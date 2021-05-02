Security Leftovers
Human Rights Groups Warn UN Cybercrime Treaty Must Avoid 'Chilling Effect'
Ahead of a United Nations session next week, nearly 130 academics and advocacy groups asserted that "it is vitally important to apply a human rights-based approach" to drafting a potential cybercrime treaty.
"A convention without such safeguards or that dilutes states' human rights obligations would place individuals at risk and make our digital presence even more insecure."
Nearly 130 Public Interest Organizations and Experts Urge the United Nations to Include Human Rights Safeguards in Proposed UN Cybercrime Treaty
The proposed treaty will likely deal with cybercrime, international cooperation, and access to potential digital evidence by law enforcement authorities, as well as human rights and procedural safeguards. UN member states have already written opinions discussing the scope of the treaty, and their proposals vary widely. In a letter to the committee chair, EFF and Human Rights Watch along with partners across the world asked that members include human rights considerations at every step in the drafting process. We also recommended that cross-border investigative powers include strong human rights safeguards, and that global civil society be provided opportunities to participate robustly in the development and drafting of any potential convention.
Failing to prioritize human rights and procedural safeguards in criminal investigations can have dire consequences. As many countries have already abused their existing cybercrime laws to undermine human rights and freedoms and punish peaceful dissent, we have grave concerns that this Convention might become a powerful weapon for oppression. We also worry that cross-border investigative powers without strong human rights safeguards will sweep away progress on protecting people’s privacy rights, creating a race to the bottom among jurisdictions with the weakest human rights protections.
We hope the Member States participating in the development and drafting of the treaty will recognize the urgency of the risks we mention, commit to include civil society in their upcoming discussions, and take our recommendations to heart.
EFF Asks Appeals Court to Rule DMCA Anti-Circumvention Provisions Violate First Amendment
EFF Threat Lab’s “apkeep” APK Downloader, Now More Capable and Available in More Places
In addition to the ability to download Android packages from the Google Play Store and APKPure, we’ve added support for downloading from the free and open source app repository F-Droid. Packages downloaded from F-Droid are checked against the repository maintainers’ signing key, just like in the F-Droid app itself. The package index is also cached, which makes it easy to run multiple subsequent requests for downloads.
You can now download specific versions of apps from either the apk-pure app store, which mirrors the Google Play Store, or from f-droid. To try it, issue the following command to see which versions are available:
Once you’ve picked a desired version, download it with this command:
Microsoft touts first PCs to ship natively with secure Pluton chip [Ed: This is not about security at all]
Asked why the chip is initially disabled, the spokesperson said enterprise customers "have told us they extensively test and evaluate any new security-related software or feature that will be introduced into their network and can choose to enable Pluton on their devices as they see fit. As Pluton rolls out into market and we have time to assess the customer demand for factory enablement, we will review enabling [it]."
The Pluton processor is aimed at delivering greater protection than the existing Trusted Platform Module (TPM) as it’s a dedicated security chip that handles security features such as BitLocker, Windows Hello, and System Guard.
AWS is Not a Dumb Pipe
The telcos didn't go down without a fight. They successfully got so many regulations passed against VoIP that it served a serious barrier to entry for more than a decade. The hyperscalers have an even better card to play than regulation: open source. By bringing the cost of software down to zero, they can commoditize their complement. If AWS open sourced all higher-level services, they would still be a "dumb pipe", but with fewer competitors.
“Biggest cyber breach in history” as techs scramble to be heard above Omicron din [Ed: A bit of a distraction from the greater perils]
The devil child of the moment, if you want to call it that, is the very technically named Log4j computer vulnerability, which has left governments and corporations world wide open to attack and scrambling to patch, or repair, their systems. It is being called the biggest cyber security breach in history.
With the news bandwidth consumed by Omicron and the public immured to cyber scare stories, the scale of the recent Log4j story and the implications it has for the secure operation of government services and infrastructure is only just becoming more broadly understood.
Google calls for new government action to protect open-source software projects [Ed: Meeting stacked by the worst culprits, as usual]
Following a summit on open-source security hosted at the White House Thursday, Google has called for increasing government involvement in identifying and securing critical open-source software projects.
In a blog post published shortly after the summit, Kent Walker, president for global affairs and chief legal officer at Google and Alphabet, said that collaboration between governmen
White House Convenes Open-Source Security Summit Amid Log4j Risks
The virtual summit, led by deputy national security adviser Anne Neuberger, included executives from Apple Inc., Alphabet Inc., Meta Platforms Inc. and Microsoft Corp. , among others, along with specialist open-source software organizations such as GitHub Inc., the Apache Software Foundation and the Linux Open Source Foundation.
The Cybersecurity and Infrastructure Security Agency, the Commerce Department, the Defense Department and the Energy Department were among the federal agencies present.
Survey Shows 60% Of VFX Designers Are Using Linux
VES (Visual Effects Society) is an organization that represents visual effects designers, animators, studios, film makers and other related stakeholders from many different countries around the world. They have thousands of members from many different companies specialized in VFX field, some of which have made the most iconic films in the world. VES has published the results of a survey they worked on between October-November of 2021 about studio software platforms used by their members. 88 Unique studios have participated in the survey, which collectively own more than 59,000 artist workstations (Or computers). The survey aimed to explore which software platforms are most common in the VFX industry, and the key findings could be quite surprising for you.
