10 results arranged by date

Blog   |   CPJ, Internet, Security

Securing the newsroom: CPJ, journalists, and technologists commit

Jacob Weisberg, chairman of The Slate Group and a member of CPJ's board, left, speaks with BuzzFeed's Miriam Elder, center, and Global Voices' Sahar Habib Ghazi, right, about securing the newsroom. (CPJ/Geoffrey King)

It's second nature now for reporters rushing to a dangerous assignment to grab a helmet and vest. Physical security whether covering conflict or quakes is readily understood, if not always adequately implemented.

June 25, 2015 6:06 PM ET


Blog   |   Internet, Security

UN report promotes encryption as fundamental and protected right

A meeting of the UN Human Rights Council in Geneva. Special Rapporteur on freedom of opinion and expression David Kaye is due to present his report on encryption there on June 17. (Reuters/Denis Balibouse)

On Wednesday, Special Rapporteur on freedom of opinion and expression David Kaye will present his report on international legal protection for encryption and anonymity to the United Nations Human Rights Council. The report is an important contribution to the security conversation at a time when some Western leaders are calling for ill-informed and impossible loopholes in technology--a trend that facilitates surveillance and tends to enable states that openly seek to repress journalists.

Blog   |   China, Internet

China's Great Cannon: New weapon to suppress free speech online

The headquarters of Baidu in Beijing. New censorship tool the Great Cannon is said to have redirected traffic from the popular Chinese site in a massive distributed denial of service attack. (AFP/Liu Jin)

China, rated as the eighth most censored country in the world, in a report released by CPJ today, has long had a strong line of defense against free speech online. Its Golden Shield Project, launched by the Ministry of Public Security in 1998, relies on a combination of technology and personnel to control what can be expressed and accessed behind the Great Firewall of China.

Blog   |   Internet, Security

When it comes to Great Firewall attacks, HTTPS is greatest defense

An Internet café in Beijing. Attacks that appear to have been mediated by China's censors against GitHub, a software site vital to Chinese developers, demonstrate the importance of HTTPS in protecting against censorship. (Reuters/Jason Lee)

The power of HTTPS to protect has been brought into sharp focus by a series of attacks against software collaboration site GitHub. These attacks consistently failed because of the site's universal use of HTTPS. Most recently, GitHub reported a blistering series of distributed denial of service attacks in March, which it believes were an attempt to persuade the site to remove certain content. Security researchers including Robert Graham and Insight Labs analyzed the latest GitHub attack, concluding that it appears to have been mediated by China's "great firewall" censorship system.

April 8, 2015 2:03 PM ET


Blog   |   China, Internet, Security

China's CNNIC issues false certificates in serious breach of crypto trust

Google's landing page for China is viewed on a laptop in Hong Kong. False credentials were issued for Google and other domains by Chinese digital certificate company CNNIC. (AFP/Frederic J. Brown)

In a major breach of public trust and confidence, the Chinese digital certificate authority China Internet Network Information Center (CNNIC) certified false credentials for numerous domains, including several owned by Google. The deliberate breach had the potential to seriously endanger vulnerable users, such as journalists communicating with sources. The breach was discovered by Google and published on its security blog on March 23. Despite this serious lapse, it appears CNNIC's authority will not be revoked, and that its credentials will continue to be trusted by almost all computers around the world.

Blog   |   Internet

'Spear phishing' attacks underscore necessity of digital vigilance

The revelation that the FBI sent a fake Associated Press story containing malware to a teenager suspected of making bomb threats has brought "spear phishing" back into the public consciousness. The technique, which combines malicious software with social cues tailored to the target, has been used by state and non-state actors to attack journalists and rights advocates, including the Committee to Protect Journalists. Spear phishing can be devastatingly effective, but there are simple steps journalists can take to protect their work, themselves, and their sources.

Blog   |   Internet, Iran

Farsi guides to the surveillance attack in Iran

As we've reported before, there's strong evidence that forces with widespread access to Iran's internet infrastructure have been engaged in large-scale surveillance of https traffic in July and August, certainly of Google traffic, and perhaps many more websites, including Facebook and Yahoo!

If you used the Internet in Iran during this period you should, at the very least, change your passwords, and log out, then log back into, any services you use.

A fuller explanation of what happened, and what to do about, written in Farsi, is available from Google's Persian Blog. "DigicomV" on YouTube has also posted some Farsi-language videos explaining the attack.

Thanks to Katrin at MobileActive for these links.

September 16, 2011 4:23 PM ET


Blog   |   Internet, Iran

Catching the Internet's spies in Iran and elsewhere

In August, Google introduced a new, if rather obscure, security feature to its Chrome web browser, designed to be triggered only under extreme circumstances.

If you were talking to Google's servers using the web's secure "https" protocol, your browser makes a number of checks to ensure that you are really talking to Google's servers. Like an overly obsessive bouncer, the new code double-checks the identity of any supposed Google site against a Chrome-only list of valid Google identities hardwired into the browser.

September 1, 2011 10:34 AM ET


Blog   |   Internet, USA

Google+ for journalists at risk

A Google developers conference in May. (Reuters/Beck Diefenbach)

When they're creating new features, software designers talk in terms of "use cases." A use case describes steps that future customers might perform with a website. "Starting a group with friends," would be a use case for Facebook. "Buying a book" would be case for Amazon's designers. 

Blog   |   Internet, Syria

Syrian Facebook: Low-tech threats and high-tech scrutiny

Journalists and online news-gatherers have been struggling to collect and distribute high-quality information about recent events in Syria. Foreign journalists have been turned away at the border; local online reporters have been detained. The quality of Internet and mobile phone connectivity has been extremely variable, with reports of Net and phone connections being cut off in selective areas, such as Deraa and Douma. The Wall Street Journal reported blocks on social-networking sites, and CPJ has received reports of consistent slowdowns of home Internet services such as Skype and Google Mail.

May 6, 2011 4:58 PM ET


10 results