Even Google cannot deny the British surveillance order
A British secret order requires Apple to build a backdoor into strong encryption of backups and other data.
There are now indications that Apple is not alone and that Google has also been served with a similar secret order.
Even Google cannot deny the British surveillance order
British surveillance authorities demand worldwide access to Apple backups. Apple is not allowed to confirm this and is apparently not an isolated case.
Auch Google kann britischen Überwachungsbefehl nicht verleugnen
Britische Überwacher verlangen weltweiten Zugriff auf Apple-Backups. Apple darf das nicht bestätigen und ist damit offenbar kein Einzelfall.
Lire le même jour
Un mail d'avertissement par la DGSI du risque d'espionnage économique.
Un article qui dit que la patronne de la DGSI qui dit qu'ils ont besoin de backdoor pour travailler. (Et donc elle justifie les backdoor de la loi #narcotrafic )
Si une telle #backdoor est imposée, ça va forcément aider l'espionnage économique. 
Si la vie privée est un délit, seuls les délinquants y ont droit.
UK’s secret iCloud backdoor order triggers civil rights challenge.
The UK government’s secret order to Apple demanding it backdoor the end-to-end encrypted version of its iCloud storage service is challenged by two civil rights groups, Liberty and Privacy International.
They called the order “unacceptable and disproportionate” and warned of “global consequences” as it's thought to extend to non-UK users too.
Le Royaume-Uni et le chiffrement de bout-en-bout, la suite :
https://www.computerworld.com/article/3845907/the-most-important-decision-in-tech-is-being-made-today-but-you-wont-be-told-about-it.html
#encryption #backdoor #technosurveillance
#chiffrement #backdoor
Bien !
Depuis le temps qu'ils essayent et réessayent de casser les sécurités ces imbéciles, il y en a qui ont pris des mesures pour sécuriser le chiffrement.
https://www.numerama.com/politique/1925057-chiffrement-le-gouvernement-subit-un-revers-cinglant-sur-les-backdoors.html
woah, exactly as theorised by literally everyone that isn't fucking racist: #ESP32 "#backdoor" was just sensationalised by a security firm in order to get clicks for their own blog post which is basically just advertising their services
big conflict of interest. who knew that the biggest security violation will always be capitalist motives 
Ser ud til at det franske 
parlament fjernede den del af deres #cryptowar forslag der handlede om bagdør
- venter på detaljer
BREAKING The French National Assembly removed the backdoor section from the amendment to the #Narcotrafic law.
Read here how Politicians tried to undermine everybody's #security: https://tuta.com/blog/france-surveillance-nacrotrafic-law
And thank you for fighting against this with us. This is a great win for privacy, yet, the battle is not over. Together we are strong! 
Undocumented commands found in #Bluetooth chip used by a billion devices
Malicious Packages Identified in the Wild: Insights and Trends from November 2024 Onward
FortiGuard Labs has analyzed malicious software packages detected from November 2024 to March 2025, revealing various attack techniques used to exploit system vulnerabilities. Key findings include 1,082 packages with low file counts, 1,052 packages with suspicious install scripts, and 1,043 packages lacking repository URLs. Attackers employ methods such as obfuscation, command overwrite, and typosquatting to bypass security measures. The analysis highlights the use of suspicious APIs, URLs, and installation scripts to exfiltrate data, establish backdoors, and perform remote control activities. Specific cases involve malicious Python and Node.js packages targeting developers and harvesting sensitive information. The report emphasizes the importance of robust detection strategies and proactive defense measures to mitigate these evolving cybersecurity threats.
Pulse ID: 67cf4b932b27ceeadb710aab
Pulse Link: https://otx.alienvault.com/pulse/67cf4b932b27ceeadb710aab
Pulse Author: AlienVault
Created: 2025-03-10 20:29:07
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Une porte dérobée dans une puce #Bluetooth très populaire ? Durant le week-end, la communauté de la sécurité informatique découvrait avec stupeur une information étonnante : la puce ESP32, que l’on trouve dans plus d’un milliard d’appareils dans le monde, contenait une porte dérobée.
https://next.ink/174624/une-porte-derobee-dans-une-puce-bluetooth-tres-populaire-pas-si-vite/
#sécurité #backdoor
Journalists once again parroting whatever law enforcement/governments say they're doing, aiding and abetting them in pretending that "criminals" and "bad guys" and "hostile nation-states" are the primary/only threat when really governments mostly just want themselves (and the corporations they approve of) to have a monopoly on terrorizing their own populations. There is a straight line between this kind of journalism and the general population's deep confusion about who is out to harm them. Credit to the journo for at least including some critical perspectives, but even those don't mention that police themselves *are* the threat.
"France is proposing a law to require encrypted messaging applications, including Signal and WhatsApp, and encrypted email services such as Proton Mail to provide law enforcement with decrypted data on request.
The law, which aims to provide French law enforcement with stronger powers to combat drug trafficking, has raised concerns among tech companies and civil society groups that it will lead to the creation of “backdoors” in encrypted services that will be exploited by cyber criminals and hostile nation-states."
The law also permits the use of spyware such as NSO Group’s Pegasus or Paragon to allow police to remotely activate microphones and cameras of mobile phones and computers, according to an analysis by the civil society group, La Quadrature Du Net.
It also extends the scope of algorithms, known as “black boxes”, which collect data on communications over the internet with the intention of identifying people suspected of criminal activity to authorise the collection of data for “combatting crime and organised crime”."
SideWinder targets the maritime and nuclear sectors with an updated toolset
The SideWinder APT group intensified its activities in the second half of 2024, targeting maritime infrastructures, logistics companies, and nuclear sectors across Asia, the Middle East, and Africa. The group updated its toolset, including improvements to its RTF exploit, JavaScript loader, and Backdoor Loader. SideWinder's infection chain begins with spear-phishing emails containing malicious DOCX files, exploiting CVE-2017-11882 to deliver a multi-stage payload. The group demonstrated agility in evading detection, often updating their tools within hours of being identified. Notable targets included government entities, military installations, and diplomatic missions, with an increased focus on maritime and nuclear-related organizations.
Pulse ID: 67cebdf90f3d662d90cb0701
Pulse Link: https://otx.alienvault.com/pulse/67cebdf90f3d662d90cb0701
Pulse Author: AlienVault
Created: 2025-03-10 10:24:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Jedes Produkt ist nur so sicher wie seine Einzelteile: Am Wochenende wurde eine #Backdoor in einem #IoT-#Mikrocontroller entdeckt, der in geschätzt mehr als einer Milliarde IoT Devices verbaut ist. Und weil der Chip nur 2 EUR im Einkauf kostet, wird er auch in so vielen Endgeräten verbaut. Mit der Backdoor ist es u.a. möglich, sensible Daten abzugreifen, Geräte fernzusteuern oder #Schadsoftware zu verbreiten - Security by Design schaut anders aus:
Apple ne veut pas de backdoor et attaque le Royaume-Uni | Korben | https://exoseed.be/yourls/3k
Yikes, from an article that contains a lot more detail, but just to get your attention as to the impact part:
«The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
…
"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."
The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk is significant.»
People worried about this topic might also "enjoy" the recent Netflix series Zero Day.
And not to get too far afield, but hopefully it also didn't escape notice that there have been broad firings of qualified people in the US government for reasons related not to their technical skill or ability to protect our nation from issues like this, but because of irrelevant details of their private lives or personal leanings on issues of having fair and competent government, helping the needy, defending individual human freedom and dignity, or avoiding mass death in myriad ever-more-likely ways.
Undocumented commands found in Bluetooth chip used by a billion devices
#Cybersecurity #backdoor
https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
/
) 
