|
|  |
EFF Calls for Immediate Action to Defend Tunisian Activists
Electrionic Frontier Foundation - 14.01.2011 02:21
Demonstrations and protests over unemployment and poor living conditions have been ongoing in Tunisia since the beginning of December, but last week the Tunisian government turned up the heat on bloggers, activists, and dissidents by launching a JavaScript injection attack that siphoned off the usernames and passwords of Tunisians logging in to Google, Yahoo, and Facebook. The Tunisian government has used these stolen credentials to log in to Tunisians’ email and Facebook accounts, presumably downloading their messages, emails, and social graphs for further analysis, and then deleting the accounts entirely.
EFF Calls for Immediate Action to Defend Tunisian Activists Against Government Cyberattacks
Eva Galperin - January 11th, 2011
Javascript injection attacks:
 http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernames-and-passwords
Among the compromised accounts are Facebook pages administered by a reporter with Al-Tariq ad-Jadid, Sofiene Chourabi, video journalist Haythem El Mekki, and activist Lina Ben Khenni. Unsatisfied with merely quelling online freedom of expression, the Tunisian government has used the information it obtained to locate bloggers and their networks of contacts. By late last week, the Tunisian government had started arresting and detaining bloggers, including blogger Hamadi Kaloutcha, and cyberactivist Slim Ammamou, who alerted the world to his whereabouts http://yfrog.com/h4o83p
at the Tunisian Ministry of the Interior using Google Latitude. This weekend, Tunisian citizens began to report on Twitter:
http://twitter.com/search?q=%23sidibouzid
and in blogs:
http://atunisiangirl.blogspot.com/2011/01/erregueb-january-9th-2011.html
that troops were using live ammunition on unarmed citizens and started communicating with one another to establish the numbers of dead and injured.
Most notably, Tunisians have been posting videos of the protests, including the dead and wounded
http://www.youtube.com/watch?v=dpTl9Wr9TDs&feature=geosearch
on Facebook, the only video-sharing site which is not currently being blocked by the Tunisian government, which makes access to Facebook especially important for the protest movement.
Because of the Tunisian government’s attacks on citizens’ login credentials, Tunisians should take the following steps to protect themselves:
* If HTTPS is available, use HTTPS to login to Facebook, Google, and Yahoo. If you are using Firefox, EFF’s HTTPS Everywhere:
http://www.eff.org/https-everywhere
plug-in will do this for you automatically.
* EFF has received reports that the Tunisian government is periodically blocking HTTPS access to Facebook, Google, and Yahoo. If that is the case and you must login over HTTP, install the following Greasemonkey script:
http://userscripts.org/scripts/show/94122
to strip out the JavaScript which the Tunisian government has inserted to steal your login credentials.
* If you have logged in to Facebook, Google, or Yahoo recently over HTTP, login using HTTPS and change your password.
Additionally, EFF calls on Google, Yahoo, and Facebook to take action to protect the privacy of its users by alerting them of the potential compromise of their accounts and encouraging them to take the above steps.
Finally, Facebook has reported that is in the process of taking technical steps to protect the privacy of their users. We hope that they include the following:
* Make Facebook logins default to HTTPS, if only in Tunisia, where accounts are especially vulnerable at this time. Google and Yahoo logins already default to HTTPS.
* Consider allowing pseudononymous accounts for users in authoritarian regimes, where political speech under your real name is dangerous and potentially deadly. Many Tunisian activists are unable to reinstate Facebook accounts that have been erased by the Tunisian government because they were not using their real names.
Websites providing services to Tunisian citizens cannot afford to sit on the sidelines while the Tunisian government launches malicious attacks on the privacy of users and censors free expression. Facebook, Google, and Yahoo should take these concrete steps as quickly as possible to inform and better protect their users.
 Website: http://https://www.eff.org/
|
| Lees meer over: media vrijheid, repressie & mensenrechten | | aanvullingen | | WAARSCHUWING | VRESELIJKE - 14.01.2011 02:32
BEELDEN HIERBOVEN IN YOUTUBE; hersenen die uitsteken, etc.
| | javascript? | MM - 14.01.2011 18:02
Begrijp niet goed waarom de fix tegen de JavaScript injection niet meer nodig zou zijn? Alsof alleen dat even in Tunesie heeft plaatsgevonden. Wil dat zeggen dat de betere anti-virus programmas het niet detecteren, of juist wel?
JavaScript heeft enorme voordelen en het is uit de tijd om websites zonder te bouwen (open deur: indy.nl cq mir script is gedateerd). Uiteraard moet dan wel aan alle voorwaarden voldaan worden dat dit soort trucs niet meer kunnen. Klik bijv. op de linkercolum in deze Independent Media testsite en zie wat er mogelijk is: http://mi-cr.org (heeft ip-log, gebruik proxy indien je privacy essentieel is).
| |
| aanvullingen | |
