A security researcher has published a vulnerability and proof-of-concept exploits in Google's Internet of Things security cameras, marketed as Nest Dropcam, Nest Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor; these vulnerabilities were disclosed to Google last fall, but Google/Nest have not patched them despite the gravity of the vulnerability and the long months since the disclosure.
The Electronic Frontier Foundation has just updated its 2011 guide to Digital Privacy at the U.S. Border with an all new edition that covers the law, administrative rules, technological options and potential repercussions of crossing the US border while not undergoing the warrantless seizure and indefinite retention of all of your sensitive data — in a guide that breaks out the different risks for US citizens, US permanent residents, and visitors to the USA.
Ned Desmond shares the scary story of how a small site he managed that advertised fishing expeditions ended up with 565,192 scam pages. He also suggests five ways to avoid the same fate.
In Out of Control: Ransomware for Industrial Control Systems, three Georgia Tech computer scientists describe their work to develop LogicLocker, a piece of proof-of-concept ransomware that infects the programmable logic controllers that are used to control industrial systems like those in power plants.
Sidd Bikkannavar, a scientist at NASA's Jet Propulsion Laboratory (JPL), still doesn't know why he was detained by US Customs and Border Patrol and compelled under duress to give agent's the access PIN to his NASA-owned mobile phone.
A university, mercifully left unnamed, blew off complaints from students about its slow network. When the problem became too bad to ignore, their IT team found the culprit thanks to a "sudden big interest in seafood-related domains."
The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes.
Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives.
In 2013, Lavabit — famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA — shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses.
Last October, an Apple Store in Brisbane, Australia terminated some of its employees after they were accused of searching customers' devices for sexually explicit selfies and sharing them with colleagues, rating them on a scale of 1-10.
In On Smart Cities, Smart Energy, And Dumb Security — Netanel Rubin's talk at this year's Chaos Communications Congress — Rubin presents his findings on the failings in the security of commonly deployed smart meters.
Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether. — Read the rest
These days, we benefit from having a plethora of TV streaming options, but SelectTV had never been on my radar. SelectTV may be a less known option, but it actually offers significantly more content than the usual suspects. For that reason alone, I thought it was definitely worth checking out. — Read the rest
Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals.
The windowless, 550'-tall AT&T tower at 33 Thomas Street in lower Manhattan is the building referred to as TITANPOINTE in the NSA documents leaked by Edward Snowden, and was likely the staging point for the NSA's BLARNEY operation, which illegally spied upon communications to and from "International Monetary Fund, the World Bank, the Bank of Japan, the European Union, the United Nations, and at least 38 different countries, including U.S. — Read the rest
Adultfriendfinder, "the world's largest sex & swinger community," has suffered a major breach, leaking 300,000,000 accounts' worth of personal information, namely email addresses, passwords, usernames, IP addresses and browser information.
Nadia Eghbal's Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure is a long, detailed report on the structural impediments to maintaining key pieces of free/open software that underpin the internet — it reveals the startling fragility of tools that protect the integrity, safety, privacy and finances of billions of people, which are often maintained by tiny numbers of people (sometimes just one person).
The Atlantic's Andrew McGill set up a virtual server on Amazon's cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the "toaster" had been hacked more than 300 times.
A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday. — Read the rest
