TWINN #113 The battle between encryption and backdoors
Article Contents
There’s a continuous battle over encryption and backdoors. The battle is between two ideals that are difficult to reconcile.
On the one hand, those motivated to protect individual freedom and liberties against the backdrop of past abuses by those with money and power will do everything possible to ensure end-to-end encryption cannot be intercepted. The main theme here is that the moment we have to censor our thoughts and writings by considering how Big Brother would misuse such information, we have 1984 in the making.
On the other hand, those in positions of government responsibilities and law enforcement need tools to prevent crimes of all sorts. True end-to-end encryption makes it too easy for savvy criminals to avoid prosecution. The high cost and difficulty of prosecuting criminals drive the need and desire to build back doors.
Today there is only one major messaging app that meets the high bar of privacy advocates: Signal. In this context, they’re ready to fight to the end.
The 5 Top Cyber Security Stories Of The Week – February 27, 2023
1. Signal would ‘walk’ from UK if Online Safety Bill undermined encryption.
This is fight isn’t new, but it is escalating and has a long way to go. For now, our privacy is safe when using Signal, even in the UK.
2. How I Broke Into a Bank Account With an AI-Generated Voice.
Scary. Major banks in Canada also use Voice prints. I expect this finding will relegate Voiceprint as *a* factor, but not the only factor. Make sure you opt out of your banking’s voice print options, especially if high quality recordings of your voice are publicly available like this video.
3. There’s a new class of bugs in Apple products.
“…vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS.” As confident as Apple users are in the security, this just highlights the continuous need for out-of-band protection. We call it Zero Trust connectivity.
4. Let’s build a Chrome extension that steals everything.
This is a warning that even with the new Manifest v3 published extensions can still represent a risk. Bottom line: run as few extensions as possible, only ones that a security specialist would consider (a) trustworthy and (b) necessary.
5. A world of hurt for Fortinet and ManageEngine after users fail to install patches.
Key takeaway: Update or replace vulnerable products.
Did you know?
If you or someone you love is into Classical Music, there’s an amazing app called Tempso that offers re-discoverability of classical music, no cost, no ads. It then connects with your Spotify account.
