Email or username:

Password:

Forgot your password?
ansuz / ऐरन's posts Post Back to profile
Top-level
ansuz / ऐरन

@kristoff that's significantly outside the scope of the chatcontrol legislation I was talking about, but I'll weigh in anyway.

In the US (and a few other places) there was a big deal made about tiktok as a source of foreign spying and manipulation. The US could, in theory, deal with surveillance with a federal privacy law, but that would also affect their domestic avenues for spying (alphabet, meta, etc.).

Australia's privacy commissioner found that tiktok was not in violation of any privacy laws[1], for instance, and that they might want to consider stronger privacy laws.

Instances of banning foreign actors tend to relate more to xenophobia than interest in domestic citizens' well-being.

[1]: oaic.gov.au/newsroom/statement

17 June at 21:28 | Open on social.cryptography.dog
3 comments
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz I have a different opinion on that. Why are a lot of randsom-gangs from Russia, a country where things only happen because the gouvernement allows it to happen.

How do you deal with mallware that use Telegram to connect to the command-and-control server as it is encrypted, it hides nicely in the noise of the legimate traffic and -as part of the telegram master-key is in Russia- ?

There is now a saying:
"telegram is the new dark web".

Why is that?
How do you deal with that?

@ansuz I have a different opinion on that. Why are a lot of randsom-gangs from Russia, a country where things only happen because the gouvernement allows it to happen.

How do you deal with mallware that use Telegram to connect to the command-and-control server as it is encrypted, it hides nicely in the noise of the legimate traffic and -as part of the telegram master-key is in Russia- ?

17 June at 21:38 | Open on m.krbonne.net
ansuz / ऐरन

@kristoff this is the last thing I'll say on the matter because it's way outside the scope of the post you replied to:

starting by funding better software that isn't vulnerable to these things.

implement protections for security researchers who report flaws in hardware and software so that critical infrastructure (hospitals, power grid, etc.) can fix those vulnerabilities.

Canada's governement freaked out and banned devices like the flipper zero because it could (allegedly) be used to interfere witth other devices. In cases where those allegations are actually true, the root problem is that those devices were designed to operate in an insecure way.

Security researchers and well informed legislators have been saying all of these things for years, but it resonates more with many voters (and lobbyists) to blame foreigners.

@kristoff this is the last thing I'll say on the matter because it's way outside the scope of the post you replied to:

starting by funding better software that isn't vulnerable to these things.

implement protections for security researchers who report flaws in hardware and software so that critical infrastructure (hospitals, power grid, etc.) can fix those vulnerabilities.

17 June at 21:43 | Open on social.cryptography.dog
Kristoff Bonne 🇪🇺 🇧🇪

@ansuz One thing for you to think about: if a Russian randsomware gang scoops up all the data of a sellers of schoolbooks (as happened here in Belgium) which includes names, addresses, phonenumbers, names of parents, .. count on the FSB to get a copy of that data. I'll leave it up to you to image what the concequence of that could be if you have a job in encryption

Cybersecurity is the responsability of everybody, not just the coders.

I completely agree with your remark on the Flipper zero. 🙄

17 June at 22:07 | Open on m.krbonne.net
Go Up