Fake negative reviews are a cheap way to screw up darknet drug marketplaces

In The Network Structure of Opioid Distribution on a Darknet Cryptomarket, (Sci-Hub mirror), a paper presented today at the American Sociological Association meeting in Montreal, social scientists Scott W. Duxbury and Dana L. Haynie lay out their findings on using fake bad reviews to disrupt the darknet drug-trade. Read the rest

How to crack a shitty Wifi password

Reading Brannon Dorsey's guide to cracking Wifi passwords is a good wake-up call to set a decent password for your own network -- it's pretty danged easy otherwise. Read the rest

Securing the IoT: a tele-dildo controlled through the Tor network

Security researcher Sarah Jamie Lewis wanted to demonstrate that the horrific stories of insecure networked sex-toys (and other Internet of Things devices) was the result of manufacturers' negligence, not the intrinsic limitations of information security. Read the rest

A new, dubious "smart" cryptocurrency for prostitution

"Lust" is an initial coin offering based on the Ethereum blockchain platform, designed for prostitutes and their customers to exchange money for sexual services. Read the rest

Global Wannacry payout: $140,000 -- a superweapon in the hands of dum-dums

The Wannacry worm burned through the world's unpatched IT systems, hitting more than 80 countries in 24 hours, taking down hospitals, airlines, banks and logistics companies, until a hidden killswitch was able to halt its spread. Read the rest

Reidentification attack reveals German judge's porn-browsing habits

In their Defcon 25 presentation, "Dark Data", journalist Svea Eckert and data scientist Andreas Dewes described how easy it was to get a massive trove of "anonymized" browsing habits (collected by browser plugins) and then re-identify the people in the data-set, discovering (among other things), the porn-browsing habits of a German judge and the medication regime of a German MP. Read the rest

What not to do when you're anonymous, if you want to stay that way

If you're using an anonymity tool -- Tor or something like it -- to be anonymous on the internet, it's really easy to screw it up and do something that would allow an adversary of varying degrees of power (up to and including powerful governments) to unmask you. Read the rest

A brief history of Alice & Bob, cryptography's first couple

Alice and Bob are the hypothetical communicants in every cryptographic example or explainer, two people trying to talk with one another without being thwarted or overheard by Eve, Mallory and their legion of nefarious friends. Read the rest

Decoder rings

Retroworks' $18 decoder rings don't have much by way of cryptographic robustness (they compare disfavorably to the cipher-wheel wedding rings my wife and I wear!), but they're not a bad way to introduce the littlies in your life to the idea of habitual secrecy. (via Red Ferret) Read the rest

Proof-of-concept camera encrypts images with GPG

W Aaron Waychoff, creator of the Falsom Upside-Down ⊥ "Resist" campaign, was inspired by this 2016 post; he writes, "I've made a proof-of-concept encrypting digital camera based on the open source, widely adoped GnuPG. This project uses public key encryption to encrypt every photo the camera takes before writing the encrypted version to memory. Of particular note, there are absolutely no UI changes over what an ordinary point-and-shoot camera provides. No extra keyboards or touch screens are needed as no passwords need be entered." Read the rest

Cheating Chinese certificate authorities, caught by Certificate Transparency, will get the death penalty

In 2012, Google introduced Certificate Transparency, an internet-wide tripwire system designed to catch cryptographic "certificate authorities" who abused their position to produce counterfeit credentials that would allow criminals, governments and police to spy on and tamper with secure internet connections. Read the rest

China orders mobile app stores to remove VPN apps

Starting July 1, the official Android and Apple App stores will no longer allow Chinese users to download the VPN apps that Chinese people rely upon in order to get around the Great Firewall of China, which censors information in China and surveils Chinese peoples' use of the net. Read the rest

A new ransomware strain is seemingly using a leaked NSA cyberweapon to race around the planet

Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab's honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue -- the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group -- into a new Petya strain. Read the rest

Australia announces plan to ban working cryptography at home and in the US, UK, New Zealand, and Canada

The Australian Attorney General and a key Australian minister have published a memo detailing the demand they plan on presenting to the next Five Eyes surveillance alliance meeting, which will be held next week in Ottawa. Read the rest

Germany mulls sweeping surveillance bill, crypto backdoors and fingerprinting kids

Germany's interior ministry has announced sweeping new surveillance powers ahead of the coming national election, which would include the right to infect residents' computers with malware in order to spy on their encrypted communications (shades of the illegal Bundestrojaner program), ordering tech companies to deliberately introduce defects into their cryptography, and fingerprinting children as young as 6. Read the rest

Linux worm turns Raspberry Pis into cryptocurrency mining bots

Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware's author and handing you the power-bill. Read the rest

Opsec and #blacklivesmatter: how Trump is motivating activists to learn and practice digital security

It's been more than two years since Harlem Cryptoparty made the connection between the struggle for racial justice in America and access to networks and encryption; the Trump election has strengthened that proposition, with a national network of Digital Security in the Era of Trump workshops where activists train each other on operational security. Read the rest

More posts