Operation #StopCISA | Android vulnerability | Sponsored by ObserveIT

Unleash the faxes!

As senators aim to take up a cybersecurity bill as early as this week, digital rights groups including Access, the Electronic Frontier Foundation, and Fight for the Future are pushing back. Operation #StopCISA, their week-long campaign to convince senators to oppose the Cybersecurity Information Sharing Act of 2015, features a website that automatically converts people's complaints about the bill into faxes – sent directly to Capitol Hill offices. 

"It seems like [senators] don't understand modern technology, so we're trying to communicate in a way they will understand: Faxes. Thousands and thousands of faxes," Nathan White, senior legislative manager at Access, told Passcode. "I understand there's a lot of pressure – and we should do something about cybersecurity – but this bill is not about cybersecurity."

While CISA is meant to reduce security breaches by fostering the exchange of cyberthreat information between the government and private companies, the civil liberties groups say it dramatically expands domestic surveillance by enabling companies to share people's personal information with the government, including agencies such as the National Security Agency and Federal Bureau of Investigation. And in a recent Passcode op-ed, the Cato Institute's Patrick Eddington and X-Lab director Sascha Meinrath said CISA could actually worsen cybersecurity: "By collecting personal information and storing it in a massive government data warehouse, CISA will dramatically increase everyone's vulnerability in future hacking attacks," they wrote. "Given the federal government’s abysmal track record when it comes to protecting its own data, the likelihood of another serious breach remains high." // Sara Sorcher  

Widespread Android vulnerability could turn phones into spycams The newly discovered flaw affects software found in Android devices dating back to 2010. Even though Google has released a fix, that won't help Android users who still rely on operating systems the company no longer supports. // Joe Uchill

Wanted: Awesome cybersecurity fellow We’re looking for a yearlong paid fellow to join us starting in October. Send recommendations our way. // Passcode Pakistan orders BlackBerry to shut down within borders The Pakistani government banned BlackBerry from operating in the country “for security reasons” late last week, ordering the company to completely halt all services by December. The company is known for providing secure end-to-end encryption on its BlackBerry Messenger service. This move coincides with a recent report by Privacy International, which claims that Pakistan’s military intelligence agency is pursuing increased communications interception, which BBM encryption could thwart. Pakistan isn’t the first country to ban BlackBerry in the name of security. Saudi Arabia and the United Arab Emirates in 2010 attempted to exclude certain services BlackBerry offered, including messaging and email. Both countries lifted their bans relatively quickly after negotiations with BlackBerry: Saudi Arabia in just four hours and the UAE in two months. Pakistan’s appears to be the most comprehensive ban on the company. // The Guardian  Webinar - Learn How to Prevent Insider Threats with User Activity Monitoring In this webinar, security pros from Observe It will reveal techniques used to: Examine network activity and distinguish between misconduct and legitimate use Detect abnormal user behavior indicative of insiders becoming threats Prevent users from unknowingly placing a network at risk   Register Now Should you care if your false personal data is bought, sold, or exposed? Last week Nike settled a class action lawsuit for $2.4 million over its fitness tracker FuelBand's alleged inability to, well, track fitness. Nike and Apple (which sold the bands in its stores) were accused of selling the bands knowing that the measurements of calories, steps, and other metrics were inaccurate. Unlike actual medical devices, fitness trackers are usually not bound by Food and Drug Administration regulations forcing them to prove their accuracy before they go on the market. They are also not subject to the same types of privacy regulations. Yet fitness tracker data can be incredibly personal and some health insurers are starting to use them to monitor customers. It has even been used as evidence in courts in both America and Canada. The privacy concerns of accurate personal data being managed, mined and sold are already spurring worries of privacy activists. Now imagine reams of false data getting out into the world in the same way: Court cases could depend on bad evidence; insurance rates could be skewed. // Joe Uchill Don't assume all Ashley Madison users are cheating spouses  Hacked website Ashley Madison contained detailed profiles for its members seeking to enter into extramarital affairs. But not all of the profiles being held for blackmail are profiles of people looking for an affair – some were single people looking for long term relationships with other single people. And the site never verified e-mail addresses, writes security blogger Graham Cluley, which means some users could even have been signed up by someone else without their knowledge. // Graham Cluley European team develops remote attack on hardware vulnerabilities Hackers have a much harder time taking advantage of hardware vulnerabilities from far away than those of software. Exploiting hardware typically requires direct access to it. Now, an Austrian and French team developed what appears to be the first remote attack on hardware, using the so-called rowhammer bug in DRAM chips. // Cornell ARXIV Former DHS head Chertoff: 'We do not, historically, organize our society to make it maximally easy for law enforcement' Michael Chertoff, who led the Department of Homeland Security during the George W. Bush administration, came out in favor of encryption without back doors at the Aspen Security Forum. The confab also featured current and former government leaders, including FBI Director James Comey, who continued to call for built-in government access to encrypted devices. // The Daily Beast   TECHNOLOGY MONDAY Is Apple's Control Freakery Out of Control? - Mike Elgan, Computerworld Analysts: Features You Can Expect in Your iPhone 6s - Business Insider Apple Music Is a Nightmare & I'm Done w/ It - Jim Dalrymple, Loop Insight Can My PC Even Run Windows 10? - Brian Westover, PC Magazine Why Chrysler's Car Hack 'Fix' Is Staggeringly Stupid - Zack Whittaker, ZD New Android Flaw Lets Hackers Into Your Phone With a Text - Gizmodo Google Minus: Google Admits Defeat - Jillian D'Onfro, Business Insider Uber Can't Be Stopped. So What Happens Next? - Ben Popper, The Verge Your Next Phone Might Have USB-C...Hooray! - Jessica Dolcourt, CNET 10 Annoyingly Addictive iPhone, Android Apps - Kelly Sheridan, InfoWeek What Startups Can Learn From Jet.com's Awesome Video - ReadWrite A Projector You Can Fit in Your Pocket - Tim Moynihan, Wired The 100 Best Android Apps of 2015 - Max Eddy, PC Magazine Classic Games We'd Like to See Fixed - Alex Hern, Guardian Which Wearable Is Best for You? - Matthew Miller, ZDNet Flying Cars Exist (But We Can't Drive Them Yet) - Robert Hackett, Fortune Fight for YouTube Stars Heats Up - Alistair Barr, Wall Street Journal How Amazon Could Drive Blended Reality Into The Living Room - TC Gigabit Internet Access Grows Out of Its Niche - Steven Max Patterson, CIO What Do You Know About Your Phone's Tracking Ability? - D. Nield, TR Bitcoin Becomes Payment of Choice for Ransom - Nathaniel Popper, NYT Speeding Up 3-D Printing - Katherine Bourzac, MIT Technology Review Console Wars Get Silly - Paul Tassi, Forbes This post appeared on  LinkedIn: Shahriyar Gourgi