An anonymous reader quotes a report from the New York Times: Morgan Stanley Smith Barney has agreed to pay a $35 million fine to settle claims that it failed to protect the personal information of about 15 million customers, the Securities and Exchange Commission said on Tuesday. In a statement announcing the settlement, the S.E.C. described what it called Morgan Stanley's "extensive failures," over a five-year period beginning in 2015, to safeguard customer information, in part by not properly disposing of hard drives and servers that ended up for sale on an internet auction site.

On several occasions, the commission said, Morgan Stanley hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the personal information of millions of its customers. The moving company then sold thousands of the devices to a third party, and the devices were then resold on an unnamed internet auction site, the commission said. An information technology consultant in Oklahoma who bought some of the hard drives on the internet chastised Morgan Stanley after he found that he could still access the firm's data on those devices.

Morgan Stanley is "a major financial institution and should be following some very stringent guidelines on how to deal with retiring hardware," the consultant wrote in an email to Morgan Stanley in October 2017, according to the S.E.C. The firm should, at a minimum, get "some kind of verification of data destruction from the vendors you sell equipment to," the consultant wrote, according to the S.E.C. Morgan Stanley eventually bought the hard drives back from the consultant. Morgan Stanley also recovered some of the other devices that it had improperly discarded, but has not recovered the "vast majority" of them, the commission said. The settlement also notes that Morgan Stanley "had not properly disposed of consumer report information when it decommissioned servers from local offices and branches as part of a 'hardware refresh program' in 2019," reports the Times. "Morgan Stanley later learned that the devices had been equipped with encryption capability, but that it had failed to activate the encryption software for years, the commission said."

The short answers are "yes" and "no." America's Constitution prohibits government intervention into public expression, reports the business-news radio show Marketplace, "protecting free speech and expression "through, for example.... writing, protesting and coding languages like JavaScript, HTML, Python and Perl."

Specifically protecting code started with the 1995 case of cryptographer Daniel Bernstein, who challenged America's "export controls" on encryption (which regulated it like a weapon). But they also spoke to technology lawyer Kendra Albert, a clinical instructor at Harvard Law School's Cyberlaw Clinic, about the specific parameters of how America protects code as a form of expression: Albert: I think that the reality was that the position that code was a form of expression is in fact supported by a long history of First Amendment law. And that it, you know, is very consistent with how we see the First Amendment interpreted across a variety of contexts.... [O]ne of the questions courts ask is whether a regulation or legislation or a government action is specifically targeting speech, or whether the restrictions on speech are incidental, but not the overall intention. And that's actually one of the places you see kind of a lot of these difficulties around code as speech. The nature of many kinds of regulation may mean that they restrict code because of the things that particular forms of software code do in the world. But they weren't specifically meant to restrict the expressive conduct. And courts end up then having to sort of go through a test that was originally developed in the context of someone burning a draft card to figure out — OK, is this regulation, is the burden that it has on this form of expressive speech so significant that we can't regulate in this way? Or is this just not the focus, and the fact that there are some restrictions on speech as a result of the government attempting to regulate something else should not be the focus of the analysis?

Q: Congress and federal agencies as well as some states are looking to tighten regulations around cryptocurrencies and blockchain technology. What role do you think the idea of code as speech will play in this environment moving forward?

Albert: The reality is that the First Amendment is not a total bar to regulation of speech. It requires the government meet a higher standard for regulating certain kinds of speech. That runs, to some extent, in conflict with how people imagine what "code is speech" does as sort of a total restriction on the regulation of software, of code, because it has expressive content. It just means that we treat code similarly to how we treat other forms of expression, and that the government can regulate them under certain circumstances.

The makers of the secure telnet client PuTTY also sell a service monitoring company security services — and this July Mandiant Managed Defense "identified a novel spear phish methodology," according to a post on the company's blog: [The threat cluster] established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility.... This activity was identified by our Mandiant Intelligence: Staging Directories mission, which searches for anomalous files written to directories commonly used by threat actors....

The amazon_assessment.iso archive held two files: an executable and a text file. The text file named Readme.txt had connection details for use with the second file: PuTTY.exe.... [T]he PuTTY.exe binary in the malicious archive does not have a digital signature. The size of the PuTTY binary downloaded by the victim is also substantially larger than the legitimate version. Upon closer inspection, it has a large, high entropy .data section in comparison to the officially distributed version. Sections like these are typically indicative of packed or encrypted data. The suspicious nature of the PuTTY.exe embedded in the ISO file prompted Managed Defense to perform a deeper investigation on the host and the file itself.

The execution of the malicious PuTTY binary resulted in the deployment of a backdoor to the host.
"The executable embedded in each ISO file is a fully functional PuTTY application compiled using publicly available PuTTY version 0.77 source code," the blog post points out.

Ars Technica notes that Mandiant's researchers believe it's being pushed by groups with ties to North Korea: The executable file installed the latest version of Airdry, a backdoor the US government has attributed to the North Korean government. The US Cybersecurity and Infrastructure Security Agency has a description here. Japan's community emergency response team has this description of the backdoor, which is also tracked as BLINDINGCAN.

Three Iranian nationals charged with hacking into US-based computer networks sent ransom demands to the printers of at least some of their victims, according to an indictment unsealed today. The ransom demands allegedly sought payments in exchange for BitLocker decryption keys that the victims could use to regain access to their data. The three defendants remain at large and outside the US, the DOJ said. From a report: "The defendants' hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims' computer systems," the US Department of Justice said in a press release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein, "and others also conducted encryption attacks against victims' computer systems, denying victims access to their systems and data unless a ransom payment was made." The indictment in US District Court for the District of New Jersey describes a few incidents in which ransom demands were sent to printers on hacked networks. In one case, a printed message sent to an accounting firm allegedly said, "We will sell your data if you decide not to pay or try to recover them." In another incident, the indictment said a Pennsylvania-based domestic violence shelter hacked in December 2021 received a message on its printers that said, "Hi. Do not take any action for recovery. Your files may be corrupted and not recoverable. Just contact us."

Seven years ago, Slashdot reader #66,542 announced "Panopticlick 2.0," a site showing how your web browser handles trackers.

But it was just one of the many privacy-protecting projects Peter Eckersley worked on, as a staff technologist at the EFF for more than a decade. Eckersley also co-created Let's Encrypt, which today is used by hundreds of millions of people.

Friday the EFF's director of cybersecurity announced the sudden death of Eckersley at age 43. "If you have ever used Let's Encrypt or Certbot or you enjoy the fact that transport layer encryption on the web is so ubiquitous it's nearly invisible, you have him to thank for it," the announcement says. "Raise a glass."

Peter Eckersley's web site is still online, touting "impactful privacy and cybersecurity projects" that he co-created, including not just Let's Encrypt, Certbot, and Panopticlick, but also Privacy Badger and HTTPS Everywhere. And in addition, "During the COVID-19 pandemic he convened the the stop-covid.tech group, advising many groups working on privacy-preserving digital contact tracing and exposure notification, assisting with several strategy plans for COVID mitigation." You can also still find Peter Eckersley's GitHub repositories online.

But Peter "had apparently revealed recently that he had been diagnosed with cancer," according to a tribute posted online by security company Sophos, noting his impact is all around us: If you click on the padlock in your browser [2022-09-0T22:37:00Z], you'll see that this site, like our sister blog site Sophos News, uses a web certificate that's vouched for by Let's Encrypt, now a well-established Certificate Authority (CA). Let's Encrypt, as a CA, signs TLS cryptographic certificates for free on behalf of bloggers, website owners, mail providers, cloud servers, messaging services...anyone, in fact, who needs or wants a vouched-for encryption certificate, subject to some easy-to-follow terms and conditions....

Let's Encrypt wasn't the first effort to try to build a free-as-in-freedom and free-as-in-beer infrastructure for online encryption certificates, but the Let's Encrypt team was the first to build a free certificate signing system that was simple, scalable and solid. As a result, the Let's Encrypt project was soon able to to gain the trust of the browser making community, to the point of quickly getting accepted as a approved certificate signer (a trusted-by-default root CA, in the jargon) by most mainstream browsers....

In recent years, Peter founded the AI Objectives Institute, with the aim of ensuring that we pick the right social and economic problems to solve with AI:

"We often pay more attention to how those goals are to be achieved than to what those goals should be in the first place. At the AI Objectives Institute, our goal is better goals."

So Australia's foreign intelligence cybersecurity agency marked its 75th anniversary by collaborating with the Australian mint to release a special commemorative coin with a four-layer secret code. The agency's director even said that if someone cracked all four layers of the code, "maybe they'll apply for a job."

A 14-year-old boy cracked their code "in just over an hour." Australia's national broadcaster reports: The ASD said the coin's four different layers of encryption were each progressively harder to solve, and clues could be found on both sides — but ASD director-general Rachel Noble said in a speech at the Lowy Institute on Friday that the 14-year-old managed it in just over an hour.... "Just unbelievable. Can you imagine being his mum?

"So we're hoping to meet him soon ... to recruit him...."

She also revealed on Friday that there was a fifth level of encryption on the coin which no one had broken yet.

New submitter IsThisNickNameUsed writes: The Australian Mint has released a coin in partnership with the Australian Signals Directorate (ASD) that has incorporated a code-breaking challenge in the design. The coin is to mark the 75th anniversary of the spy agency and incorporates a code with four layers of encryption -- each layer progressively harder to solve. "We thought this was a really fun way to engage people in code-breaking with the hope that, if they make it through all four levels of coding on the coin, maybe they'll apply for a job at the Australian Signals Directorate," said ASD director-general Rachel Noble.

Fitting the codes on the faces of the coin was a complex process, she said. "Ensuring people could see the code to decrypt it was one of the challenges our people were able to solve with ASD, to create a unique and special product."

Ms Noble said that while there were no classified messages on the coin, those who crack the codes could discover "some wonderful, uplifting messages." "Like the early code breakers in ASD, you can get through some of the layers with but a pencil and paper but, right towards the end, you may need a computer to solve the last level," she said.

UPDATE: A 14-year-old boy cracked the code "in just over an hour."

"Major VPN services have shut down service in India, as there is no way to comply with a new law without breaching their own privacy protection standards," reports 9to5Mac. "The law also applies to iCloud Private Relay, but Apple has not yet commented on its own plans." The Wall Street Journal reports: Major global providers of virtual private networks, which let internet users shield their identities online, are shutting down their servers in India to protest new government rules they say threaten their customers' privacy [...] Such rules are "typically introduced by authoritarian governments in order to gain more control over their citizens," said a spokeswoman for Nord Security, provider of NordVPN, which has stopped operating its servers in India. "If democracies follow the same path, it has the potential to affect people's privacy as well as their freedom of speech," she said [...]

Other VPN services that have stopped operating servers in India in recent months are some of the world's best known. They include U.S.-based Private Internet Access and IPVanish, Canada-based TunnelBear, British Virgin Islands-based ExpressVPN, and Lithuania-based Surfshark. ExpressVPN said it "refuses to participate in the Indian government's attempts to limit internet freedom." The government's move "severely undermines the online privacy of Indian residents," Private Internet Access said. "Customers in India will be able to connect to VPN servers in other countries," adds 9to5Mac. "This is the same approach taken in Russia and China, where operating servers within those countries would require VPN companies to comply with similar legislation."

"Cloud storage services are also subjected to the new rules, though there would be little practical impact on Apple here. iCloud does not use end-to-end encryption, meaning that Apple holds a copy of your decryption key, and can therefore already comply with government demands for information."

The end-to-end encryption email service, Tutanota, says they are receiving reports that Crunchyroll is not allowing the use of their email addresses when signing up for their service. After contacting their team requiring that their domains be unblocked, they received the following response: "The ban of your domains is because we encountered a lot of hackers that used your domains emails to hack our accounts." From a report: In other words, Crunchyroll believes that many hackers used Tutanota domain emails to hack their accounts, which is why they banned Tutanota from their list. Moreover, they recommend users to use email accounts powered by "Big Tech" companies for hassle-free sign up to their services. This is not entirely a new phenomenon, notes It's FOSS. "DeviantArt actively blocked Proton Mail in the past because spammers used the platform to create accounts. Now, they have unblocked them."

Tutanota recently called out Microsoft for blocking Tutanota users from registering an account with its cloud-based collaboration platform, Teams.

"Hyundai predictably fails in attempting to secure their car infotainment system with a default key lifted from programming examples," writes Slashdot reader sinij. "This level of security is unfortunately expected from auto manufacturers, who also would like to sell you always-connected Car2Car self-driving automobiles." Cryptographer and security experience Bruce Schneier writes: "Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]," writes an unidentified developer under the name "greenluigi1." Luck held out, in a way. "Greenluigi1" found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like "RSA Encryption & Decryption Example with OpenSSL in C." Two questions remain:
1.) How did the test key get left behind?
2) Was it by accident or design?

Facebook's parent company Meta is heading into another political battle over the planned introduction of end-to-end encryption (E2EE) in its Messenger chat platform. From a report: The UK's home secretary, Priti Patel, makes this clear in an op-ed for Tory mouthpiece The Telegraph this week, saying it would be a "grotesque betrayal" if the company didn't consider issues of child safety while introducing E2EE. Similar arguments are likely to be raised in the US, too. Meta has been working on adding E2EE to Messenger for years, and recently confirmed that it aims to encrypt all chats and calls on the platform by default next year. (It currently only offers default E2EE on its other big chat platform, WhatsApp, though users can opt-in to E2EE on Messenger on a chat-by-chat basis.)

The move is reigniting decades-old debates in politics and tech about the right way to balance user privacy and safety. In the US, these arguments have been heightened by the potential for police to issues search warrants for user chats in order to enforce new abortion laws after the overturn of Roe v. Wade. In the UK, arguments over encryption tend to focus on child safety and the dissemination of of child sexual abuse material, or CSAM. "A great many child predators use social media platforms such as Facebook to discover, target and sexually abuse children," writes Patel in her op-ed. "It is vital that law enforcement have access to the information they need to identify the children in these images and safeguard them from vile predators."

Distributed denial-of-service (or DDoS) attacks "are increasing in frequency and growing in size exponentially," reports Google Cloud's blog.

Recently an attacker tried to hit one of their customers with 46 million requests per second. The blog post describes it as the largest attack of its kind reported to date, "at least 76% larger than the previously reported record. To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds." Starting around 9:45 a.m. PT on June 1, 2022, an attack of more than 10,000 requests per second (rps) began targeting our customer's HTTP/S Load Balancer. Eight minutes later, the attack grew to 100,000 requests per second. Cloud Armor Adaptive Protection detected the attack and generated an alert containing the attack signature by assessing the traffic across several dozen features and attributes. The alert included a recommended rule to block on the malicious signature....

Our customer's network security team deployed the Cloud Armor-recommended rule into their security policy, and it immediately started blocking the attack traffic. In the two minutes that followed, the attack began to ramp up, growing from 100,000 rps to a peak of 46 million rps. Since Cloud Armor was already blocking the attack traffic, the target workload continued to operate normally. Over the next few minutes, the attack started to decrease in size, ultimately ending 69 minutes later at 10:54 a.m.

Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack.... The attack leveraged encrypted requests (HTTPS) which would have taken added computing resources to generate. Although terminating the encryption was necessary to inspect the traffic and effectively mitigate the attack, the use of HTTP Pipelining required Google to complete relatively few TLS handshakes.... The attack was stopped at the edge of Google's network, with the malicious requests blocked upstream from the customer's application.
While 22% of the source IPs corresponded to Tor exit nodes, the actual traffic coming from Tor nodes represented just 3% of attack traffic, the blog post points out.

And ultimately despite the attack, "the customer's service stayed online and continued serving their end-users."

Slashdot reader storagedude writes: Hackers are stealing cookies from current or recent web sessions to bypass multi-factor authentication (MFA), according to an eSecurity Planet report.

The attack method, reported by Sophos researchers, is already growing in use. The "cookie-stealing cybercrime spectrum" is broad, the researchers wrote, ranging from "entry-level criminals" to advanced adversaries, using various techniques.

Cybercriminals collect cookies or buy stolen credentials "in bulk" on dark web forums. Ransomware groups also harvest cookies and "their activities may not be detected by simple anti-malware defenses because of their abuse of legitimate executables, both already present and brought along as tools," the researchers wrote.

Browsers allow users to maintain authentication, remember passwords and autofill forms. That might seem convenient, but attackers can exploit this functionality to steal credentials and skip the login challenge.

Behind the scenes, browsers use SQLite database files that contain cookies. These cookies are composed of key-value pairs, and the values often contain critical information such as tokens and expiration dates.

Adversaries know the exact name and location of these files for all major browsers such as Chrome, Firefox, and even Brave, on various operating systems. That's why the attack can be scripted. It's not uncommon to find such scripts along with other modules in info-stealing and other malware.

For example, the latest version of the Emotet botnet targets cookies and credentials stored by browsers, which include saved credit cards. According to the Sophos researchers, "Google's Chrome browser uses the same encryption method to store both multi-factor authentication cookies and credit card data."

To gain initial access, attackers can also perform phishing and spear-phishing campaigns to implant droppers that can deploy cookie-stealer malware stealthily.

The cookies are then used for post-exploitation and lateral movements. Cybercriminals can use them to change passwords and emails associated with user accounts, or trick the victims into downloading additional malware, or even deploy other exploitation tools such as Cobalt Strike and Impacket kit.

Users should not use built-in features to save passwords unless the browser encrypts them with, at least, a master password. It's recommended that users uncheck the setting called "remember passwords," and users should probably not allow persistent sessions as well.

Developers can be part of the problem if they don't secure authentication cookies properly. Such cookies must have a short expiration date. Otherwise, the persistent authentication could turn into a persistent threat. You can have great security processes and still get hacked because the cookies do not have the necessary flags (e.g., HttpOnly, Secure attribute). For example, authentication cookies must be sent using SSL/TLS channels. Otherwise the data could be sent in plain text and attackers would only have to sniff traffic to intercept credentials.

IoT Times brings an update on "the race to create a new set of encryption standards." Last month, it was announced that a specialized security algorithm co-authored by security experts of NXP, IBM, and Arm had been selected by the U.S. Government's National Institute of Standards and Technology (NIST) to become part of an industry global standard designed to counter quantum threats.
IoT Times interviews the cryptography expert who co-created the Crystals-Kyber lattice-based algorithm selected by NIST — Joppe W. Bos, a senior principal cryptographer at the Competence Center for Cryptography and Security at NXP Semiconductors.

And what worries his colleagues at the semiconductor company isn't the "imminent threat of quantum computers," Bos says, but an even closer and more practical deadline: "the timeline for these post-quantum crypto standards." "Two weeks ago, NIST announced the winners of these new public standards, the post-quantum crypto standards, and their timeline is that in 2024, so in roughly two years, the winners will be converted into standards. And as soon as the standards are released, our customers will expect NXP Semiconductors, as one of the leaders in crypto and security, to already have support for these standards, because we are, of course, at the start of the chain for many end products. Our secure elements, our secure platforms, SOCs, are one of the first things that need to be integrated into larger platforms that go into end products. Think about industrial IoT. Think about automotive applications. So, our customers already expect us to support post-quantum crypto standards in 2024, and not only support but, for many companies, being able to compute the functional requirements of the standard.

"It took over ten years to settle down on the best methods for RSA and ECC, and now we have a much shorter timeline to get ready for post-quantum crypto."
"When you ask the experts, it ranges from one to five decades until we can see quantum computers big enough to break our current crypto," Bos says in the interview. So he stresses that they're not driven by a few of quantum computers. "The right question to ask, at least for us at NXP is, when is this new post-quantum crypto standard available? Because then, our customers will ask for post-quantum support, and we need to be ready.

"The standard really drives our development and defines our roadmap."

But speaking of the standard's "functional requirements", in the original story submission Slashdot reader dkatana raised an interesting point. There's already billions of low-powered IoT devices in the world.

Will they all have the memory and processing power to use this new lattice-based encryption?

MIT Technology Review obtained Prince's investor presentation for the "RedPill Phone," which promises more than it could possibly deliver. From the report: Erik Prince's pitch to investors was simple -- but certainly ambitious: pay just 5 million euros and cure the biggest cybersecurity and privacy plagues of our day. The American billionaire -- best known for founding the notorious private military firm Blackwater, which became globally infamous for killing Iraqi civilians and threatening US government investigators -- was pushing Unplugged, a smartphone startup promising "free speech, privacy, and security" untethered from dominant tech giants like Apple and Google. In June, Prince publicly revealed the new phone, priced at $850. But before that, beginning in 2021, he was privately hawking the device to investors -- using a previously unreported pitch deck that has been obtained by MIT Technology Review. It boldly claims that the phone and its operating system are "impenetrable" to surveillance, interception, and tampering, and its messenger service is marketed as "impossible to intercept or decrypt."

Boasting falsely that Unplugged has built "the first operating system free of big tech monetization and analytics," Prince bragged that the device is protected by "government-grade encryption." Better yet, the pitch added, Unplugged is to be hosted on a global array of server farms so that it "can never be taken offline." One option is said to be a server farm "on a vessel" located in an "undisclosed location on international waters, connected via satellite to Elon Musk's StarLink." An Unplugged spokesperson explained that "they benefit in having servers not be subject to any governmental law." The Unplugged investor pitch deck is a messy mix of these impossible claims, meaningless buzzwords, and outright fiction. While none of the experts I spoke with had yet been able to test the phone or read its code, because the company hasn't provided access, the evidence available suggests Unplugged will fall wildly short of what's promised.

[...] The UP Phone's operating system, called LibertOS, is a proprietary version of Google's Android, according to an Unplugged spokesperson. It's running on an unclear mix of hardware that a company spokesperson says they've designed on their own. Even just maintaining a unique Android "fork" -- a version of the operating system that departs from the original, like a fork in the road -- is a difficult endeavor that can cost massive money and resources, experts warn. For a small startup, that can be an insurmountable challenge. [...] Another key issue is life span. Apple's iPhones are considered the most secure consumer device on the market due in part to the fact that the company offers security updates to some of its older phones for six years, longer than virtually all competitors. When support for a phone ends, security vulnerabilities go unaddressed, and the phone is no longer secure. There is no information available on how long UP Phones will receive security support. "There are two things happening here," says Allan Liska, a cyberintelligence analyst at the cybersecurity firm Recorded Future. "There are the actual attempts to make real secure phones, and then there is the marketing BS. Distinguishing between those two can be really hard."

"When I worked in US intelligence, we [penetrated] a number of phone companies overseas," says Liska. "We were inside those phone companies. We could easily track people based on where they connected to the towers. So when you talk about being impenetrable, that's wrong. This is a phone, and the way that phones work is they triangulate to cell towers, and there is always latitude and longitude for exactly where you're sitting," he adds. "Nothing you do to the phone is going to change that."

The UP Phone is due out in November 2022.

Long-time Slashdot reader drinkypoo writes: John Deere, current and historic American producer of farming equipment, has long been maligned for their DRM-based lockdowns of said equipment which can make it impossible for farmers to perform their own service. Now a new security bypass has been discovered for some of their equipment, which has revealed that it is in general based on outdated versions of Linux and Windows CE.

Carried out by Sick Codes, the complete attack involves attaching hardware to the PCB inside a touchscreen controller, and ultimately produces a root terminal.

In the bargain and as a result, the question is being raised about JD's GPL compliance.
Sick Codes isn't sure how John Deere can eliminate this vulnerability (beyond overhauling designs to add full disk encryption to future models). But Wired also notes that "At the same time, though, vulnerabilities like the ones that Sick Codes found help farmers do what they need to do with their own equipment."

Although the first thing Sick Codes did was get the tractor running a farm-themed version of Doom.

Thursday Meta published a blog post by their "product management director of Messenger Trust," who emphasized that they've begun at least testing end-to-end encryption by default for Messenger chats. But Meta also announced plans "to test a new secure storage feature for backups of your end-to-end encrypted chats on Messenger...."

"As with end-to-end encrypted chats, secure storage means that we won't have access to your messages, unless you choose to report them to us."

CNBC provides some context: The announcement comes after Facebook turned over Messenger chat histories to Nebraska police as part of an investigation into an alleged illegal abortion. Meta spokesperson Andy Stone said the feature has been in the works for a while and is not related to the Nebraska case...

The feature is rolling out on Android and iOS devices this week, but it isn't yet available on the Messenger website. The company has been discussing full-scale deployment of end-to-end encryption since 2016, but critics have said the security measure would make it much more difficult for law enforcement to catch child predators....Meta said in the release that it is making progress toward the global rollout of default end-to-end encryption for personal messages and calls in 2023.
Other privacy enhancements announced Thursday by Meta:

• "We plan to bring end-to-end encrypted calls to the Calls Tab on Messenger."

• Meta announced that the deleting of messages will start syncing across your other devices "soon."

• Messenger will continue offering the option of "Disappearing" messages, in which viewed messages in an end-to-end encrypted chat automatically then disappear after a pre-specified period of time.

And there's more, according to Meta's announcement:.

"This week, we'll begin testing default end-to-end encrypted chats between some people. If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature. You'll still have access to your message history, but any new messages or calls with that person will be end-to-end encrypted. You can still report messages to us if you think they violate our policies, and we'll review them and take action as necessary....

"Last year, we started a limited test of opt-in end-to-end encrypted messages and calls on Instagram, and in February we broadened the test to include adults in Ukraine and Russia. Soon, we'll expand the test even further to include people in more countries and add more features like group chats....

"We will continue to provide updates as we make progress toward the global rollout of default end-to-end encryption for personal messages and calls in 2023."

Facebook announced on Thursday it will begin testing end-to-end encryption as the default option for some users of its Messenger app on Android and iOS. The Guardian reports: Facebook messenger users currently have to opt in to make their messages end-to-end encrypted (E2E), a mechanism that theoretically allows only the sender and recipient of a message to access its content. Facebook spokesperson Alex Dziedzan said on Thursday that E2E encryption is a complex feature to implement and that the test is limited to a couple of hundred users for now so that the company can ensure the system is working properly. Dziedzan also said the move was "not a response to any law enforcement requests." Meta, Facebook's parent company, said it had planned to roll out the test for months. The company had previously announced plans to make E2E encryption the default in 2022 but pushed the date back to 2023. "The only way for companies like Facebook to meaningfully protect people is for them to ensure that they do not have access to user data or communications when a law enforcement agency comes knocking," Evan Greer, the director of the digital rights group Fight for the Future, said. "Expanding end-to-end encryption by default is a part of that, but companies like Facebook also need to stop collecting and retaining so much intimate information about us in the first place."

An anonymous reader quotes a report from Ars Technica: Microsoft has published a knowledge base article acknowledging a problem with encryption acceleration in the newest versions of Windows that could result in data corruption. The company recommends installing the June 2022 security updates for Windows 11 and Windows Server 2022 "to prevent further damage," though there are no suggested solutions for anyone who has already lost data because of the bug.

The problems only affect relatively recent PCs and servers that support Vector Advanced Encryption Standard (VAES) instructions for accelerating cryptographic operations. Microsoft says affected systems use AES-XTS or AES-GCM instructions "on new hardware." Part of the AVX-512 instruction set, VAES instructions are supported by Intel's Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures -- these power some 10th-generation Core CPUs for laptops, as well as all 11th- and 12th-gen Core CPUs. AMD's upcoming Zen 4 architecture also supports VAES, though by the time these chips are released in the fall, the patches will have had plenty of time to proliferate. Microsoft says that the problem was caused when it added "new code paths" to support the updated encryption instructions in SymCrypt, Windows' cryptographic function library. These code paths were added in the initial release of Windows 11 and Windows Server 2022, so the problem shouldn't affect older versions like Windows 10 or Windows Server 2019.

The initial fix for the problem, provided in Windows' June 2022 security update package (Windows 11 build 22000.778), will prevent further damage at the cost of reduced performance, suggesting that the initial fix was to disable encryption acceleration on these processors entirely. Using Bitlocker-encrypted disks or the Transport Layer Security (TLS) protocol or accessing encrypted storage on servers will all be slower with the first patch installed, though installing the July 2022 security updates (Windows 11 build 22000.795) should restore performance to its previous level.

Intel's latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company's software guard extensions, the advanced feature that acts as a digital vault for security users' most sensitive secrets. From a report: Abbreviated as SGX, the protection is designed to provide a fortress of sorts for the safekeeping of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.

SGX is a cornerstone of the security assurances many companies provide to users. Servers used to handle contact discovery for the Signal Messenger, for instance, rely on SGX to ensure the process is anonymous. Signal says running its advanced hashing scheme provides a "general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus." The example is purely hypothetical. Signal spokesperson Jun Harada wrote in an email: "Intel alerted us to this paper... and we were able to verify that the CPUs that Signal uses are not impacted by the findings of this paper and therefore are not vulnerable to the stated attack." Key to the security and authenticity assurances of SGX is its creation of what are called "enclaves," or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.