Apple will roll out a technology that will allow the company to detect and report known child sexual abuse material to law enforcement in a way it says will preserve user privacy. From a report: Apple told TechCrunch that the detection of child sexual abuse material (CSAM) is one of several new features aimed at better protecting the children who use its services from online harm, including filters to block potentially sexually explicit photos sent and received through a child's iMessage account. Another feature will intervene when a user tries to search for CSAM-related terms through Siri and Search.

Most cloud services -- Dropbox, Google, and Microsoft to name a few -- already scan user files for content that might violate their terms of service or be potentially illegal, like CSAM. But Apple has long resisted scanning users' files in the cloud by giving users the option to encrypt their data before it ever reaches Apple's iCloud servers. Apple said its new CSAM detection technology -- NeuralHash -- instead works on a user's device, and can identify if a user uploads known child abuse imagery to iCloud without decrypting the images until a threshold is met and a sequence of checks to verify the content are cleared. News of Apple's effort leaked Wednesday when Matthew Green, a cryptography professor at Johns Hopkins University, revealed the existence of the new technology in a series of tweets. The news was met with some resistance from some security experts and privacy advocates, but also users who are accustomed to Apple's approach to security and privacy that most other companies don't have.

Microsoft said this week it plans to run an experiment in its Edge web browser where it will intentionally disable an important performance and optimization feature in order to enable more advanced security upgrades in what the company is calling Edge Super Duper Secure Mode. From a report: Announced today by Johnathan Norman, Microsoft Edge Vulnerability Research Lead, the idea behind the new Super Duper Secure Mode is to disable support for JIT (Just-In-Time) inside V8, the Edge browser's JavaScript engine. JIT, while unknown to most end-users, plays a crucial role in all of today's web browsers. JIT works by taking JavaScript and compiling it to machine code ahead of time. If the browser needs the code, it gains a significant speed boost. If it doesn't, the code is discarded.

However, JIT support in V8 is complex. Norman said JIT-related security issues amounted to 45% of all V8 vulnerabilities in 2019. Furthermore, more than half of the "in the wild" Chrome exploits rely on JIT-related bugs. Norman said that recent tests carried out by the Edge team have shown that despite its pivotal role in speeding up browsers in the early and mid-2010s, JIT is not a crucial feature anymore to Edge's performance.

Apple intends to install software on American iPhones to scan for child abuse imagery, Financial Times is reporting citing people briefed on the plans, raising alarm among security researchers who warn that it could open the door to surveillance of millions of people's personal devices. From the report: Apple detailed its proposed system -- known as "neuralMatch" -- to some US academics earlier this week, according to two security researchers briefed on the virtual meeting. The plans could be publicised more widely as soon as this week, they said. The automated system would proactively alert a team of human reviewers if it believes illegal imagery is detected, who would then contact law enforcement if the material can be verified. The scheme will initially roll out only in the US.

The proposals are Apple's attempt to find a compromise between its own promise to protect customers' privacy and ongoing demands from governments, law enforcement agencies and child safety campaigners for more assistance in criminal investigations, including terrorism and child pornography. [...] "This will break the dam -- governments will demand it from everyone," said Matthew Green, a security professor at Johns Hopkins University, who is believed to be the first researcher to post a tweet about the issue. Alec Muffett, a security researcher and privacy campaigner who formerly worked at Facebook and Deliveroo, said Apple's move was "tectonic" and a "huge and regressive step for individual privacy. Apple are walking back privacy to enable 1984," he said.

The U.S. government is enlisting the help of tech companies, including Amazon, Microsoft and Google, to bolster the country's critical infrastructure defenses against cyber threats after a string of high-profile attacks. From a report: The Department of Homeland Security, on Thursday, is formally unveiling the initiative called the Joint Cyber Defense Collaborative. The effort will initially focus on combating ransomware and cyberattacks on cloud-computing providers, said Jen Easterly, director of the DHS's Cybersecurity and Infrastructure Security Agency. Ultimately, she said, it aims to improve defense planning and information sharing between government and the private sector.

"This will uniquely bring people together in peacetime, so that we can plan for how we're going to respond in wartime," she said in an interview. Ms. Easterly was sworn in as CISA's director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Army's first cyber operations unit at the National Security Agency, America's cyberspy agency. Over the past year, ransomware attacks have disrupted large parts of daily life in the U.S. They have diverted ambulances, caused long lines at gas stations in the southeast, and disrupted the production of hot dogs and other meat products.