The abysmal information security at Trump properties has probably already compromised US secrets

Propublica and Gizmodo sent a penetration-testing team to Mar-a-Lago, the Trump resort that has been at the center of series of controversial potential breaches of US military secrecy (for example, loudly discussing sensitive information about the North Korean missile launch in the club's full, public dining room); they discovered that it would be child's play to hack the Mar-a-Lago networks, and that indeed, the networks have almost certainly already been hacked. Read the rest

USG: an open source anti-BadUSB hardware firewall for your USB port

BadUSB is bad news: malware that targets the firmware in your USB port's embedded system, bypassing the OS, antivirus software and other countermeasures. Read the rest

The previous owners of used "smart" cars can still control them via the cars' apps (not just cars!)

It's not just that smart cars' Android apps are sloppily designed and thus horribly insecure; they are also deliberately designed with extremely poor security choices: even if you factory-reset a car after it is sold as used, the original owner can still locate it, honk its horn, and unlock its doors. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition

It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

Xiaomi phones are pre-backdoored; your apps can be silently overwritten

Thijs Broenink audited the AnalyticsCore.apk app that ships pre-installed on all Xiaomi phones (Xiaomi has their own Android fork with a different set of preinstalled apps) and discovered that the app, which seemingly serves no useful purpose, allows the manufacturer to silently install other code on your phone, with unlimited privileges and access. Read the rest