Reporting on the World Cup? Avoid penalties and defend your devices
When it comes to protecting sensitive data, don’t settle for second place
Ask a security trainer: What’s the best version of Linux for privacy?
Thinking of switching to Linux? Here are some distributions to consider for security
New journalism curriculum module teaches digital security for border journalists
New journalism curriculum module teaches digital security for border journalists Module developed by Freedom of the Press Foundation, Electronic Frontier Foundation, and University of Texas at El Paso guides students through threat modeling and preparation San Francisco – A new college journalism curriculum module teaches students how to …
Module: Digital security 101 — Crossing the US-Mexico border
This module focuses on how to prepare and what to expect for those traversing the U.S. southern border, centering journalists serving border communities.Unlike most modules in the J-school security curriculum, it begins with a somewhat distinct perspective on risk assessment, adding further emphasis on individual attributes (e.g., nationality) and …
Preparing devices for travel through a US border
US border searches of electronic devices put journalists’ work at risk. But there’s a lot you can do to be prepared
More Signalgate than we can tolerate
Look, neither one of us wants this. But we’re going to have to keep talking about how defense officials are using Signal in unusual ways
Announcing our advice column, “Ask a security trainer”
Are you a journalist with a question about digital security? Ask our team!
Cloudflare hides abusive websites
The Spamhaus Project has released a blog criticizing Cloudflare — a content delivery network and cloud cybersecurity provider — for providing security services to abusive domains. These websites could contain spam, phishing links, malware, and even botnets.
Android spyware flies under the radar
The cybersecurity firm Kaspersky disclosed that at least five Google Play applications contained Mandrake, a sophisticated cyberespionage tool.
Beware fraudulent CrowdStrike emails
Last Friday, computer systems worldwide were taken down by a defective update from enterprise cybersecurity vendor CrowdStrike. In the wake of the outage, the U.S. Cybersecurity and Infrastructure Agency is warning of phishing emails, with attackers posing as CrowdStrike customer support.
What to do about AT&T breach
Around 110 million AT&T subscribers were affected by a data breach from May 1 to Oct. 31, 2022, TechCrunch reported.
Massive Authy leak, plus Proton Docs
The parent company for Authy, an application for two-factor authentication, has issued a critical security update to its Android and iOS users. According to BleepingComputer, hackers utilized leaked phone numbers from past data breaches to identify up to 33 million Authy users.
Eavesdropping on AirPods?
Apple released a firmware update patching a critical Bluetooth vulnerability in AirPods, AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. According to its support page, an adversary in Bluetooth range could spoof as an intended source device for these wireless headphones. When the targeted headphones send a connection request to the spoofed device, it could eavesdrop on confidential conversations.
Audio: Every season is spooky season with Meta’s chatbot AI
October is cybersecurity awareness month and Martin Shelton, principal researcher at Freedom of the Press Foundation (FPF), explores Meta’s new AI chatbot features. What he finds is security news that’s creepier than any ghost and a tool that bleeds more than fake vampire fangs.With Meta releasing AI chatbot abilities …
Taking care with source security when reporting on abortion
What journalists can do to better manage digital security for sources when reporting on abortion.
What journalists should know about detecting and mitigating Pegasus spyware
At Freedom of the Press Foundation, we assist journalists on their digital security habits to help them work more safely and sustainably. So we take it a little personally when private spyware companies are actively making journalists less safe by selling their services to repressive governments. We are now learning …
README: Overview and getting started
We're thrilled that you are reading this, because it means you're taking a step toward equipping your students to protect themselves and the people around them, while they work on the web. We put together this README to let you know what's in the curriculum, how it all fits together, …
Module: File safety
This module begins with a short discussion about information hidden in files, and the potential risks tied to file metadata. It follows with a short exercise to have students find the file metadata embedded in a photo, followed by discussion of risk minimization.PrerequisitesThreat modeling(Good to know) Malware …
Module: Social engineering
This short module opens with a video of a social engineering professional showing off her skills, then moving on to some psychological principles and tactics underlying social engineering approaches. Next, it includes a brief activity asking students to a consider how a social engineer might get their credit card number. …
Module: Obfuscating location
This module opens with an introduction to the need for location obfuscation techniques, and what a VPN does. Instructors may then talk through basics of IP addresses, Virtual Private Networks, and the Tor network. Students will be asked to install Tor and navigate to the New York Times SecureDrop .onion …
Module: End-to-end encryption for files
This module briefly opens with an introduction to the lack of end-to-end encryption in standard cloud and backup services, and closes with an activity to send the instructor a password-protected file over Tresorit Send, an end-to-end encrypted service.Note the Keybase homework assignment will require instructors to sign up for …
Module: Chat safety
This section is intended to quickly introduce chat safety considerations through some examples of tip channels currently supported by newsrooms, followed by discussion time, and finally, hands-on installation of the Signal app. Students may need time to troubleshoot, so we encourage pairing students, and being prepared to help students if …
Module: Legal requests in the U.S.
This module begins with a walkthrough of a few examples of legal requests that have affected news organizations' communications, with emphasis on the underlying authorities and how they might apply more broadly. In the latter half of the lecture, instructors may ask students to investigate a transparency report for a …
Module: Internet and telecommunication security
Because the behavior of telecommunications networks and the internet is so foundational to realistic threat modeling, this section should be used before any subsequent discussion of chat tools designed to protect network-level communication like Signal, or tools that encrypt and tunnel traffic, such as VPNs, or Tor. This section opens …
Module: Targeted harassment and doxxing
This module opens by walking through examples of targeted harassment, followed by a self-doxxing activity, an activity to opt-out of a data broker service, and discussion time. Because some students may have personal experience with harassment and doxxing on the web, if this class environment feels safe enough to do …
