china – Page 4 – SSL and internet security news

Emergency Surveillance During COVID-19 Crisis

March 20, 2020 infossl

china, covid19, datacollection, eff, epidemiology, iran, israel, nationalsecuritypolicy, privacy, Security technology, surveillance

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With that in mind, the EFF has some good thinking on … Read More “Emergency Surveillance During COVID-19 Crisis” »

Chinese Hackers Bypassing Two-Factor Authentication

December 26, 2019 infossl

china, hacking, rsa, Security technology, twofactorauthentication

Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid … Read More “Chinese Hackers Bypassing Two-Factor Authentication” »

GPS Manipulation

November 21, 2019 infossl

china, gps, Security technology, theft, transportation

Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand. The Shanghai “crop circles,” which somehow spoof each vessel to a different false location, are something new. “I’m still puzzled by this,” says Humphreys. “I can’t get it to work out … Read More “GPS Manipulation” »

Supply-Chain Security and Trust

September 30, 2019 infossl

china, essays, nationalsecuritypolicy, Security technology, supplychain, trust

The United States government’s continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it’s impossible to verify that they’re trustworthy. Solving this problem which is increasingly a national security issue will require us to both … Read More “Supply-Chain Security and Trust” »

On Chinese “Spy Trains”

September 26, 2019 infossl

china, espionage, essays, infrastructure, nationalsecuritypolicy, privacy, Security technology, surveillance

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world’s largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the … Read More “On Chinese “Spy Trains”” »

Details of the Cloud Hopper Attacks

July 10, 2019 infossl

advancedpersistentthreats, china, fraud, hacking, ibm, intelligence, malware, Security technology, theft

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as “Cloud Hopper,” was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple … Read More “Details of the Cloud Hopper Attacks” »

Chinese Military Wants to Develop Custom OS

June 6, 2019 infossl

china, operatingsystems, Security technology, securityengineering, windows

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system: Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US’ hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, … Read More “Chinese Military Wants to Develop Custom OS” »

Visiting the NSA

May 22, 2019 infossl

china, cybersecurity, fisa, infrastructure, machinelearning, nationalsecuritypolicy, nsa, privacy, russia, Security technology

Yesterday, I visited the NSA. It was Cyber Command’s birthday, but that’s not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT — get it? We have a web page, but it’s badly out of date.) … Read More “Visiting the NSA” »

Reverse Engineering a Chinese Surveillance App

May 13, 2019 infossl

china, privacy, reverseengineering, Security technology, surveillance

Human Rights Watch has reverse engineered an app used by the Chinese police to conduct mass surveillance on Turkic Muslims in Xinjiang. The details are fascinating, and chilling. Boing Boing post. Powered by WPeMatico

Leaked NSA Hacking Tools

May 8, 2019 infossl

china, disclosure, hacking, nsa, russia, Security technology, vulnerabilities, zeroday

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA’s ability to secure its own … Read More “Leaked NSA Hacking Tools” »