Internet Security

Facebook to encrypt Instagram messages ahead of integration with WhatsApp, Facebook Messenger

Facebook is planning to roll out end-to-end encryption for Instagram messages, as part of a broader integration effort across the company’s messaging platforms, including WhatsApp and Facebook Messenger. First reported by The New York Times, the social media giant said reworking the underlying infrastructure of its three messaging apps will allow users to talk to each other more…


Facebookis planning to roll out end-to-end encryption for Instagram messages, as part of a broader integration effort across the company’s messaging platforms, including WhatsAppand Facebook Messenger.

First reported by The New York Times, the social media giant said reworking the underlying infrastructure of its three messaging apps will allow users to talk to each other more easily. The apps will reportedly remain independent of one another — with Instagram and WhatsApp bringing in 1 billion and 1.5 billion users, respectively.

In doing so, Facebook is adding end-to-end encryption to Instagram messages. That will bring a new level of security and privacy to Instagram users for the first time. Facebook will also begin encrypting Facebook Messenger by default, which has, to date, required users to manually switch on the feature.

So far, only WhatsApp messages are end-to-end encrypted by default.

The plans are part of th

Read More

Be the first to write a comment.

Leave a Reply

Internet Security

Facebook needs a white hat Cambridge Analytica

Rob Blackie Contributor Share on Twitter Rob Blackie is a Digital Strategist based in London, England, who has contributed to The Guardian and The Independent newspapers. Mike Butcher Contributor More posts by this contributor Consolidation in Africa as classifieds player Jiji acquires their main competitor OLX Wayve claims ‘world first’ in driving a car autonomously…


Facebook has hada terrible couple of years. Fake news. Cambridge Analytica. Charges of anti-Semitism. Russia hacking the 2016 election. Racist memes, murders and lynchings in India, Myanmar and Sri Lanka.  

And Facebook is just the tech company with the longest list of scandals.There’s Google, YouTube and Twitter’s well-documented roles in radicalization to consider, not to mention growing global health crises caused by medical misinformation spread on all the major platforms.

Investors are rightly beginning to worry. If tech companies and their investors can’t foresee and stop these problems, it will likely lead to damaging regulation, costing them billions.

The rest of us are increasingly unhappy that internet giants refuse to take responsibility. The argument that the problem lies with third-party abuse of their tools is wearing thin, not just with the media and politicians, but increasingly with the public as well.

If the tech giants don’t want regulators to step in and police, they need to do much more to predict, and stop the abuse, before it even happens.

One hundred cardboard cutouts of Facebook founder and CEO Mark Zuckerberg stand outside the U.S. Capitol in Washington, DC, April 10, 2018. Advocacy group Avaaz is calling attention to what the groups says are hundreds of millions of fake accounts still spreading disinformation on Facebook. (Photo: SAUL LOEB/AFP/Getty Images)

The common factor in social media scandals

The problems mentioned above weren’t caused by anybody breaking existing social network rules. Nor

Read More

Continue Reading
Internet Security

We found a massive spam operation — and sunk its server

For ten days in March, millions were caught in the same massive spam campaign. Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent…


For ten daysin March, millions were caught in the same massive spam campaign.

Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent email with a link to a fake site pushing a weight loss pill or a bitcoin scam.

The emails were so convincing more than 100,000 people clicked through.

We know this because a security researcher found the server leaking the entire operation. The spammer had forgotten to set a password.

Security researcher Bob Diachenko found the leaking data and with help from TechCrunch analyzed the server. At the time of the discovery, the spammer’s rig was no longer running. It had done its job, and the spammer had likely moved onto another server — likely in an effort to avoid getting blacklisted by anti-spam providers. But the server was primed to start spamming again.

Given there were more than three million unique exposed credentials sitting on this spammer’s server — hosted onintelimost.com, we wanted to secure the data as soon as possible. With no contact information for the spammer — surprise, surprise — we asked the hosting provider, Awknet, to pull the server offline. Within a few hours of making contact, the provider nullrouted the server, forcing all its network traffic into a sinkhole.

TechCrunch provided a copy of the database to Troy Hunt. Anyone can now check breach notification site Have I Been Pwned to see if their email was misused.

But the dormant server — while it was still active — offered a rare opportunity to understand how a spam operation works.

The one thing we didn’t have was the spam email itself. We reached out to dozens of people to ask about the email they received. Two replied — but only one still had a copy of the email.

The email sent by the spammer. (Image: supplied)

“The same mail appeared on three occasions,” said one of the recipients in an email to TechCrunch. “The subject was related to an email I had sent previously

Read More

Continue Reading
Internet Security

It’s time to publicly shame United Airlines’ so-called online security (2016)

Jon Evans Contributor Jon Evans is the CTO of the engineering consultancy HappyFunCorp; the award-winning author of six novels, one graphic novel, and a book of travel writing; and TechCrunch’s weekend columnist since 2010. More posts by this contributor Where did social media go wrong? Welcome to the hub of all hubs: Cosmos has launched…


Dear executives of United Airlines, I have some advice for you. 1: Fire whoever is in charge of your online security. 2: Burn down the building in which they worked; it may be tainted. 3: Salt the ground so nothing ever grows there again, to be safe. 4: Hire somebody competent who will not infuriate your users while simultaneously compromising their security.

I know I probably sound like a disgruntled passenger who just had an unpleasant airline experience. Not so! I am actually fond of United, have flown hundreds of thousands of miles with them, and have upper-tier status with them. But I’m also an engineer who writes about security.

It was bad enough when they replaced their free-form password security questions withdrop-down selections— I am not making this up — for “Your favorite artist,” “Your favorite pizza topping,” etc

Read More

Continue Reading
Internet Security

Passbase is building a full stack identity engine with privacy baked in

Digital identity startup Passbase has bagged $600,000 in pre-seed funding led by a group of business angel investors from Alphabet, Stanford, Kleiner Perkins and EY, as well as seed fund investment from Chicago-based Upheaval Investments and Seedcamp. The 2018-founded Silicon Valley-based startup — whose co-founder we chatted to briefly on camera at Disrupt Berlin —…


Digital identity startup Passbase has bagged $600,000 in pre-seed funding led by a group of business angel investors from Alphabet, Stanford, Kleiner Perkins and EY, as well as seed fund investment from Chicago-based Upheaval Investments and Seedcamp.

The 2018-founded Silicon Valley-based startup — whose co-founder we chatted to briefly on camera at Disrupt Berlin — is building what it dubs an “identity engine” to simplify identity verification online.

Passbaseoffers a set of SDKs to developers to integrate into their service facial recognition, liveness detection, ID authenticity checks and ID information extraction, while also baking in privacy protections that allow individual users to control their own identity data.

A demo video of the verification product shows a user being asked to record a FaceID-style 3D selfie by tilting their face in front of a webcam and then scanning an ID document, also by holding it up to the camera.

On the developer front, the flagship claim is Passbase’s identity verification product can be deployed to a website or mobile app in less than three minutes, with just seven lines of code.

Co-founderMathias Klenktells TechCrunch the system architecture draws on ideas from public-private key encryption, blockchain and biometric authentication — and is capable of completing “zero-knowledge authentications.”

In practice, that means a website visitor or app user can prove who they are (or how old they are) without having to share their full identity document with the service.

Klenk, a Stanford alum, says the founding teampivoted to digital identity in the middle of last year after their earlier startup — a crypto exchange management app called Coinance — ran into regulatory difficulties right after they’d decided to go full-time on the project.

He says they got a call from Apple, in August 2018, informing them Coinance had been pulled from the AppStore. The issue was they needed to be able to comply with know your customer (KYC) requirements as regulators cracked down on the risk of cryptocurrency being used for money l

Read More

Continue Reading