coward on Monday September 09 2019, @03:27AM

        by Anonymous Coward on Monday September 09 2019, @03:27AM (#891521)

        You forget, peasants can afford anything with the right financing. Who cares if they spend the rest of their lives paying monthly installments. Everybody needs a phone, even the poorest peasants.

  • (Score: 2) by Barenflimski on Monday September 09 2019, @03:37AM (5 children)

    by Barenflimski (6836) on Monday September 09 2019, @03:37AM (#891525)

    First, the giants lob bombs at each other because they feel right and sure. These guys start the conversation.

    Next, everyone copies them. You found bugs in our stuff? You're so wrong, this is clearly political. "You're crazy and about to go out of business!", they say.

    Three articles later the entire security community has taken sides. 49% of them think the other 49% of them are nuts.

    Bravo Google and Apple. Bravo.

    • (Score: 3, Funny) by MostCynical on Monday September 09 2019, @04:29AM (4 children)

      by MostCynical (2589) on Monday September 09 2019, @04:29AM (#891544) Journal

      Google PR: "Apple are helping ethnic cleansing"

      Google management: "is there money to be made? why aren't we doing that?

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
      • (Score: 2) by RamiK on Monday September 09 2019, @09:07AM (3 children)

        by RamiK (1813) on Monday September 09 2019, @09:07AM (#891597)

        Which is why we should be demanding FOSS: Corporations will always sell out to governments so demanding everything to be open source and with reproducible builds is the only way to prevent them from thinking they can easily get away with it.

        --
        compiling...
        • (Score: 0) by Anonymous Coward on Monday September 09 2019, @12:27PM (2 children)

          by Anonymous Coward on Monday September 09 2019, @12:27PM (#891640)

          open source and with reproducible builds

          Here in the real world, even with complete source code available, Bob's build is reproducible only on Bob's rig, and Fred's build is only reproducible on Fred's rig.

          You don't do any software development at all, do you?

          • (Score: 3, Informative) by RamiK on Monday September 09 2019, @02:18PM

            by RamiK (1813) on Monday September 09 2019, @02:18PM (#891688)

            Here in the real world, even with complete source code available, Bob's build is reproducible only on Bob's rig, and Fred's build is only reproducible on Fred's rig.

            You don't do any software development at all, do you?

            While I agree the world gone rather surreal this last decade or so, be sure to let Bob and Fred know they can use Nix to get 100% reproducibility for their projects unless they intentionally embed compile dates or whatever in their make files. It's how NixOS gets 98% of its base packages reproducible: https://r13y.com/ [r13y.com]

            --
            compiling...
          • (Score: 2) by Freeman on Monday September 09 2019, @02:49PM

            by Freeman (732) on Monday September 09 2019, @02:49PM (#891694) Journal

            Perhaps, but I'm not Bob or Fred, thankfully. I'm by no means a great coder, but my build is reproducible on multiple computers.

            --
            Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 0) by Anonymous Coward on Monday September 09 2019, @10:33PM

    by Anonymous Coward on Monday September 09 2019, @10:33PM (#891916)

    It comes from the top. Muslims believe homosexuals should be stoned to death, and Tim Cook doesn't want to be stoned to death so if he can kill all the Muslims first he'll be OK.

(1)