Boing Boing 

You'll falafel about this horrifying new pita-sized crypto-key-sniffing hack


I nearly falafel my chair when I read about the Israeli researchers who've designed a device that can derive crypto keys from the unintentional radio signals emitted by a computer's CPU—and miniaturized it until it can fit into a pita.

Read the rest

Schneier: China and Russia probably did get the Snowden leaks -- by hacking the NSA

Bruce Schneier weighs in on last week's ridiculous UK government talking points memo that Murdoch's Sunday Times dutifully published as front-page news.

Read the rest

Navy openly solicits for 0-day bugs to weaponize


A solicitation on FedBizOpps from the Navy asks security researchers to sell them their "vulnerability intelligence, exploit reports and operational exploit binaries affecting widely used and relied upon commercial software."

Read the rest

US Government Office of Personnel Management has a second, much worse breach


The second attack is being blamed on Chinese state actors, and it netted the archives of Standard Form 86, which records applicants' mental illnesses, drug and alcohol use, past arrests and bankruptcies and lists of contacts and relatives.

Read the rest

US CIO defies the FBI, orders HTTPS for all government websites


Tony Scott, CIO of the US government, has spit in the eye of assistant FBI director Michael Steinbach, who called on companies "to build technological solutions to prevent encryption above all else."

Read the rest

Internet-connected hospital drug pumps vulnerable to remote lethal-dose attacks


Researcher Billy Rios (previously) has extended his work on vulnerabilities in hospital drug pumps, discovering a means by which their firmware can be remotely overwritten with new code that can result in lethal overdoses for patients.

Read the rest

Open garage-doors in less than a minute with a hacked kid's toy

Applied Hacking's Samy Kamkar (previously) has released Opensesame, an app for hacked IM-ME texting toys that can open millions of fixed-code garage doors in less than a minute.

Read the rest

IRS leaks 100K taxpayers' data to identity thieves


The IRS sent extensive dossiers on 100,000 US taxpayers to identity thieves who used weak "secret security" questions to trick the agency's "Get Transcript" service.

Read the rest

Today's terrifying Web security vulnerability, courtesy of the 1990s crypto wars

The Logjam bug allows attackers to break secure connections by tricking the browser and server to communicate using weak crypto -- but why do browsers and servers support weak crypto in the first place?

Read the rest

Self-sustaining botnet made out of hacked home routers


Telcos send routers with default passwords to their customers, who never change them, and once they're compromised, they automatically scan neighboring IP space for more vulnerable routers from the same ISP.

Read the rest

Drug pump is "most insecure" devices ever seen by researcher

Security researcher Jeremy Richards has called the Hospira Lifecare PCA 3 drug-pump "the least secure IP enabled device" he's examined.

Read the rest

Legal threat against security researcher claims he violated lock's copyright


Mike Davis from Ioactive found serious flaws in the high-security the Cyberlock locks used by hospitals, airports and critical infrastructure, but when he announced his findings, he got a legal threat that cited the Digital Millennium Copyright Act.

Read the rest

Encrypting your laptop demystified

On The Intercept, Micah Lee follows up on his great primer on NSA-proof passwords with a soup-to-nuts tutorial on encrypting your laptop.

Read the rest

Sony sends pre-emptive threat letter to journalists


A lawyer retained by Sony has sent threat-letters to media outlets hinting at repercussions if they report on material in the huge dump of internal Sony docs from the North Korea hack that Wikileaks put online.

Read the rest

Arkansas cops send malware to whistleblowers' lawyers

An Arkansas lawyer representing ex-cops who blew the whistle on corruption in the Fort Smith Police Department says that when he gave the police brass a blank hard-drive for discovery documents, they returned it laden with sneaky malware, including a password-sniffing keylogger and a backdoor that would let the police department spy on their legal opponents.

Read the rest

Exploding the Phone: the untold, epic story of the phone phreaks

Phil Lapsley's Exploding the Phone does for the phone phreaks what Steven Levy's Hackers did for computer pioneers, capturing the anarchic move-fast-break-stuff pioneers who went to war against Ma Bell. Read the rest

NSA-proof passwords


The Intercept's Micah Lee explains how to use Diceware's to generate a passphrase that can survive the NSA's trillion-guess-per-second cracking attempts -- but which can still be easily memorized.

Read the rest