Welcome to the fifth newsletter from Security Without Borders. This is a somewhat regular newsletter covering recent cyber security issues, tools and events relevant for activists, dissidents, journalists and civil society at large.
Security Tip: use full-disk encryption (with a very strong password!) on all your devices. Though this won't stop malware or a hacker from accessing the device while you are using it, it does mean that the data is protected when it is turned off. Should the device get stolen, or should you lose it, you only have to worry about the financial loss, not about someone accessing your data.
This newsletter is an experiment. Please let us know if you enjoy it and suggest us any content you would like to see here either via Twitter or via email.
Helping Security without Borders?
Security Without Borders is a community project, run entirely by volunteers. Not all the work we do is public, but everyone is encourage to join our discussion list, or our MatterMost community - especially the latter is quite active any more. And of course, don't hesitate to contact us, should you need assistance or have any other question.
- Organisations around the world have been infected with the WannaCry ransomware, which apart from its high-profile targets, is noteworthy in that it spreads via a vulnerability in the SMB protocol in Windows operating systems. The vulnerability was patched in March, but we learned the hard way that many users don't always install those patches. Luckily, none of the organisations we work with appears to be affected and there is no indication that civil society was targeted in some way. That is not a reason to make sure all your systems are fully patched. And while running Windows XP remains a very bad idea if you care about security (the operating system has not been supported for three years), if you absolutely must, do at least download the emergency patch made available by Microsoft.
In the previous newsletter, we mentioned the arrest of United Arab Emirates human rights activist Ahmed Mansoor. As Ahmed is still in prison, Security Without Borders joins Amnesty International, the EFF and others to demand his immediate release.
Together with Derechos Digitales, a Chilean digital rights organisation, the Electronic Fronteer Foundation (EFF) published a report in which the privacy practices of Chile's ISPs are evaluated. Of course, details about which ISPs "have your back" are only relevant if you are a Chile-based Internet user, but you may still use the report to evaluate ISPs in your country or region: the report explains what criteria are used.
A British security researcher thoroughly analysed the security of 'nomx', a communication device of which its maker makes some very bold security claims. If you don't mind some fairly technical reading, the report highlights many flaws in the device, some of them really basic. If secure communication is crucial for your online activities, it may be tempting to acquire a device that makes great promises. This analyses should warn you that without thorough analysis by third parties, bold claims by makers of tools and devices should be taken with a very big pinch of salt.
Reporters Without Borders has released its annual world press freedom index, a list of countries ranked according to how free the press is to operate in practice. The map hasn't changed compared to that of 2016, which isn't particularly good news, seeing as there are many threats to press freedom around the world. Only sixteen countries find themselves in the highest category and even in some of these countries, there are threats against journalists' lives and work.
Finally, last week at the re-publica conference in Berlin, SWB's Claudio took part in a discussion with former chess world champion and political activist Gary Kasparov on the subject 'Hacking Democracy: Power and Propaganda in the Digital Age '. The video of their discussion can be watched on YouTube.
- In the previous newsletter, we mentioned a series of articles run by Vice Motherboard on 'Stalkerware': spyware targeted at ordinary people that is often used in abusive relationships. Security Without Borders is working on tools to detect such spyware, the first result of which are two tools written by Claudio that will remove a FlexiSpy infection from your Windows PC or Mac.