martes, 11 de octubre de 2016

What Yahoo's NSA Surveillance Means for Email Privacy - ProtonMail Blog

Two weeks ago, we published a security advisory regarding the mass hacking of Yahoo. Unfortunately, due to recent events, we are issuing a second advisory regarding all US email providers.

What happened?

This week, it was revealed that as a result of a secret US government directive, Yahoo was forced to implement special surveillance software to scan all Yahoo Mail accounts at the request of the NSA and FBI.
Sometime in early 2015, Yahoo secretly modified their spam and malware
filters to scan all incoming email messages for the phrases in the court
order and then siphoned those messages off to US intelligence. This is
significant for several reasons:

  • This is the first known incident
    where a US intelligence directive has indiscriminately targeted all
    accounts as opposed to just the accounts of suspects. Effectively, all
    500 million+ Yahoo Mail users were presumed to be guilty.
  • Instead of searching stored messages, this directive forced Yahoo to scan incoming messages in real-time.
  • Because ALL incoming email messages
    were targeted, this program spied on every person who emailed a Yahoo
    Mail account, violating the privacy of users around the world who may
    not even have been using a US email service.

What does this mean for US tech companies?

This is a terrible precedent and ushers in a new era of global mass surveillance. It
means that US tech companies that serve billions of users around the
world can now be forced to act as extensions of the US surveillance
apparatus.
The problem extends well beyond Yahoo. As was
reported earlier, Yahoo did not fight the secret directive because Yahoo
CEO Marissa Mayer and the Yahoo legal team did not believe that they
could successfully resist the directive.


What Yahoo's NSA Surveillance Means for Email Privacy - ProtonMail Blog

lunes, 10 de octubre de 2016

El CCN-CERT publica Informe sobre los riesgos en el uso de WhatsApp

El CCN-CERT ha publicado un informe sobre los riesgos en el uso de WhatsApp en el que da a conocer los problemas de seguridad más conocidos y habituales del conocido programa de mensajería.
También ofrece recomendaciones de seguridad para ayudar a prevenir cualquier posible incidente.
El documento, de 21 páginas, incide en los siguientes problemas de seguridad del servicio:
  • Secuestro de cuentas aprovechando fallos de la red
  • Borrado inseguro de conversaciones
  • Difusión de información sensible durante la conexión inicial
  • Robo de cuentas mediante SMS y acceso físico
  • Robo de cuentas mediante llamada y acceso físico
  • Peligros de la descarga de WhatsApp de markets no oficiales
  • Ataques de phishing utilizando WhatsApp web
  • Almacenamiento de la información en la base de datos
  • Intercambio de datos personales entre WhatsApp y Facebook
  • Otros fallos de seguridad anteriores 
Por último se incluye un apartado con unas breves recomendaciones adicionales útiles para cualquier usuario de teléfonos móviles.

Hispasec @unaaldia: El CCN-CERT publica Informe sobre los riesgos en el uso de WhatsApp