Information Technology

Security company McAfee on Tuesday published second quarter financial results, adding more than half a million core Direct to Consumer subscribers in the quarter. Second quarter diluted earnings, including both continuing and discontinued operations, came to 21 cents per share. Net revenue was $467 million, reflecting growth of 22 percent year-over-year. Analysts were expecting earnings of 18 cents per share on revenue $433.99 million.”We are very pleased with our team’s execution this quarter,” said Peter Leav, McAfee’s President and Chief Executive Officer.  “Not only did McAfee deliver another solid quarter with revenue, DTC subscribers, profitability and cash flow from operations growing double-digits, but did so while simultaneously closing the transaction to sell the Enterprise Business…  We look forward to continuing our journey as a pure-play consumer business.”McAfee in Q2 completed the sale of its Enterprise Business for $4 billion in cash. Meanwhile, it added 556,000 DTC subscribers, bringing its total number of subscribers to 19.4 million. A year earlier, the company had 16.6 million core DTC subscribers. McAfee also in Q2 signed a multi-year extended agreement with Samsung to deliver consumer security solutions to Samsung device users.For the third quarter, McAfee expects revenue between $461 million and $467 million.

Tech Earnings More

Microsoft has released 44 security fixes for August’s Patch Tuesday, with seven of the vulnerabilities being rated critical. There were three zero days included in the release and 37 were rated as important. 

ZDNet Recommends

Thirteen of the patches involved a remote code execution vulnerability while another eight revolved around information disclosure. The affected tools included .NET Core & Visual Studio, ASP.NET Core & Visual Studio, Azure, Windows Update, Windows Print Spooler Components, Windows Media, Windows Defender, Remote Desktop Client, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office Word, Microsoft Office SharePoint and more.One of the most prominent patches released in the latest batch covers the Windows Print Spooler Remote Code Execution vulnerability, which has been a major topic of discussion since it was discovered in June. Microsoft also faced backlash from the security community for bungling the release of patches meant to address the issue. The fixed zero day bugs include:The Windows Update Medic Service Elevation of Privilege vulnerability is the only one that has been exploited in the wild, according to Microsoft’s report, but they do not explain how, where, or by whom. Security expert Allan Liska said CVE-2021-36948 stood out to him because of its similarities to CVE-2020-17070, which was published in November 2020.

“Obviously, it is bad that it is being exploited in the wild, but we saw almost the exact same vulnerability in November of 2020 but I can’t find any evidence that that was exploited in the wild,” Liska said. “So, I wonder if this is a new focus for threat actors.”Liska added that CVE-2021-26424 is a vulnerability to keep and eye on because its a Windows TCP/IP Remote Code Execution vulnerability impacting Windows 7 through 10 and Windows Server 2008 through 2019.”While this vulnerability is not listed as publicly disclosed or exploited in the wild, Microsoft did label this as ‘Exploitation More Likely’ meaning that exploitation is relatively trivial. Vulnerabilities in the TCP/IP stack can be tricky. There was a lot of concern earlier this year around CVE-2021-24074, a similar vulnerability, but that has not been exploited in the wild,” Liska explained. “On the other hand, last year’s CVE-2020-16898, another similar vulnerability, has been exploited in the wild.” The LSA spoofing vulnerability is related to an advisory Microsoft sent out late last month about how to protect Windows domain controllers and other Windows servers from the NTLM Relay Attack known as PetitPotam.Discovered in July by French researcher Gilles Lionel, the PetitPotam take on the NTLM Relay attack can “coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.” It was never found to have been exploited. The Zero Day Initiative noted that Adobe also released two patches addressing 29 CVEs in Adobe Connect and Magento. ZDI said it submitted eight of the bugs in the recent Microsoft report and explained that this is the smallest number of patches released by Microsoft since December 2019. They attributed the decline to resource constraints considering Microsoft devoted extensive time in July responding to events like PrintNightmare and PetitPotam.”Looking at the remaining Critical-rated updates, most are of the browse-and-own variety, meaning an attacker would need to convince a user to browse to a specially crafted website with an affected system,” ZDI said.”One exception would be CVE-2021-26432, which is a patch for the Windows Services for NFS ONCRPC XDR Driver. Microsoft provides no information on how the CVSS 9.8 rated vulnerability could be exploited, but it does note that it needs neither privileges or user interaction to be exploited.”The next Patch Tuesday is September 14.  More

When choosing a VPN, you’ve got an insane amount of choices. In our best of guide and speed test guide, we’ve narrowed down the list from the wide array of branded commercial options out there to about 10. But that is still a lot to dig through. Which do you choose? In this article, we’ve taken three of our top choices — ExpressVPN, Surfshark, and NordVPN — and compared their characteristics. This isn’t a one-size-fits-all competition. You’ll need to decide which factors matter most to you, and from that, you can choose which product you want to test out. Keep in mind that all three products offer trial periods. We strongly encourage you to take advantage of that period to see which performs best in all of the likely situations where you’ll be using a VPN. And with that, let’s dive in.

Surfshark wins, ExpressVPN implodes

Winner: SurfsharkVPN providers are always tinkering with their pricing, so these numbers are bound to change.That said, Surfshark is the least expensive, by quite a lot. Surfshark’s best deal is what they tout as $2.49 a month plan (you’ll really be paying $59.76 now for two years of service). Nord is asking for $3.67 (or a wallet hit of $89 on signup for two years of service).ExpressVPN’s best deal is what they tout as $6.67 a month (you’ll really be paying $99.95 now for 15 months of service). After that 15 months, you’ll be charged $99.95 every 12 months, so the per-month price is essentially going up about a buck and a half after that first year. If you want two years of service, you’ll be paying $59.76 for Surfshark, $89 for NordVPN, and $150 ($99 for the first 15 months, plus half of $99 for the next 12) for ExpressVPN.Surfshark definitively wins this round by allowing you to run an unlimited number of devices with its Surfshark VPN service, while Nord permits just six six simultaneous connections. And ExpressVPN gives you even less for it’s much more expensive price: just five simultaneous connections.At least all offer a 30-day money-back guarantee.

NordVPN wins by a hair, Surfshark loses by a mile

(Image: ZDNet/David Gewirtz)

Winner: NordVPNIn our fastest VPN guide, we took a look at both our own in-house tests and how the Internet overall rated open VPNs. We compared VPN rankings in speed tests from 10 sites besides ZDNet. Of potentially more interest, we compared the standard deviation of those rankings, which helps us determine whether a given VPN has a consistent ranking all across the internet, or different reviewers got wildly different numbers.As the above slide shows, NordVPN not only had a better aggregate average ranking but a considerably lower standard deviation than either of the other two players. This means that pretty much wherever you are, your NordVPN performance should be pretty good. ExpressVPN gave NordVPN a run for its money. While ExpressVPN’s aggregate speed didn’t quite match Nord’s it was in the ballpark. Likewise, its standard deviation was a bit more wobbly, meaning it was a tad bit less consistent than Nord. But, honestly, either choice would be a win from a speed perspective.By contrast, Surfshark is both slower and considerably less predictable. While Nord and VPN are running pretty much neck and neck, the definitive loser here is Surfshark.

ExpressVPN wins

Winner: ExpressVPNAll three VPN players support the big four: iOS, Android, Mac, and Windows.ExpressVPN also supports Linux, routers, and Kindle Fire. It supports Xbox, Playstation, and the Nintendo Switch as well as browsers Chrome, Edge, and Firefox. When it comes to TV support, ExpressVPN lists Apple TV, Amazon FireTV, Samsung, Roku, Nvidia Shield, Chromecast, LG Smart TVs, Android TV, and others that require more of a manual setup process. Additionally, it offers setup instructions for Synology and QNAP NAS appliances.In addition to its big four clients, NordVPN lists Android TV, Linux, and Chrome and Firefox extensions on its download page, but has a support page for installing NordVPN on other platforms, including routers, Raspberry Pi, and NAS boxes including Synology, Western Digital My Cloud, and QNAP.Besides iOS, Android, Mac, and Windows, Surfshark also supports Linux, FireTV, Apple TV/iPhone, and what it calls “other TVs.” It supports Xbox and Playstation as well as browsers Chrome and Firefox.The fact is, all three products support a reasonably wide range of devices, but we have to give the win to ExpressVPN. You can keep digging down in the support pages and there are more and more devices with install tutorials, the deeper you dig.

Three-way tie

Winner: ExpressVPN, Surfshark, and NordVPNI always like to make sure this point is stressed in all my VPN coverage: if you’re counting on a VPN for your physical freedom or to protect your life, it’s important that you do a lot more research than just reading an article like this. With that said, let’s look at the overall security profile for these three vendors.NordVPN has got a lot of mileage out of its Panamanian corporate registration, claiming that Panama puts its records out of the legal reach of governments and lawyers. As I discussed in great depth in my analysis of NordSec, it’s possible that countries with Mutual Legal Assistance Treaties (MLAT) may well be able to pierce the corporate veil.Although I didn’t do as deep an in-depth analysis of ExpressVPN, the company has similar claims and limits as Nord. ExpressVPN lists its registry in the British Virgin Islands but is a company with developers based in many MLAT countries as well.Surfshark also has the same basic claims and limits as Nord. Surfshark lists its registry in the British Virgin Islands, but like Nord and ExpressVPN, it’s a company with developers based in many MLAT countries as well. Surfshark boasts a private DNS service among its advanced features so you can be protected even while using public Wi-Fi whether you’re in Australia, Hong Kong, the Netherlands, the USA, or anywhere in between. Surfshark also says it passed the German company Cure53’s security audit and offers uncrackable AES-256 bit encryption alongside its strict no-logs policy, but the German audit was limited to Surfshark’s browser extensions.All three vendors tout a no-logs policy. All three say they don’t capture VPN connection time stamps, used bandwidth, traffic logs, IP addresses, or browsing data but there are some nuances here. NordVPN says it doesn’t track used bandwidth, while ExpressVPN says it tracks the total amount of daily data transmitted each day. ExpressVPN also tracks the location of VPN servers you connect to. That’s not good, because it means they can tell where your connection originated from (or at least the country) and where you’re trying to connect to. All three offer warrant canaries. All three also capture email addresses and billing information. NordVPN says it doesn’t track used bandwidth, while ExpressVPN says it tracks total amount of daily data transmitted each day. ExpressVPN also tracks the location of VPN servers you connect to. That’s not good, because it means they can tell where your connection originated from (or at least the country) and where you’re trying to connect to.All three accept cryptocurrencies. This makes it safer to use apps such as PayPal and use your credit card without having fear of security breaches. ExpressVPN says it tracks the total amount of daily data transmitted each day. ExpressVPN also tracks the location of VPN servers you connect to. That’s not good, because it means they can tell where your connection originated from (or at least the country) and where you’re trying to connect to.So, which is more secure? Honestly, they’re very close. We probably wouldn’t feel comfortable putting our lives in the hands of any of these three companies (not that they’re doing anything wrong, but just because it’s a scary concept), but we’d certainly feel reasonably comfortable letting them protect our Wi-Fi surfing when out and about.

NordVPN and Surfshark tie

Winner: NordVPN and SurfsharkAll three vendors offer a kill switch, which we consider table stakes in terms of VPN special features.Both Nord and Express offer split tunneling, allowing you to channel some traffic through the VPN and the rest through your local connection without VPN interference.Surfshark offers a multi-hop connection, which is similar to NordVPN’s feature causing your IP address to change twice before reaching the destination VPN server.ExpressVPN says it’s running a private DNS, but any VPN provider is going to need to do domain name resolving. So while other vendors don’t list “Private DNS” as a feature, they all need to be running a DNS as a consequence of their role in packet forwarding.Surfshark and NordVPN support P2P, allowing you to torrent your favorite Linux distros (and possibly other digital sharing activities of dubious legality, which we categorically do not recommend). ExpressVPN makes no mention of P2P.NordVPN has a few interesting features not provided by either ExpressVPN or Surfshark. NordVPN also provides Onion Over VPN, which allows you to use both the Onion anonymizer and Nord’s VPN together. NordVPN also allows you to buy a dedicated IP address, which can help if you’re dealing with anonymous servers or gaming connections. NordVPN also offers business plans.NordVPN and Surfshark offer malware and adware filtering, although Surfshark’s AdBlock VPN feature appears to be somewhat more comprehensive. Surfshark also offers what it calls Camouflage Mode, which the company says can prevent your local ISP from knowing you’re surfing using a VPN. While NordVPN has a blog post on whitelisting, they don’t appear to have whitelisting as an actual client feature. By contrast, Suftshark uses its split-tunneling feature as a whitelister.ExpressVPN has an interesting blog post about how it prevents its apps from getting malware but doesn’t offer malware protection or adware filtering for traffic run over its VPN network. All three vendors come to the game with most of the features you’d expect. Nord has a few more business-focused features while Surfshark has some features that may afford a limited degree of additional personal privacy — but this would need in-depth testing to truly validate. ExpressVPN appears to just be phoning it in.It’s a tight contest, but we’re awarding wins to both Surfshark and NordVPN. ExpressVPN just gets a participation award.

ExpressVPN vs. Surfshark vs. NordVPN: Your decision tree

So, how do you choose between the three?

Well, if you just count up the wins, Surfshark comes in first, then NordVPN, and then ExpressVPN. But the wins and losses aren’t particularly pronounced. Instead, we recommend you use this decision tree below. Before that, you might want to take a spin through The fastest VPN: NordVPN, Hotspot Shield, and ExpressVPN compared. We didn’t just test VPN provider performance in this in-depth analysis. We go out onto the internet, gather performance data from all across the Web, and let you know which provider is the best overall.So, now, let’s decide:If price is your top concern, Surfshark will save you about $30 over two years over NordVPN and nearly a hundred bucks over ExpressVPN.If predictably fast download performance is key, then NordVPN is more consistently fast in overall performance.If you need a VPN for a NAS appliance, then either NordVPN or ExpressVPN will do.If you want a VPN for your Xbox or PlayStation instead of a mobile device or mobile apps, choose Surfshark or ExpressVPN.If you want a VPN for something that’s not in the usual list, ExpressVPN is more likely to have a documented setup process.If you want a dedicated IP address or more business-oriented features, choose NordVPN.So, there you go. NordVPN and Surfshark have distinctly different personalities, but each do the job in their own way. It’s hard to get excited about ExpressVPN, except for its wide range of device support. NordVPN also seems the most predictable of the bunch.

How do these choices fit your needs? Have you chosen a VPN provider already? What capabilities and characteristics helped you to make up your mind.You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Google has simplified its range of Titan security keys by dropping its Bluetooth Titan Security Key and making greater use of NFC.Moving forward, NFC will now be offered on both the USB-A and USB-C keys, which means that most users will be able to streamline their keys down to a single unit.Must read: Best security keys: Protect your online accounts
If you have an older system with USB-A ports, Google recommends that you buy a USB-A + NFC security key, which should work with most smartphones and tablets. This is the key recommended for iPad users who have a Lightning port on the iPad (they will also need an Apple Lightning adapter).USB-A + NFC security key
Google
If you have a more modern system that makes use of USB-C, then the key for you will be the USB-C + NFC security key.USB-C + NFC security key
Google
Bluetooth Titan Security Keys will continue to work, and warranties will continue to the honored by Google.The USB-A+NFC security key, which comes with a USB-A to USB-C adapter, costs $30, while the USB-C+NFC security key costs $35. Both are available from the Google Store.

A good alternative to Google’s Titan security keys are the YubiKey line, and come in a wide variety of options.  More

Digital Rights Watch (DRW) and Electronic Frontiers Australia (EFA) have sternly warned that if big tech giants including Apple, Google, Amazon, and Microsoft continue to be allowed to behave as monopolies when it comes to repairs, it could stifle innovation and competition. “Repair monopolies held by major tech companies, heavy handed Digital Rights Management (DRM) technologies, and onerous restrictions on documentation, parts, and third-party repair options significantly harm Australian consumers, innovation, and the planet,” they said in a joint submission [PDF] for the Productivity Commission’s right to repair inquiry. The pair believes introducing the right to repair would be one way to address that market imbalance.”A right to repair would enable consumers to make use of an inbuilt market mechanism to counter attempts at abuse of market power,” the submission said. “This counterbalance to market power would act as a kind of automatic stabiliser without the need to involve market regulators to intervene if a market failure occurred. We believe this is particularly important for technology products as the majority of such products are not manufactured in Australia.”The submission pointed out how Apple, for instance, uses “serialisation” to actively prevent independent repair of their iPhones. According to the pair, serialisation prevents hardware to be replaced even with identical parts made by the same manufacturer, unless the serial number of that component matched that which it originally was bought with.”It is inevitable that premature replacements of technological products will continue to occur at some degree, due to consumers choosing to purchase new items. Yet we believe it is important to address negative externalities created by manufacturers that actively promote a ‘disposable technology’ culture,” it said.

“The development of a right to repair may play a role in discouraging technology companies from such practices, and motivate them to pursue other, more environmentally sustainable revenue models. “The right to repair will also be essential in order to create a culture shift away from wasteful consumer habits. We cannot expect consumers to take part in a circular economy if the mechanisms and incentives are not in place for them to do so, or if the incentives are actively antithetical to a circular economy.”The submission added that if repairs remained monopolised, technology manufacturers would be creating additional barriers to careers and hobbies in technology. “Digital skills and hardware skills are fundamentally intertwined, and the ability to take apart and fix hardware, as well as inspect its code, is a critical part of developing these skills necessary to build a future-proof economy,” it said. “Proprietary machinery that deliberately obfuscates its components to ensure it cannot be repaired by third parties further abstracts the relationship between humans and the tools we use, which makes this educational journey much more difficult.”The DRW and EFA also took the opportunity to highlight that as the commission investigates how to best approach right to repair, factors such as digital security, environmental sustainability, and issues related to fairness should not be overlooked. They pointed out, for instance, that under the Competition and Consumer Act 2010, vendors are not currently required to service and repair goods for their full useful life, rather only for a “reasonable” amount of time. However, implementing a right to repair that includes software as well as hardware would ensure potentially vulnerable devices can be made safe.”A right to repair would ensure that vulnerable devices purchased by consumers can be made safe by repairing the software running on those devices, thereby reducing the threat to themselves and to others,” it said. “This would not require the participation of the vendor, which may no longer exist, and would prevent consumers from being punished for ‘jail-breaking’ devices they own and sharing the code, if the software vendor is no longer supporting the device. This facilitates community-based software support and repair efforts, as well as supporting the rights of a hardware owner to install software of their choice on their devices.”Meanwhile, the National Farmers’ Federation (NFF) noted the cost of inaction with respect to repairs could result in higher repair cost; inability to use preferred repairer outside of the authorised dealer network, who is often more experienced and qualified; long distance travel to access authorised repairs as use of local repairers would void warranties; and significant delays in repairs, which the NFF described as being be “fatal” for a farm business. The NFF also knocked back claims that access to software for the purpose of right to repair would supposedly harm public safety or cybersecurity. “Any right to repair regime would not entail an open access data regime, where there is a free-for-all with respect to consumers’ repair data. A properly defined right-to-repair regime would put consumers in the driving seat in providing access to their data, where they see benefit, and the use of data would be governed by the development of codes on the use and dissemination of data,” the NFF said in its submission [PDF]. “The claims … [are] unfounded.” Communications Alliance, on the contrary, argued that enabling unauthorised repairers to use uncertified parts or install uncertified firmware on devices, could result in making devices vulnerable to hacking or illegal interception. “We are concerned by the commission’s assertion in the draft report that security concerns may be overstated. Cybersecurity is a key focus for government, and the ACCC is actively working to educate and protect consumers from scams,” the Australian telco body stated in its submission [PDF].”Allowing unauthorised third-party repairers to work on these devices, and/or to use unapproved replacement parts, could both impact connectivity and create risks to communication networks — which are deemed critical infrastructure by government and subject to extensive rules and regulations to ensure they are protected,” the Communications Alliance added.MORE ON RIGHT TO REPAIR MOVEMENT  More

Image: Apple
Apple has produced an FAQ [PDF] in response to criticism levelled at it after announcing plans to have devices scan for child abuse material in images uploaded to iCloud. The child sexual abuse material (CSAM) detection system will have devices running iOS 15, iPadOS 15, watchOS 8, and macOS Monterey matching images on the device against a list of known CSAM image hashes provided by the US National Center for Missing and Exploited Children (NCMEC) and other child safety organisations before an image is stored in iCloud. If a hashing match is made, metadata that Apple is calling “safety vouchers” will be uploaded along with the image, and once an unnamed threshold is reached, Apple will manually inspect the metadata and if it regards it as CSAM, the account will be disabled and a report sent to NCMEC. Much of the criticism has revolved around the idea that even if Apple was well-intentioned and currently limited, the system could be expanded by Apple alone, or following a court order, it could hunt for other types of material. Apple said its processes were designed to prevent that occurrence from happening. “CSAM detection for iCloud Photos is built so that the system only works with CSAM image hashes provided by NCMEC and other child safety organizations,” Apple said. “There is no automated reporting to law enforcement, and Apple conducts human review before making a report to NCMEC. As a result, the system is only designed to report photos that are known CSAM in iCloud Photos.

“In most countries, including the United States, simply possessing these images is a crime and Apple is obligated to report any instances we learn of to the appropriate authorities.” On the prospect of being forced to add other hashes to its dataset, Apple referred to its past refusals to help US law enforcement. “Apple will refuse any such demands,” it said. “We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future. “Let us be clear, this technology is limited to detecting CSAM stored in iCloud and we will not accede to any government’s request to expand it. Furthermore, Apple conducts human review before making a report to NCMEC. In a case where the system flags photos that do not match known CSAM images, the account would not be disabled and no report would be filed to NCMEC.” Apple claimed its system would prevent non-CSAM images being injected and flagged since the company does not add the set of hashes used for matching, and humans are involved in the verification process. “The same set of hashes is stored in the operating system of every iPhone and iPad user, so targeted attacks against only specific individuals are not possible under our design,” Apple said. “As a result, system errors or attacks will not result in innocent people being reported to NCMEC.” The iPhone maker reiterated its claims that the solution had privacy benefits over being able to scan images uploaded to it. “Existing techniques as implemented by other companies scan all user photos stored in the cloud,” it said. “This creates privacy risk for all users. CSAM detection in iCloud Photos provides significant privacy benefits over those techniques by preventing Apple from learning about photos unless they both match to known CSAM images and are included in an iCloud Photos account that includes a collection of known CSAM.” Apple also said the feature would not run if users have iCloud Photos disabled and would not work on “private iPhone photo library on the device”. On the scanning of images in iMessage, Apple expanded on the requirements for parents to be alerted once a family group is created and parents opt-in. “For child accounts age 12 and younger, each instance of a sexually explicit image sent or received will warn the child that if they continue to view or send the image, their parents will be sent a notification. Only if the child proceeds with sending or viewing an image after this warning will the notification be sent,” it said. “For child accounts age 13-17, the child is still warned and asked if they wish to view or share a sexually explicit image, but parents are not notified.” Apple said it was looking at adding “additional support to Siri and Search to provide victims — and people who know victims — more guidance on how to seek help”. Although the CSAM system is currently limited to the US, Cupertino could soon be facing pressure from Canberra to bring it to Australia. On Monday, the government unveiled a set of rules for online safety that will cover social media, messaging platforms, and any relevant electronic service of any kind. The provider is expected to minimise the availability of cyberbullying material targeted at an Australian child, cyber abuse material targeted at an Australian adult, a non-consensual intimate image of a person, class 1 material, material that promotes abhorrent violent conduct, material that incites abhorrent violent conduct, material that instructs in abhorrent violent conduct, and material that depicts abhorrent violent conduct. The expectations also boast additional expectations, such as that the provider of the service will take reasonable steps to proactively minimise the extent to which material or activity on the service is or may be unlawful or harmful. Australia’s eSafety Commissioner will have the power to order tech companies to report on how they are responding to these harms and issue fines of up to AU$555,000 for companies and AU$111,000 for individuals if they don’t respond. Related Coverage More

Getty Images/iStockphoto
Political candidates should formally commit to treating campaigning as a mode that’s distinct from engagement with citizens when in government, a report from the Australian Strategic Policy Institute (ASPI) says. “A healthy online public sphere requires political will,” ASPI’s latest report [PDF], Influence for hire: The Asia-Pacific’s online shadow economy, says.”Transparency about government funding of public messaging when in office would allow citizens and civil society to engage with trust in the digital public sphere. “Political representatives should commit to not using networks of inauthentic, fake, or repurposed social media accounts to manipulate political discourse.”But it isn’t just political, with ASPI recommending for platforms to take on some of the accountability.”Platforms could implement country-specific oversight committees to manage prominent account bans, to ensure the consistent application of content moderation policies to capture inauthentic behaviour, and to participate in mandatory transparency reporting,” ASPI says.There is also a case for government and industry to work together to develop policies and initiatives that offer digital entrepreneurs pathways beyond low-cost content-farm work and that reward ethical content creation.

“The influencer economy could be encouraged to self-regulate through the development of codes of conduct,” the report says.According to ASPI, commercial influence-for-hire services will continue to proliferate for as long as there’s a market for them and cheap digital labour to deliver their services. ASPI said this creates risks for societies that aspire to meaningful democratic participation and opportunities for foreign interference. “A manipulated information environment doesn’t serve democracy well,” it added. “It’s particularly harmful to societies that are emerging from historically more authoritarian forms of governance, have weak democratic governance, fragile civil societies, or any combination of those factors.”In line with testimony provided recently by Facebook, ASPI said there was growing evidence of states using commercial influence-for-hire networks — PR firms.It pointed to research [PDF] from the Oxford Internet Institute that found 48 instances of states working with influence-for-hire firms in 2019-20, an increase from 21 in 2017-18 and nine in 2016-17.”A surplus of cheap digital labour makes the Asia-Pacific a focus for operators in this economy,” ASPI added.While currently, much of the responsibility for taking action against the covert manipulation of online audiences falls to the social media companies, ASPI said solutions must involve responsibility and transparency in how governments engage with their citizens.”The technology industry, civil society, and governments should make that alignment of values the bedrock of a productive working relationship,” it said. “Structures bringing these stakeholders together should reframe those relationships — which are at times adversarial — in order to find common ground.”Further recommendations made by ASPI to ensure that the information environment and digital economy best align with democratic forms of governance, include multi-stakeholder “whole-of-society” approaches, which would require a revisit of the existing “adversarial approach” between governments and the companies that provide the infrastructure for the digital economy. “Democracies and industry must partner to fund capacity-building programs that bolster civil society organisations in emerging democracies in the Asia–Pacific region. Civil society organisations can work to apply transparency to state manipulation of the information environment,” it wrote.It has also suggested the creation of an Asia-Pacific centre of excellence in democratic resilience could provide a vehicle for public-private multilateral partnerships designed to maintain the health of the region’s online public sphere. ASPI has been calling for the establishment of an independent statutory authority to oversee operations of all social media platforms that operate down under.”We suggest an independent statutory authority that is empowered to observe and report on how the incentives, policies, algorithms, and enforcement actions of social media platforms are operating, with the ultimate goal being to maximise benefits and reduce harm for society and its citizens,” ASPI wrote in a to the Senate Select Committee on Foreign Interference through Social Media last year.ASPI hopes for such an authority to be granted explicit insight into how content is filtered, blocked, amplified, or suppressed, both from a moderation and algorithmic amplification point of view.”Crucially, these obligations should be placed on all social media operating in Australia, including those companies that originate from authoritarian regimes and those fringe platforms servicing niche communities — not just the dominant Western platforms such as Facebook, Twitter, Instagram, and Snapchat,” it said.”These transparency and oversight measures would go some way towards countering the default incentive towards sensational, provocative, and potentially polarising content.”RELATED COVERAGEDisinformation for hire: PR firms are the new battleground for FacebookFacebook’s head of security policy has testified before an Australian Parliamentary inquiry that his company has witnessed an increasing use of marketing firms or PR agencies that are essentially hired to run disinformation campaigns.Australia warned to not ignore domestic misinformation in social media crackdownCommittee has been warned against outsourcing the job of deciding what is true or false in an Australian context to a handful of private US companies.Countering foreign interference and social media misinformation in AustraliaDFAT, the Attorney-General’s Department, and the AEC have all highlighted what measures are in place to curb trolls from spreading misinformation across social media. More

Microsoft has unveiled a new ransomware detection feature for its Azure customers that will send alerts to security teams when the system observes actions “potentially associated with ransomware activities.”In a blog post, Microsoft’s Sylvie Liu said Azure worked with the Microsoft Threat Intelligence Center to create Fusion detection for ransomware. Microsoft’s Fusion technology uses machine learning to find potential attacks in progress and alert security teams.The system will send alerts when it sees ransomware activities at “defense evasion and execution stages during a specific timeframe.”Liu explained that the system will send messages like “Multiple alerts possibly related to Ransomware activity detected” in the Azure Sentinel workspace. The alerts will explain what happened and on which devices or hosts the actions were seen. The Fusion system will correlate data from Azure Defender (Azure Security Center), Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security and Azure Sentinel scheduled analytics rules. A report from cybersecurity firm BlackFog released on Monday found that ransomware attacks on government organizations and schools are continuing to increase in 2021, both of which deploy thousands of Microsoft machines. Liu cited a report from PurpleSec that estimated ransomware attacks in 2020 caused $20 billion worth of damage and increased downtime by 200%

“Preventing such attacks in the first place would be the ideal solution but with the new trend of ‘ransomware as a service’ and human operated ransomware, the scope and the sophistication of attacks are increasing — attackers are using slow and stealth techniques to compromise network, which makes it harder to detect them in the first place,” Liu said. “When it comes to ransomware attacks, time more than anything else is the most important factor in preventing more machines or the entire network from getting compromised. The sooner such alerts are raised to security analysts with the details on various attacker activities, the faster the ransomware attacks can be contained and remediated.” In July, Microsoft’s 365 Defender Research Team revealed three vulnerabilities in Netgear routers that could have led to data leaks of a full system compromise. The vulnerabilities were patched earlier this year.   More