Cell Number 37, ‘Britain’s Guantanamo Bay’ – a single occupancy cell, furnished sparsely with a plastic chair, metal bed and steel toilet. For over 150 days this has been Julian Assange’s residence, whether he likes it or not. And a judge has ruled today, he is to remain there even after his jail sentence is over. 

Julian Assange at the New Media Days Conference in 2009. Photo: Peter Erichsen

Swiftly after his asylum status was stripped by the Ecuadorian government, the British authorities sentenced Assange to fifty weeks in prison, for violating his bail. The maximum sentence being fifty-two weeks and the typical sentence being none and a fine.

With his arrest, Assange was moved to HMP Belmarsh, a maximum-security prison in South London. Belmarsh during the early millennium was known as ‘Britain’s Guantanamo Bay’ for its foreign detainees, held without trial.

When you visit the prison, you are immediately struck by its fortress-like exterior. With its water-stained concrete perimeter walls, enumerable CCTV cameras and floodlights.

In two exclusive interviews with the European Centre for Press and Media Freedom (ECPMF), Julian Assange’s most notable visitors paint a harrowing picture of his current condition.

Nils MelzerProf. Nils Melzer. Photo: With permission from Prof. Melzer

Professor Nils Melzer is the United Nation’s Special Rapporteur on TortureEvery day, he receives around fifteen requests, to investigate individual cases of alleged torture.

 “But I can only deal with maybe one or two", Melzer tells the European Centre for Press and Media Freedom (ECPMF). But when in March, Assange’s lawyers reached out to his office for a second time, providing credible evidence for the claim of ill-treatment, Melzer thought “I owe it to my professional standards to at least look into this.”

A visibly fatigued and emaciated Assange greeted Melzer and his team during their visit on 9. May. It had been 28 days since Assange’s arrest. He was wearing a plain blue jumper and grey joggers. 

 Melzer and his team’s visit lasted for four hours. For three of those four hours Melzer and two medical experts, Professor Duarte Nuno Vieira from Portugal and Dr. Pau Perez-Sales from Spain conducted a medical assessment of Assange.

It followed the ‘Istanbul Protocol’. The protocol’s full name is the ‘Manual on Effective Investigation and Documentation of Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment.’

Melzer tells the ECPMF that at first, “after what this man [Assange] had gone through, I didn't know what to expect.”

 “From a medical perspective, both doctors concluded that his state of health was critical, and that it might deteriorate rapidly if he is not stabilized. And that's exactly what happened.”

Two weeks after their visit, and 49 days into Assange’s detention, Assange was relocated to the hospital wing of Belmarsh. And a court hearing, on his extradition to the U.S., had to be postponed. It was deemed Assange was not medically fit to participate in the proceedings, even via video link. 

What Assange is going through in prison is “psychological torture”, Melzer says emphatically. He came to this conclusion after his visit and published an official UN statement repeating this.

John Pilger John Pilger. Photo: With permission from Pilger.

 Melzer is not alone in his condemnations. Another visitor of Assange, John Pilger- a renowned investigative journalist and award-winning documentary film-maker- has similar things to say to the ECPMF, about his visits to Assange.

“Locked in a small cell in the hospital wing some 21 hours a day”, Assange was mostly “delighted to see his friends” when they visit, Pilger tells the ECPMF. 

But “I was shocked”, Pilger says. “I found him struggling in more ways than one.” At Belmarsh, Assange has lost nearly 15 kilos of weight and “is precariously underweight.”

Pilger adds, Assange “is not only eating little, he is heavily medicated and denied basic rights. He is denied access to the gym -- his only exercise is in a small bitumen yard with high walls surrounding it. He is denied access to the library.”

Despite being denied access to the library. Assange has been given one book to read, Nelson Mandela's Long Walk to Freedom. But in Pilger’s visits, Assange comments on “the bleak irony of reading a book about someone who spends 27 years in prison.”

 Continuing to list what Assange is denied, Pilger adds: “He is not allowed to fraternise with other prisoners.”

 “He is denied the tools with which to prepare his defence - certain documents and a computer. He is not able to call his American lawyer.”

 Pilger is quick to point out the reason for Assange’s imprisonment: “Remember, he has committed the merest offence - skipping bail. He skipped bail so that he would not face extradition to the United States where a kangaroo court and a lifetime in prison awaits him.”

“His courage is extraordinary.”


This sentiment is shared by Professor Melzer.

Melzer tells the ECPMF, “the mainstream media informs us about Assange’s cat, his skateboard and his feces. But they do not give the same importance to hundreds of thousands of civilians murdered in Iraq, Libya and in Syria, to wars that have been intentionally orchestrated, and other crimes that have been exposed by WikiLeaks.

In my view, this complacency with governmental misconduct is the real scandal in this case. That’s the proverbial ‘elephant in the room’.”

Melzer says: “And no one sees this elephant, because the spotlight always on the personality and character of Assange, and that spotlight is so bright, you can’t see the elephant hiding right behind it.”

But he adds, “When the state institutions and their division of power are failing, it is the role and responsibility of the media, as the fourth estate, to inform and empower the people, to watch closely and expose the abuse of power”.


For the ECPMF, the centre warns that if Assange is extradited and charged under the Espionage Act, it would be a grave threat to press freedom. Henrik Kaufholz, Chair of the Executive Board of the ECPMF has said it would be a “disaster”. 

And Kaufholz warns, “it may have implications for investigative journalism and press freedom everywhere. Regardless of whether one considers Assange a journalist or not, it bears the risk that it can be applied to journalists as a consequence.”

The British Government responds

A Government spokesperson has responded to the ECPMF, disagreeing with the allegations of Melzer and Pilger. “We strongly disagree with any suggestion that Mr Assange has experienced improper treatment in the UK. The allegation Mr Assange was subjected to torture is unfounded and wholly false.

 “The UK is committed to upholding the rule of law, and ensuring that no one is ever above it. And that “[o]ur response will be published in due course.”


At the end of his visit, Melzer asked Assange whether he had anything further to say.

“‘Yes’, he said, ‘please save my life.’”

Read Original Article...

Don't be fooled by Gmail's promise for confidential emails.

Gmail's new confidential mode for emails is neither secure nor private. At its best, it is a fun feature to help your recipient achieve inbox zero. At its worst, it is a privacy-intrusive feature that does not achieve true confidentiality. In fact, for sending a confidential and secure email, end-to-end encryption is a minimum requirement, and Gmail has long abandoned this approach.

Gmail's confidential mode is not confidential

Gmail as one of the major email services worldwide has realized that privacy concerns are rising constantly - and this is happening at a global scale. To meet this new demand for private and secure emails, Gmail has introduced a new feature: Confidential mode.

However, this feature is neither confidential nor private as Google still has unlimited access to its users' emails, even when they use confidential mode.

What is Gmail's confidential mode?

Gmail's confidential mode is a feature that lets you send emails with a self-destruct timer or with password protection. Or in Google's words:

"Recipients of messages in confidential mode don't have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages."

Why is Gmail's confidential mode privacy-intrusive?

Though pretending to offer privacy, Gmail's confidential mode comes with three major problems:

  1. The emails are not end-to-end encrypted.
  2. Google retains full access to the email even when you set a self-destruct timer.
  3. If you password-protect an email, Google can link your recipient's phone number with their email address.
All these facts combined make Gmail's confidential mode more a privacy-intrusive feature than a privacy-protecting feature.

The confidentiality expected by the users is not achieved because the emails sent via confidential mode are not inaccessible by third parties. The EFF states that this increases the risk for the users as they may send private information via confidential mode, which they wouldn't have sent with a normal email, falsely believing that the data is secured with encryption.

Why does confidentiality require encryption?

Information classified as confidential relates by definition to something very personal or top secret. It must be kept from any and every third party by all means.

This form of secrecy can only be achieved with end-to-end encryption. Encryption guarantees that only the people holding the key to decrypt the information can gain access to it.

This is why end-to-end encryption is an absolute necessity when communicating confidentially.

When sending an email with Tutanota, you have the option to send a 'confidential' email - which refers to an end-to-end encrypted email, or a 'not confidential' email - which refers to a standard email.

Encrypted email

With this definition in mind, Gmail's confidential emails are just standard emails with some extra features like unprintable, unforwardable, uncopyable, and so on. However, this will not stop anyone from taking a screenshot from the unprintable email, just to print off the screenshot.

Besides, the point in confidential communication is not to keep information hidden or protected from the person you are communicating with, the point is to keep everyone else out of this conversation.

What is the benefit of Gmail's confidential mode?

All in all, there's not much benefit to Gmail's confidential mode. If you want truly confidential emails, you need to use a secure email option like Tutanota or encrypt your emails manually since Gmail has long abandoned its project to offer easy end-to-end encryption. Instead, they now offer a rather dubious version of confidentiality.

The only benefit that remains with Gmail's confidential mode is that the receiving mail service does not see the email sent via this mode. If you send an email from Gmail with confidential mode to a friend, who is using Yahoo Mail for example, Yahoo will not see this email. Yet, Google still has full access to the email so the benefits are extremely little.


If you're using Gmail's confidential mode, be aware of its limitations. Don't be fooled by Gmail's promise for confidentiality.

Confidential emails are simply impossible without applying end-to-end encryption.

Read Original Article...

Garmin SA hacked, exposing users’ credit card details

GPS and fitness accessory maker Garmin SA has been hacked, leaving customers’ credit card information at the mercy of cyber criminals.

In a letter to its customers yesterday, Garmin SA MD Jennifer van Niekerk said: “We recently discovered theft of customer data from orders placed through shop.garmin.co.za (operated by Garmin South Africa) that compromised your personal data related to an order that you placed through our Web site.”

The site was still not accessible at the time of publishing, saying: “The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.”

According to Garmin, the compromised data was limited to Gamin’s South Africa site, and contained payment information, “including the number, expiration date and CCV code for your payment card along with your first and last name, physical address, phone number and e-mail address.

“We recommend that you review and monitor your payment card records to make sure there were no unauthorised purchases. If you suspect any fraud, please contact your bank or payment card provider for further direction.

“As a valued customer, we apologise for this incident and assure you that Garmin takes our obligation to safeguard personal data very seriously.”

See also

Data breach hits 30m South Africans

Garmin snaps up SA start-up

However, Garmin did not disclose further details of the hack.

Misconfigured Web application

Jon Tullett, senior research manager for cloud and IT services at IDC, comments that one of the most common causes of a breach like this is a misconfigured Web application, such as a database or backup data.

“Locking that down, encrypting the data and, of course, not storing data where you shouldn’t in the first place is a fundamental step in preventing a breach – there is no reason for a merchant to store all that credit card data.”

He notes Garmin and its customers both need to take positive action. “Garmin needs to ensure all customers are directly notified that data has leaked, with guidance for the next steps. And those customers need to ensure they are keeping a close watch on their bank accounts for any sign of unexpected activity, and to be alert for phishing attacks using their personal data to impersonate an agency such as their bank, Garmin, a government department or the like.

“These sorts of leaks are so common, it makes a mockery of ‘we take data privacy seriously’ disclaimers. Getting POPIA [Protection of Personal Information Act] into full effect at this late stage is unlikely to make much difference. Unfortunately, a deeper rethink of personal credentials is needed to render stolen information valueless to hackers.”

For Troy Hunt, an Australian-based cyber security researcher, data breaches such as this are very often caused by either flaws in the design of the software or poor security practices such as a database being publicly accessible without a password or an administrator reusing weak passwords.

“In Garmin’s case, it looks like there may have been malicious software running on their Web site which managed to obtain credit card details as they were entered by customers,” Hunt says.

“Typically, after a data breach people would change their password on the affected site and anywhere else it had been reused.

“However, Garmin hasn’t said passwords were impacted in this incident; so it looks like the extent of the damage is credit cards and other personal information. Inevitably, this will mean replacing impacted cards and for individual customers, possibly considering identity protection services.”

Magecart attacks

Deepak Patel, a security evangelist for PerimeterX, is of the view that this latest episode is an indicator that Magecart attacks are far from over.

Magecart is a form of data skimming, which attacks using the client-side browser as the front-door for consumer interactions. “Skimming” is a method used by attackers to capture sensitive information from online payment forms, such as e-mail addresses, passwords and credit card numbers. For Magecart specifically, hackers implant malicious code into Web sites in order to steal credit card information as people enter credentials on the checkout page.

“The modern Web application stack relies on third-party scripts obtained from a variety of providers, not all of whom have strong security practices,” says Patel. “Web site owners lack visibility into the third-party scripts running on the users’ browsers within the context of their site. Many Web site owners are also unaware of all the first-party scripts running on their site.”

In this particular case, he notes, it is quite possible Magecart attackers leveraged Magento to skim credit card information from Garmin’s South Africa site.

Patel notes this attack also highlights the steps Magecart attackers take to avoid detection. “We have seen instances in the past where skimmers targeted specific geographies outside of the main site’s headquarters to remain undetected.

“This lack of visibility impacts both Web site owners and users. It’s impossible for Web site users to discern if a Web site is compromised by a Magecart attack. Users see the secure padlock next to the URL on their browser address bar and feel comfortable about using the site.

“In addition to staying up to date with the latest versions of critical platform components, Web site owners need to take another step: get visibility and control of all the scripts running on their Web site, whether first- or third-party or another part of the supply chain.”

Read Original Article...

GIMP open source image editor forked to fix 'problematic' name

Interview Glimpse is a fork of the popular open source image editor, GIMP, created primarily to offer the software under an alternative name.

GIMP is a longstanding project, first announced in November 1995. The name was originally an acronym for General Image Manipulation Program but this was changed to GNU Image Manipulation Program.

The new fork springs from a discussion on Gitlab, where the source code is hosted. The discussion has been hidden but is available on web archives here. A topic titled "Consider renaming GIMP to a less offensive name," opened by developer Christopher Davis, stated:

I'd like to propose renaming GIMP, due to the baggage behind the name. The most modern and often used version of the word "gimp" is an ableist insult. This is also the colloquial usage of the word. In addition to the pain of the definition, there's also the marketability issue. Acronyms are difficult to remember, and they end up pronounced instead of read as their parts. "GIMP" does not give a hint towards the function of the app, and it's hard to market something that's either used as an insult or a sex reference.
The proposal was supported by another developer, Leonora Tindall, who noted that "I have, on two occasions now, recommended this program to photography and graphic design educators (as an alternative to Photoshop) who told me that they considered it and found it good as software but weren't permitted by their institution to use it in the classroom because of the name."

Others opined that changing the name of long-established software would hurt its recognition and usage. The discussion became bad-tempered and caught the attention of Bobby Moss, whose day job is a technical writer at Oracle.

"I'm a long-standing user of the project," he told The Reg. "I saw the abuse and unpleasant things being said to Chris. It was decidedly not cool and not how we should make decisions in free software. I also thought the arguments he made were well reasoned, not focused so much on the offensiveness of the name but on the marketability of the application."

Moss therefore forked the project into a new one called Glimpse.

"Initially I thought it was just going to be a quirky project on my own private GitHub but people expressed enthusiasm for it. It's evolved now into this new thing where you’ve got multiple people running it, myself, Chris who originally posted the issue, and another woman called Clipsey … it's all kind of ballooned out from there."

The subject of the suitability of the name is not new, and is enshrined in the official FAQ:

"I don't like the name GIMP. Will you change it?"

With all due respect, no. We’ve been using the name GIMP for more than 20 years and it's widely known … on top of that, we feel that in the long run, sterilization of language will do more harm than good. … Finally, if you still have strong feelings about the name "GIMP", you should feel free to promote the use of the long form GNU Image Manipulation Program or maintain your own releases of the software under a different name.

The Glimpse project is therefore entirely within the spirit of open source. "We believe free software should be accessible to everyone, and in this case a re-brand is both a desirable and very straightforward fix that could attract a whole new generation of users and contributors," says the About page.

The team wish to continue using the upstream GIMP project libraries and are asking for donations to GIMP as well as Glimpse.

The developers are planning more than just a name change, including a "front-end UI rewrite" according to an update posted a week ago. The team is looking at screenshots of existing image editing application user interfaces to inform design mockups. There is also a discussion about language choices. Rust with GTK (Gnome Toolkit) bindings, perhaps? C++ and Qt?

Changing the user interface is more challenging than changing the name. We wonder if it is all a little too much to take on?

It is "a long-term plan, maybe a few years down the road," says Moss. "It's something people are looking at in parallel. The main focus at the moment is just tracking the upstream releases, and making changes to them. When we hit GNU image manipulation program version 3, they'll have completed their port to GTK 3, and that's where we are looking to do a hard fork and can start getting more ambitious with user interface changes.

"A lot of the functionality is actually in a set of libraries. Those components would still be used and any changes we made to them would be contributed back.

"Even if our project falls flat on its face, at least we've brought new people and new interest to a code base that's been out for a while and probably needs a bit more love from the community than it currently enjoys."

Read Original Article... 

Windows Users Warned To Update Now As 'Complete Control' Hack Attack Confirmed

Another day, another threat for Microsoft Windows users. Earlier this month https://www.forbes.com/sites/daveywinder/2019/08/11/critical-windows-10-warning-confirmed-millions-of-users-are-at-risk/" style="box-sizing: border-box; background-color: transparent; cursor: pointer; color: rgb(0, 56, 145); -webkit-tap-highlight-color: rgba(0, 0, 0, 0);">it was confirmed that a common design flaw within the hardware device drivers from multiple vendors, impacting users of all modern versions of Windows, could lead to system compromise. Now all users are being warned that attackers with minimal technical skill can gain complete control of a Windows system as an old remote access trojan (RAT) gets a new lease of life.

Newly released in a modified format, this cracked RAT brings yet another hack attack tool onto the dark web; and this time around it's totally free of charge.

A brief history of this cracked RAT

The NanoCore RAT has been floating around the shady world of cybercrime for many years, offering a lot of bang for the buck. Initially sold for $25 (£20) it was a cheap option in a crowded marketplace where $250 (£200) wasn't considered too expensive for a tool that could compromise a system running on the Windows OS using weaponized emails as the infection vector.

However, NanoCore really started to grab the attention of threat actors and security researchers alike when https://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-guttera cracked version appeared on underground forums in February 2014 and caused a spike in detection rates amongst vendors. Within a year, the "premium plugins" that came with the full-price version of NanoCore were also added into this free for all mix.

The popularity of this particular RAT eventually led to the https://www.bleepingcomputer.com/news/security/author-of-nanocore-rat-pleads-guilty-in-court/FBI arrest of Taylor Huddleston in 2017, the NanoCore coder, who https://www.documentcloud.org/documents/3901131-Huddleston-Statement-of-Facts.htmlconfessed to having "knowingly and intentionally aided and abetted unlawful computer intrusions." Huddleston was later sentenced to 33 months in prison.

As is often the case in the murky world of cybercrime where there truly is no honor amongst thieves, NanoCore continued to take on a life of its own. As well as spawning hacking tool variants including https://krebsonsecurity.com/2018/07/luminositylink-rat-author-pleads-guilty/" LuminosityLink RAT and https://www.bleepingcomputer.com/news/security/surprise-ransomware-installed-via-teamviewer-and-executes-from-memory/Surprise Ransomware, researchers from LMNTRX Labs have now discovered a newly modified version of the original being distributed on the dark web free of charge.

What can NanoCore v1.2.2 do?

The LMNTRX researchers https://www.lmntrix.com/Lab/Lab_info.php?id=126reported how the cracked NanoCore RAT is controlled through a very user-friendly interface that "lowers the barrier for entry and enables even the most amateur hackers to weaponize emails and kick off their own campaigns."

Confirming that LMNTRX Cyber Defense Centre analysts had observed "an explosion of campaigns using the malware," since it was first advertised in April, the researchers went on to detail the features of the RAT.

These include the ability to remotely shut down and restart a Windows computer, remotely browse files on the infected machine, access to and control of the Task Manager, Registry Editor and even the mouse. An attacker can also open web pages, disable the webcam activity light to be able to spy on the victim unnoticed and capture that video and audio at will. Then there's the ability to recover passwords and obtain login credentials using a keylogger. Oh, and a remotely operated "locker" with custom encryption that can act like ransomware.

What can you do to mitigate the new NanoCore threat?

Luckily, because NanoCore has been around for many years, the techniques it uses to compromise systems are already well-known. The LMNTRX team broke these down into three main categories, namely scripting, registry keys and malicious attachments. The scripting threat can be mitigated by checking Microsoft Office files for macro code as well as watching out for the "anomalous execution of legitimate scripting programs, such as PowerShell or Wscript." Monitoring the Registry for changes to run keys outside of known update and patch cycles is also recommended, along with implementing security protection that uses behavioral detection of malicious attachments.

More broadly, Windows users are advised to “update now.” Which means ensuring that all software applications are running the latest updated versions for starters. And, despite the reported https://www.forbes.com/sites/daveywinder/2019/08/17/microsoft-confirms-update-warning-for-windows-10-windows-81-and-windows-7-users/problems concerning the latest Patch Tuesday update, for Windows 10, 8.1 and 7 users, it is also recommended that you ensure your Windows OS is fully patched and updated.


Read Original Article...

Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted