This guide dives pretty deep, but is very readable. Chock full of links and suggestions, all designed to help safeguard your privacy.
Security
LAPD hacked into iPhone 5s
LA Times:
Los Angeles police investigators obtained a method to open the locked iPhone belonging to the slain wife of “The Shield” actor Michael Jace, according to court papers reviewed by The Times.
Brazil’s WhatsApp ban has zero effect, just pushed users to other encryption solutions
Banning or weakening encryption just does not work. All it does is push people to other comm channels.
Legally forcing someone to use their finger to unlock their phone
The LA Times:
Authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple’s fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it.
The increasing hackability of your car
Jean-Louis Gassée, writing for Monday Note, on the hackability of your car and the increasing vulnerability that comes with some recent rule changes.
Coalition with Apple, Google, Facebook, Microsoft, others post letter to authors of encryption bill
The coalition is called Reform Government Surveillance (RGS). The letter, posted yesterday on the RGS Tumblr page, addresses the potential harm from the Burr Feinstein encryption bill.
Apple’s security blind spots
Glenn Fleishman digs into the differing privacy models maintained by Google, Microsoft, Facebook, and Apple. Most important to me is the iCloud blind spot.
On Apple’s balance between usability and security
Terrific post from Ben Bajarin, an insider’s look at security and the balance it finds with usability.
California phone decryption bill defeated
One bill dies in committee, but there are others out there, including Burr-Feinstein, and, on the flip side, a preemptive bill from Ted Lieu.
A home VPN router setup that lets you safely browse in public
I’m no expert, but this seems like a pretty good solution. Rather than pay a monthly fee for a VPN service, buy a router that includes the software, leave it at home and VPN in from your local coffee house.
FBI Director Comey’s speech, Apple, and inevitability
FBI Director James Comey gave a speech at Kenyon University’s Center for the Study of American Democracy last night. His speech focused on encryption, the divide on privacy priorities, and the issues relating to the recent court case involving Apple and the San Bernardino iPhone 5C running iOS 9.
He made a terrific speech, laying out both sides of the argument. But he made a central point that I believe is flawed. Jump to the main post to watch the speech, read my take, and hear a Q&A exchange with an audience member that addresses what phone models can be broken by the FBI’s recent efforts.
Apple fixes Siri bug allowing access to Photos and Contacts on locked device
If you weren’t paying attention, you may have missed this bug’s arrival and departure entirely. Interesting that Apple was able to fix this server-side. That is, Apple fixed Siri on their end, without you having to install an update.
Apple’s next encryption battle likely playing out in secret in a Boston court
Keep your eye on this one. Similar to the San Bernardino case that first pitted the FBI against Apple, but this one seems to involve an iPhone 6, which should prove harder for an outside party to crack.
OK Google reads all your emails
A Reddit user does some searches using OK Google, then gets an expression of sympathy about a very personal and private matter that was pulled from an old email.
A tiny clue, and will Apple be forced to go to the black market to find out how the FBI got in?
The LA Times quotes an unauthorized source on how the FBI got in to the San Bernardino phone. And more thoughts on the case.
The FBI has a choice to make
Which side is the FBI on? Will they choose to tell Apple how they got in to the San Bernardino phones? Or will they side with a cracking technique that we know is in the wild?
Official: Justice Department to withdraw legal action against Apple
Kevin Johnson, USA Today:
The Justice Department is expected to withdraw from its legal action against Apple Inc., as soon as today, as an outside method to bypass the locking function of a San Bernardino terrorist’s phone has proved successful, a federal law enforcement official said Monday.
Apple lacks a bug bounty program
Quentin Hardy, writing for The New York Times:
Timothy D. Cook has found himself in a strange position. It looks like someone knows about an important flaw in Apple’s flagship product, and won’t tell its chief executive what it is.
That could be because Apple doesn’t pay outside hackers who find exploitable flaws in Apple software. Paying so-called “bug hunters” has become the norm at many tech companies, and the United States government does it too.
Would Apple paying for bug reports have made any difference in their battle with the FBI?
Apple vs the FBI: Follow the money
Charlie Stross homes in on the core problem with an FBI backdoor into iOS . It involves the world’s payment/credit card infrastructure. Fascinating take.
Apple’s CareKit is the best argument yet for strong encryption
Brian Barrett, writing for Wired, on why Apple’s newly rolled out CareKit, as well as HealthKit before it, relies so heavily on encryption.
FBI vs Apple: What does this delay mean?
Alina Selyukh, writing for NPR, lays out a series of questions about the latest development in Apple vs FBI.
On the FBI’s “alternative” method
Speculation from iOS security expert Jonathan Zdziarski on the nature of the third party the FBI is calling on to crack the San Bernardino iPhone.
Johns Hopkins researchers poke a hole in Apple’s encryption
Matthew D. Green, a computer science professor at Johns Hopkins University who led the research team:
“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
The rules for Tuesday’s Apple, FBI court hearing are posted
To address the limited space available in the Riverside federal courthouse, as well as other logistical issues, the court has posted a set of what they call Order Setting Procedures.
The main rules are listed in the post, including the one about recording devices.
If Apple encryption engineers walk, that’s a lose-lose for Apple and the FBI
If the FBI wins their case, a core group of Apple security engineers have indicated that they’ll refuse the demand or quit. A lose-lose proposition for Apple and the FBI.
First iOS trojan exploiting Apple DRM design flaws to infect any iOS device
Looks like this attack is currently restricted to users in mainland China.
iCloud vs iPhone, privacy vs convenience
Security vs convenience. Why is that middle ground an issue when it comes to iCloud but not to iPhone?
I stayed in a hotel with Android lightswitches and it was just as bad as you’d imagine
Matthew Garrett discovers a hotel has replaced its light switches with Android tablets. And so he starts hacking.
Basic self-defence: How to block the NEXT ransomware outbreak
Terrific post, definitely worth reading.
First fully functional Mac ransomeware in the wild, limited impact
The malware impacts version 2.90 of the Bit Torrent app Transmission. Worth reading the post, just to learn how this happened.