Weekly Report: Apache Camelに複数の脆弱性

JPCERT
1 month 1 week ago
Apache Camelには、複数の脆弱性があります。これらの脆弱性のうち一部の脆弱性について概念実証コードが公開されていることを確認しています。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は、開発者が提供する情報を参照してください。

Broken Promises: RIP Instagram’s End-to-End Encrypted DMs

EFF update
1 month 1 week ago

Last week, Instagram ended its opt-in, and therefore rarely used, end-to-end encryption feature. Years after publicly promising to provide the privacy protections of end-to-end encryption across its platforms by default, it instead gave up on that technical challenge. Now, we've all lost an option for safer conversations on one of the biggest social media platforms in the world.

In an announcement in 2023, Meta bragged about how it had successfully encrypted Messenger, and teased that Instagram was in progress. Even before then, they’d talked about how important encryption was in Messenger and Instagram in a white paper published in 2022, stating: 

We want people to have a trusted private space that’s safe and secure, which is why we’re taking our time to thoughtfully build and implement e2ee by default across Messenger and Instagram DMs.

So where did the reversal come from? In a statement, Meta claimed that, “Very few people were opting in to end-to-end encrypted messaging in DMs.” This isn’t all that surprising, as turning it on was an optional four-step process that few people knew about. Defaults matter, and Meta’s choice to blame people for failing to opt into this feature is proof of how much. In that same statement, the company pointed people to WhatsApp for access to encrypted messaging. Yet if Meta truly wanted people to have a trusted private space to communicate, it would meet them everywhere they are: on WhatsApp, on Messenger, and on Instagram.

But at least Meta was straightforward about the fact that it will not continue to support or work on this feature. That's rare. Most tech company promises aren’t broken explicitly, they just remain undelivered long enough to be forgotten. 

This is particularly disappointing as other companies take even bigger swings, like Google and Apple working together to implement end-to-end encryption over Rich Communication Services (RCS), and Signal’s continued work to make its app simpler and easier to use for everyone.

Meta abandoning this principle is disheartening, especially as we are still waiting for other promised features from the company, like end-to-end encryption in Facebook Messenger group messages. Instead of blaming users for not using these sorts of features and then abandoning the promise of delivery, Meta—and other tech companies—should start by enabling strong privacy protective features by default.

Thorin Klosowski

【自民党大会】陸自隊員が国歌 首相「法的問題ない」=編集部

日本ジャーナリストクラブ(JCJ)
1 month 1 week ago
 「時は来た。憲法改正の発議について、めどが立ったと言える状態で来年の党大会を迎えたい」。高市首相が師と仰ぐ安倍元首相にならい「来年の党大会」と改憲の国会発議の期限を表明した12日の自民党大会で、陸上自衛隊中央音楽隊に所属の陸曹が制服(音楽隊の演奏服)で登壇し、国歌を斉唱した。自衛官は登壇に際して「陸上自衛隊が誇るソプラノ歌手」と司会者から会場に紹介されたという。自民党、防衛省は「国歌の斉唱は政治行為にあたらない」とするが、問題は国会でも取り上げられ、「自衛隊の中立性に疑念を..
JCJ