UK home secretary says WhatsApp must be accessible to authorities
Amber Rudd, the Home Secretary of the United Kingdom, has said that it is necessary for the UK’s intelligence and law enforcement agencies to have access to encrypted messaging services, primarily WhatsApp, to stop future terrorist attacks. The call came after Khalid Masood killed four people close to the Houses of Parliament on Wednesday, who is believed by police to have used WhatsApp just before the attack.
Speaking on the BBC’s Andrew Marr Show on Sunday she said: “We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other.”
Civil rights groups and opposition parties have called out Rudd’s demands, with Liberal Democrat, home affairs spokesman and former deputy assistant commissioner in the Metropolitan police, Brian Paddick said that breaking encryption was not “proportionate” nor “effective” in response to the attack in Westminster.
Rudd has said that she would consider drawing up new legislation if WhatsApp and others did not allow government access.
A meeting between the home secretary and representatives from technology companies is scheduled for 30 March.
LastPass acknowledges browser vulnerability, working on fix
The popular password manager LastPass has acknowledged a browser vulnerability initially discovered by researcher Tavis Ormandy from the Google Project Zero.
Last Monday, LastPass identified a vulnerability with a remote code execution in version 4.1.42 of its Chrome extension.
In a recent LastPass blog post, a spokesperson said “We are now actively addressing the vulnerability. This attack is unique and highly sophisticated.”
Researcher Tavis Ormandy had previously identified vulnerabilities in former versions of LastPass earlier this month. A previous solution was to proxy suspicious messages to LastPass admin with LastPass announcing the same day it had patched its extensions.
The latest exploit is new, though LastPass has not yet released details of when a fix will be ready.
Netflix is hiring a lawyer to combat online piracy
Netflix has recently put up an advertisement for a legal manager to join its global copyright protection department.
A spokesperson from Netflix said “The ideal candidate will be either an experienced IP attorney, IP paralegal, or an anti-piracy specialist, with substantial experience in protecting rights and ideally content.”
Adding, “He or she will be tasked with supporting the Netflix Global Copyright Protection Group in its industry-wide anti-piracy strategic initiatives and tactical takedown efforts with the goal of reducing online piracy to a socially unacceptable fringe activity.”
Netflix CEO Reed Hastings remarked that torrenting boosted demand for the network’s shows, adding that piracy was an important barometer for the kinds of shows produced.
The advertisement for the legal position lists the following responsibilities:
- Manage and improve the Netflix notice and takedown efforts on rogue pirate sites.
- Working with business groups on content protection and security issues.
- Consider solutions to deal with new piracy models and ways to consume pirate content online, such as illicit streaming devices.
- Assist in the management of Netflix correspondence with and outreach to both the administrators of pirate sites and the facilitators of piracy.
Instagram implements two-factor authentication
The popular social network Instagram has introduced a two-factor authentication to help protect user accounts from password hacks and phishing.
The approach is already being used by the biggest social media networks and tech groups, including Facebook, Google and Twitter, though different methods are used by each.
In Instagram’s case, users need to opt-in to the two-factor authentication by opening settings in the top right of the profile page, then clicking on the two-factor authentication label in the next menu, then enabling the setting labelled “require security code”. The app will then text a six-digit code to the user’s phone every time they want to log in.