ニフティ、同社をかたるフィッシングメールに注意喚起

slashdot(security)
2 days 15 hours ago
headless 曰く、ニフティが同社をかたるフィッシングメールに注意喚起している (ニフティのお知らせ)。 ニフティをかたるフィッシングメールは主にメールの使用状況や支払い方法変更を促すもので、明らかに言葉遣いが不自然なものから、本物のニフティのメールをコピーしたものまで様々だ。本物の見分け方としては、ウェブメールで差出人名の先頭にニフティのマークがあれば本物だと紹介されている。ただし、このようなフィッシングメールはニフティのシステムを通過してユーザーに届いているので、ユーザーに注意喚起する前にもう少し対策できないものかと思う。 たとえば差出人名が「Nifty ○○」で、プロバイダー他社のドメインの電子メールアドレスから送信されたメールは迷惑メールに振り分けられることもなく、当然のように受信トレイに配信される。個人的にはニフティユーザーでメールを Gmail と Outlook に転送して利用しているが、こういったメッセージを転送先の受信トレイで目にすることはない。 スラドの皆さんはプロバイダーのメールを使用しているだろうか。プロバイダー側のフィッシング対策はいかがだろう。

すべて読む | ITセクション | セキュリティ | spam | ボットネット |

関連ストーリー:
8/10/16進数でIPアドレス表記したフィッシングメール報告、フィルター回避が目的か 2023年11月17日
AI検出ツールではフィッシングメールの4分の3近くを検証できない 2023年10月08日
ChatGPTでランサムウエアを作成できる方法が存在する 2023年04月25日
ソニー銀行などのフィッシングメール増加。バンダイチャンネルのメールがフィッシングを疑われる 2023年02月17日

nagazou

ニフティ、同社をかたるフィッシングメールに注意喚起

slashdot(IT)
2 days 15 hours ago
headless 曰く、ニフティが同社をかたるフィッシングメールに注意喚起している (ニフティのお知らせ)。 ニフティをかたるフィッシングメールは主にメールの使用状況や支払い方法変更を促すもので、明らかに言葉遣いが不自然なものから、本物のニフティのメールをコピーしたものまで様々だ。本物の見分け方としては、ウェブメールで差出人名の先頭にニフティのマークがあれば本物だと紹介されている。ただし、このようなフィッシングメールはニフティのシステムを通過してユーザーに届いているので、ユーザーに注意喚起する前にもう少し対策できないものかと思う。 たとえば差出人名が「Nifty ○○」で、プロバイダー他社のドメインの電子メールアドレスから送信されたメールは迷惑メールに振り分けられることもなく、当然のように受信トレイに配信される。個人的にはニフティユーザーでメールを Gmail と Outlook に転送して利用しているが、こういったメッセージを転送先の受信トレイで目にすることはない。 スラドの皆さんはプロバイダーのメールを使用しているだろうか。プロバイダー側のフィッシング対策はいかがだろう。

すべて読む | ITセクション | セキュリティ | spam | ボットネット |

関連ストーリー:
8/10/16進数でIPアドレス表記したフィッシングメール報告、フィルター回避が目的か 2023年11月17日
AI検出ツールではフィッシングメールの4分の3近くを検証できない 2023年10月08日
ChatGPTでランサムウエアを作成できる方法が存在する 2023年04月25日
ソニー銀行などのフィッシングメール増加。バンダイチャンネルのメールがフィッシングを疑われる 2023年02月17日

nagazou

The Intelligence Committees’ Proposals for a 702 Reauthorization Bill are Beyond Bad

EFF update
2 days 15 hours ago

Both congressional intelligence committees have now released proposals for reauthorizing the government's Section 702 spying powers, largely as-is, and in the face of repeated abuse. 

The House Permanent Select Committee on Intelligence (HPSCI) in the U.S. House of Representatives released a Nov. 16 report calling for reauthorization, which includes an outline of the legislation to do so. According to the report, the bill would renew the mass surveillance authority Section 702 and, in the process, invokes a litany of old boogeymen to justify why the program should continue to collect U.S. persons’ communications when they talk with people abroad.

As a reminder, the program was intended to collect communications of people outside of the United States, but because we live in an increasingly globalized world, the government intercepts and retains a massive trove of communications between Americans and people overseas. Increasingly, it’s this U.S. side of digital conversations that domestic law enforcement agencies trawl through—all without a warrant.

Private communications are the cornerstone of a free society.

It’s an old tactic. People in the intelligence community chafe against any proposals that would cut back on their “collect it all” mentality. This leads them to make a habit of finding the most current threat to public safety in order scare the public into pushing for much needed reforms, with terrorism serving as the most consistent justification for mass surveillance. In this document, HPSCI mentions that Section 702 could be the key to fighting: ISIS, Al-Qaeda, MS-13, and fentanyl trafficking. They hope that one, or all, of these threats will resonate with people enough to make them forget that the government has an obligation to honor the privacy of Americans communications and prevent them from being collected and hoarded by spy agencies and law enforcement.

The House Report

While we are still waiting for the official text, this House report proposes that Section 702 authorities be expanded to include “new provisions that make our nation more secure.” For example, the proposal may authorize the use of this unaccountable and out-of-control mass surveillance program as a new way of vetting asylum seekers by, presumably, sifting through their digital communications. According to a newly released Foreign Intelligence Surveillance Court (FISC) opinion, the government has sought some version of this authority for years, was repeatedly rejected, and received court approval for the first time this year. Because the court opinion is so heavily redacted, it is impossible to know the current scope of immigration- and visa-related querying, or what broader proposal the intelligence agencies originally sought. It’s possible the forthcoming proposal seeks to undo even the modest limitations that the FISC imposes on the government.

This new authority might give immigration services the ability to audit entire communication histories before deciding whether an immigrant can enter the country. This is a particularly problematic situation that could cost someone entrance to the United States based on, for instance, their own or a friend’s political opinions—as happened to a Palestinian Harvard student when his social media account was reviewed when coming to the U.S. to start his semester.

The House report’s bill outline also includes a call “to define Electronic Communication Service Provider to include equipment.” A 2023 FISC of Review opinion refused the intelligence community’s request for a novel interpretation of whether an entity was “an electronic communication service provider,” but that opinion is so heavily redacted that we don’t know what was so controversial. This crucial definition determines who may be compelled to turn over users’ personal information to the government so changes would likely have far-reaching impacts.

The Senate Bill

Not wanting to be outdone, this week the Senate Select Committee on Intelligence proposed a bill that would renew the surveillance power for 12 years—until 2035. Congress has previously insisted on sunsets of post-9/11 surveillance authorities every four to six years. These sunsets drive oversight and public discussion, forcing transparency that might not otherwise exist. And over the last two decades, periodic reauthorizations represent the only times that any statutory limitations have been put on FISA and similar authorities. Despite the veil of secrecy around Section 702, intelligence agencies are reliably caught breaking the law every couple of years, so a 12-year extension is simply a non-starter.

The SSCI bill also fails to include a warrant requirement for US person queries of 702 data—something that has been endorsed by dozens of nonprofit organizations and independent oversight bodies like the Privacy and Civil Liberties Oversight Board. Something that everyone outside of the intelligence community considers common sense should be table stakes for any legislation.

Private communications are the cornerstone of a free society. That’s why EFF and a coalition of other civil right, civil liberties, and racial justice organizations have been fighting to seriously reform Section 702 otherwise let it expire when it sunsets at the end of 2023. One hopeful alternative has emerged: the Government Surveillance Reform Act, a bill that would make some much needed changes to Section 702 and which has earned our endorsement. Unlike either of these proposals, the GSRA would require court approval of government queries for Americans’ communications in Section 702 databases, allows Americans who have suffered injuries from Section 702 surveillance to use the evidentiary provisions FISA sets forth, and strengthens the government’s duties to provide notice when using data resulting from Section 702 surveillance in criminal prosecutions must serve as priorities for Congress as it considers reauthorizing Section 702.

Matthew Guariglia