A vulnerability on Australian National Disability Insurance Scheme (NDIS) website could’ve allowed attackers to create their own web pages on the government site. The vulnerability was quickly fixed once it was disclosed to the agency and technology provider Form.IO.
The vulnerability was discovered after a question to a Facebook disability support group about a strange SMS that a person had received.
Amoungst liberal democracies, the Australia Government has lead the way in legislating against digital privacy and security. Calling on all the usual bogeymen in their justifications, while giving law enforcement and intelligence agencies warrantless access to individuals metadata and attacking encryption protections.
One of the tools privacy and security advocates have used to fight against excessive government intrusion is the Warrant Canary. Many governments have warrants that can demand IT service providers hand over information about their customers, combined with a gag order making it illegal to tell anyone that they have received such warrants. Service providers have responded to…
Mailfence is a well-known email service provider to the privacy-conscious. “Secure and Private” is its tagline. They tell users that “encryption happens in the browser” and “it is impossible for anyone (including us) to read your email along the line”. They offer password protected encrypted email, along with the more standard OpenPGP pubic key encryption. About OpenPGP they say “With end-to-end encryption, data is encrypted on the sender’s system and only the intended recipient can decrypt it. Nobody in between can read or tamper with it.”
When pressed further, Mailfence stated via email that “The symmetric encrypted (password protected) emails…
Privacy and crypto geek. Perennial student. IT professional.