Undersecretary of State Goldstein Recommends VPNs to Iranians Amidst FBI Criminalization of Anonymity Tools.

As bloody protests continue in the Islamic Republic of Iran, Iranian officials have blocked internet access to Facebook, Instagram, and other social media websites. Amid the protests, the US Undersecretary of State Steven Goldstein has voiced concern over the behavior of Iranian officials and encouraged Iran to stop limiting external access to the countries users.

“They are legitimate avenues for communication,” Goldstein said. “People in Iran should be able to access those sites.” Iranians seeking to evade the blocks can use virtual private networks, Goldstein said. Known as VPNs, the services create encrypted data “tunnels” between computers and are used in many countries to access overseas websites blocked by the local government.

This comes as a surprise to many anti-surveillance advocates, as the Federal Bureau of Investigation had successfully lobbied for warrantless government hacking of computer systems anonymized with VPNs under the controversial "Rule 41" expansions in December. Under section (B)(6)(a) of the new rules(PDF), Federal investigators may seek out information on anonymized systems regardless of the physical location and district in which the system resides.

Though the change was made in December of 2016, the Electronic Frontier Foundation and other privacy advocacy groups have called on Congress to review the rule change and place a legislative hold until the privacy and security concerns of the change can be assessed.

For additional information about the rule change, check out the Electronic Frontier Foundation's Commentary here.

LibWebP (CVE-2023-4863)

Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. A similar CVE ( 2023-5217 ) is pending analysis for the VP8 webstream video format (a sister library to libwep.) As working proof-of-concepts are generally available to the public and Google and Apple both acknowledge threat actors and spyware vendors making use of the vulnerability, it is essential that you begin reviewing and patching all business critical applications. Patch Browsers, All of them All major and minor browsers acr

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories. Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open infosec.exchange , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous Put a castiron in a cold oven at 425°. Remove when preheat finishes and melt in a 1\4 stick of butter. Pour in batter. Top with parm and fresh herbs. Cook 15m.

All Good Men

Search This Blog