It's been ten years since Sony Music infected the world with its rootkit


Oct 31 2005: Security researcher Mark Russinovich blows the whistle on Sony-BMG, whose latest "audio CDs" were actually multi-session data-discs, deliberately designed to covertly infect Windows computers when inserted into their optical drives. Read the rest

Smurfs vs phones: GCHQ's smartphone malware can take pics, listen in even when phone is off


In a new episode of the BBC's Panorama, Edward Snowden describes the secret mobile phone malware developed by GCHQ and the NSA, which has the power to listen in through your phone's mic and follow you around, even when your phone is switched off. Read the rest

Newly disclosed Android bugs affect all devices


The newly released bugs are part of the Stagefright family of vulnerabilities, disclosed by Zimperium Zlabs. Read the rest

Theoretical "auto-brothel" attack on mechanics' computers could infect millions of cars


Companies like GM have engineered their cars so that it's a felony to make independent diagnostic tools for them, or to investigate the official diagnostic tools rented to mechanics in exchange for a promise to only buy GM's hyper-inflated replacement parts. Read the rest

The FBI has no trouble spying on encrypted communications


Every time the Bureau wants to spy on someone whose communications are encrypted, they just hack them. Read the rest

Why biometrics suck, the Office of Personnel Management edition


The nation-state hackers who stole 5.6 million+ records of US government employees (cough China cough) also took 5.6 million+ fingerprints. But it's no problem: those people can just get new fingerprints and revoke their old ones right? Read the rest

First issue of new feminist hacker zine


Audrey writes, "The Recompiler is a new feminist hacker magazine dedicated to learning about technology in a fun and inclusive way. The first issue of the magazine is now online, with articles about glitchy art, 80s tech, SSL bugs, and the flaws in DNS." Read the rest

Symantec caught issuing rogue certificates


Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or a government to act as a man-in-the-middle between you and your bank, email provider, or employer, undetectably intercepting communications that you believed to be secure. Read the rest

Poker malware infects your computers and peeks at your cards


Odlanor is Windows malware that targets users of Pokerstars and Full Tilt Poker, and exfiltrates information about their cards to their competitors. Read the rest

Ashley Madison users chose passwords like "whyareyoudoingthis"

Now that 11.7 million Ashley Madison users' passwords been shown to be crackable, we're learning that password security has not improved since the last giant dump of user passwords. Read the rest

Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

A flaw in the fraudulent dating site's password hashing means that at least 15 million of its users' passwords are liable to decryption. Read the rest

NYC to-do: "Art, Design, and The Future of Privacy," Sept 17

A night of talks and conversations about privacy and tech, centered on humane design and user-experience -- I'm speaking there! Read the rest

Celebrate the 20th anniversary of Hackers at San Francisco's DNA Lounge

JWZ, owner of San Francisco's legendary DNA Lounge, writes, "Hey nerds, I think this might be up your alley. It's the 20th anniversary of the movie HACKERS and we're doing a movie screening, dance party, costume contest and Wipeout XL contest down at Ye Olde DNA Lounge." Read the rest

Your baby monitor is an Internet-connected spycam vulnerable to voyeurs and crooks

Researchers revealed ten major vulnerabilities in Internet-of-Things babycams from a variety of vendors ranging from spunky startups like Ibaby Labs to rock-ribbed (and deep-pocketed -- attention, class actioneers!) giants like Philips. Read the rest

Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House

The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit. Read the rest

Elaborate spear-phishing attempt against global Iranian and free speech activists, including an EFF staffer

Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication. Read the rest

EFF announces the 2015 Pioneer Award winners

Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra will be awarded the EFF's prestigious prize recognizing the leaders who are extending freedom and innovation on the electronic frontier. Read the rest

More posts