Germany mulls sweeping surveillance bill, crypto backdoors and fingerprinting kids

Germany's interior ministry has announced sweeping new surveillance powers ahead of the coming national election, which would include the right to infect residents' computers with malware in order to spy on their encrypted communications (shades of the illegal Bundestrojaner program), ordering tech companies to deliberately introduce defects into their cryptography, and fingerprinting children as young as 6. Read the rest

Linux worm turns Raspberry Pis into cryptocurrency mining bots

Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware's author and handing you the power-bill. Read the rest

Opsec and #blacklivesmatter: how Trump is motivating activists to learn and practice digital security

It's been more than two years since Harlem Cryptoparty made the connection between the struggle for racial justice in America and access to networks and encryption; the Trump election has strengthened that proposition, with a national network of Digital Security in the Era of Trump workshops where activists train each other on operational security. Read the rest

Donate to support GnuPG, the backbone of email privacy and security

It's been two years since the net came together to raise funds to support Werner Koch, who maintains the absolutely vital GnuPG email encryption system, used daily by millions to protect the privacy and integrity of their email. Read the rest

Beaker: a decentralized, peer-to-peer web browser that lets you create and fork websites

Beaker is a project from Dat, a "grant-funded, open-source, decentralized data sharing tool." It's a browser that lets you easily create websites using Markdown, or fork any existing website to make it suit your needs, and then share those sites peer-to-peer, without the need for servers in the middle. Read the rest

Invent privacy & security adventures with Cryptomancer & Mozilla

Brett Gaylor writes, "As part of the Mozilla Privacy Arcade project in this year’s Global Sprint, Mozilla is inviting activists, artists, designers, educators, gamers, storytellers, and technologists of all backgrounds to invent new privacy-themed adventures for the role playing game Cryptomancer." Read the rest

Why don't people use secure internet tools?

A group of scholars and practicioners from the US, Germany and the UK conducted a qualitative study on the "obstacles to adoption of secure communications tools," which was presented to the 38th IEEE Symposium on Security and Privacy. Read the rest

UK Tories say they'll exploit Manchester's dead to ban working crypto in the UK

One of UK Prime Minister Theresa May's government ministers told a reporter from The Sun that the government is planning on invoking the "Technical Capabilities Orders" section of the Snoopers Charter, a 2016 domestic spying bill; the "orders" allow the government to demand that companies cease using working cryptography in their products and services, substituting it with deliberately defective code that can be broken. Read the rest

The virulent ransomware worm has been stopped (for now) by a hidden killswitch

As the Wcry ransomware burned across the globe yesterday, spreading to more than 80 countries thanks to a bug in Windows that the NSA deliberately kept secret in order to weaponize it, it seemed unstoppable. Read the rest

Mafia used the text-message ticker at the bottom of a sports broadcast to get messages to mob bosses

Quelli che il Calcio (That which is Football) is one of Italy's top sports broadcasts and it is played in the country's prisons; it has a ticker that you can send SMSes to that then show up on screen. Read the rest

Scuttlebutt: an "off-grid" P2P social network that runs without servers and can fall back to sneakernet

Dominic Tarr is a developer who lives on a self-steering sailboat in New Zealand; he created Scuttlebutt, a secure messaging system that can run without servers, even without ISPs. Read the rest

Drill a single hole in an ATM and you can comprehensively pwn it

A presentation by Igor Soumenkov at Kaspersky's Security Analyst Summit reveals that the method behind a rash of mysterious ATM heists that left behind no evidence of hacking -- only a single small hole drilled by the machines' PIN pads -- were likely accomplished by using the hole to insert a $15 connector that allowed thieves to hijack the ATMs and order them to spit out all their money. Read the rest

Bipartisan bill would end warrantless border searches of US persons' data

Under the Protecting Data at the Border Act, devices "belonging to or in the possession of a United States person" (a citizen or Green Card holder) could no longer be searched at the border without a warrant. Agents would no longer be able to deny US persons entry or exit on the basis of a refusal to allow such a search (but they could seize the equipment). Read the rest

Anarchist bitcoin hacker flies to Syria to join a 4-million person anarchist collective the size of Massachusetts

Amir Taaki is a well-known anarchist bitcoin hacker whose project, Dark Wallet, is meant to create strong anonymity for cryptocurrency transactions; when he discovered that anarchists around the world had gone to Rojava, a district in Kurdish Syria on the Turkish border, to found an anarchist collective with 4,000,000 members "based on principles of local direct democracy, collectivist anarchy, and equality for women," he left his home in the UK to defend it. Read the rest

Google: Chrome will no longer trust Symantec certificates, 30% of the web will need to switch Certificate Authorities

In 2012, Google rolled out Certificate Transparency, a clever system to spot corrupt "Certificate Authorities," the entities who hand out the cryptographic certificates that secure the web. If Certificate Authorities fail to do their jobs, they put the entire electronic realm in danger -- bad certificates could allow anything from eavesdropping on financial transactions to spoofing industrial control systems into accepting malicious software updates. Read the rest

Washington Post and Jigsaw launch a collaborative pop-up dictionary of security jargon

Information security's biggest obstacle isn't the mere insecurity of so many of our tools and services: it's the widespread lack of general knowledge about fundamental security concepts, which allows scammers to trick people into turning off or ignoring security red flags. Read the rest

EFF presents: a guide to protecting your data privacy when crossing the US border

The Electronic Frontier Foundation has just updated its 2011 guide to Digital Privacy at the U.S. Border with an all new edition that covers the law, administrative rules, technological options and potential repercussions of crossing the US border while not undergoing the warrantless seizure and indefinite retention of all of your sensitive data -- in a guide that breaks out the different risks for US citizens, US permanent residents, and visitors to the USA. Read the rest

More posts