This is the same feature that added here several months ago, where file hashes are scraped and compared to a database of known child exploitation images.

The thing that has people concerned with Apple is that now it won't just be images in your iCloud, but also those stored locally on users' own devices.
#cososec

Apple will scan photos stored on iPhones and iCloud for child abuse imagery - The Verge
https://www.theverge.com/2021/8/5/22611305/apple-scan-photos-iphones-icloud-child-abuse-imagery-neuralmatch

New WireGuardNT shatters throughput ceilings on Windows | Ars Technica
https://arstechnica.com/gadgets/2021/08/wireguard-goes-fully-windows-native-with-experimental-wireguardnt-driver/

#cososec

Trusted platform module security defeated in 30 minutes, no soldering required | Ars Technica
https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/

#cososec

The Cryptocurrency Surveillance Provision Buried in the Infrastructure Bill is a Disaster for Digital Privacy | Electronic Frontier Foundation
https://www.eff.org/deeplinks/2021/08/cryptocurrency-surveillance-provision-buried-infrastructure-bill-disaster-digital

#cososec

Here is an example of why you should never install any of those off-brand "security" or "protection" apps.

New Android Malware Uses VNC to Spy and Steal Passwords from Victims
https://thehackernews.com/2021/07/new-android-malware-uses-vnc-to-spy-and.html

#cososec

I know some of you have issues with the author, but he makes some very good points.

The Insecurity Industry - by Edward Snowden - Continuing Ed — with Edward Snowden
https://edwardsnowden.substack.com/p/ns-oh-god-how-is-this-legal

#cososec

RANSOMWARE RESPONSE CHECKLIST
The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends responding to ransomware by using the following checklist provided in a Joint CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) Ransomware Guide. This information will take you through the response process from detection to containment and eradication. Be sure to move through the first three steps in sequence.

https://www.cisa.gov/stopransomware/ive-been-hit-ransomware?s=09

nosanitize

#cososec

It gets worse. The website related to the app you need to run the test gizmo has a malware redirect. #cososec

https://twitter.com/netspooky/status/1417985152228200454

Using Shodan: The World's Most Dangerous Search Engine

https://www.hackers-arise.com/amp/2016/06/22/using-shodan-the-worlds-most-dangerous-search-engine

#cososec

Here we go again. #cososec

SonicWall warns of 'imminent' SMA 100/SRA ransomware attacks
https://searchsecurity.techtarget.com/news/252504055/SonicWall-warns-of-imminent-SMA-100-SRA-ransomware-attacks

If you own a smartphone, you need to read this. #cososec

Inside the Industry That Unmasks People at Scale
https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii

#cososec hubris?

Oh, but no one needs strong encryption, right? #cososec

///

It’s official. Your private communications can (and will) be spied on - European Digital Rights (EDRi)
https://edri.org/our-work/its-official-your-private-communications-can-and-will-be-spied-on/

Well, it looks like I need to ressurect the #infosecfail tag.

For the past week, I've had bunches of ads leaking through, even though my pi-hole is working fine.

Turns out I had been tinkering in DD-WRT a while back, and I had accidentally changed a setting that allowed DNS requests to bypass the pi-hole. Not only that, I was allowing Firefox to send DoH requests, creating yet another bypass.

I throw myself at the mercy of the court.
#cososec

This is my first experience at a hotel using a mobile phone app as a keycard. It seems to transmit using BLE (Bluetooth Low-Energy).

Great for convenience, but I'm not sure how trustworthy it is, even though the permissions aren't egregious. I'll be disabling or uninstalling it until the next time I stay at one of these properties just to be safe.

#cososec

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability | Ars Technica
https://arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/

#cososec

We Got the Phone the FBI Secretly Sold to Criminals

'Anom’ phones used in an FBI honeypot are mysteriously showing up on the secondary market. We bought one.

https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor

#cososec

I just received a text 2FA verification code from TikTok on my real phone number, and then a few minutes later on my Google Voice number.

I have never used TikTok.

Seems a bit odd that someone would "accidentally" use both my real number and then my Google Voice number for their account 2FA, huh? 🤔

#cososec

Here's another one.

A speciifc network name can completely disable Wi-Fi on your iPhone
https://9to5mac.com/2021/07/04/wifi-iphone-disable-bug/

#cososec

Are you F-ing KIDDING ME with this???

Understanding Blockchain Security | RSA Conference
https://www.rsaconference.com/library/blog/understanding-blockchain-security

#cososec