Hackers stole 101,000 taxpayers' logins/passwords from the IRS

IRS 1040 Tax Form Being Filled Out

Amazingly, this is an improvement on last year, when hackers took 300,000 taxpayers' records from the IRS. Read the rest

Gmail will warn you when your correspondents use unencrypted mail transport

Unencrypted Message

A basic best-practice for email servers is to use TLS (Transport Layer Security) when they connect to one another, which guards against "man in the middle" attacks that would allow attackers to read or change emails while they travel between mail-servers. Read the rest

Vtech, having leaked 6.3m kids' data, has a new EULA disclaiming responsibility for the next leak

vtech-mobigo-2-touch-learning-system_4

Last December, Vtech, a crapgadget/toy company, suffered a breach that implicated the data of 6.3 million children, caused by its negligence toward the most basic of security measures. Read the rest

Hacker promises dump of data from 20K FBI and 9K DHS employees

800px-Afghan_HINO_dump_truck

A hacker has told Motherboard that they have extracted 200GB of data from the US government, including confidential records pertaining to 20,000 FBI employees and 9,000 DHS employees. Read the rest

Error 53: Apple remotely bricks phones to punish customers for getting independent repairs

7719907858_b2d469ba10_b

Iphone 6s that have been repaired by independent service centers are bricking themselves, seemingly permanently, with a cryptic message about "Error 53." Read the rest

Watch: how to make security tools for normal humans

Users_Are_People_Too

Another amazing Shmoocon talk is "Users Are People Too: How to Make Your Tools Not Suck for Humans," presented by two key people from Simply Secure, a nonprofit devoted to improving security tool usability (I am a volunteer advisor to Simply Secure). Read the rest

How to prepare to join the Internet of the dead

Online_No_One_Knows_Youre_Dead

In January 2015, security researcher and beloved, prolific geek Michael "Hackerjoe" Hamelin died in a head-on collision that also hospitalized his widow, Beth Hamelin. Read the rest

Videos of this year's Shmoocon talks, starting with Gershenfeld's talk on nonbinary computing

Keynote_Address

Shmoocon is a security conference that ranks with other top-tier events like Defcon, CCC, HOPE, Black Hat, etc: this year's talks are all on the Internet Archive for streaming or download. Read the rest

Vice now has a Securedrop for anonymous whistleblower docs

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x949

Securedrop is a robust, secure, anonymous system for whistleblowers to convey documents to news organizations, created by Aaron Swartz and taken up by the Freedom of the Press Foundation after his death. Read the rest

Head of NSA's hacker squad explains how to armor networks against the likes of him

Rob-Joyce-NSA-TAO-582x435

Rob Joyce runs the NSA's Tailored Access Operations group, the spies who figure out how to hack systems, publishing a spook's version of the Skymall catalog, filled with software and hardware that other spies can order for use. Read the rest

Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

5159177886_1276e96f54_b
Nitesh Dhanjani's 2015 O'Reilly book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts is a very practical existence-proof of the inadequacy and urgency of Internet of Things security.

A search-engine for insecure cameras, from baby-monitors to grow-ops

IoTSearchEngineShodanLaunchesNewWebcamImageFeed-1-640x361

Hackers have been compromising wireless baby-monitors since 2013, but the more popular they've become, the more vulnerable they've become, and the attacks just keep getting more terrible. Read the rest

Just look at this password-dispensing banana

animation

Just look at it. Read the rest

GM's Dieselgate: mechanics privately admit software update removes crimeware from Opel cars

General Motors Warren Transmission Operations Plant in Warren, Michigan, 2015. REUTERS

Luc Pauwels from Belgium's VRT News took his Vauxhall (GM) Opel Astra in for service, and a mechanic there disclosed that Vauxhall had asked him to flash the firmware of any diesel Opel Zafira to remove a defeat-device that caused it to emit 500% of the legal NOx limit -- an order that came down right after the Dieselgate scandal broke.

Read the rest

Griefer hacks baby monitor, terrifies toddler with spooky voices

bf2a8163e6514603292138dfb61512d9

Remember how, back in September 2015, researchers revealed that virtually every "smart" baby-monitor they tested was riddled with security vulnerabilities that let strangers seize control over it, spying on you and your family? Read the rest

Will the W3C strike a bargain to save the Web from DRM?

256px-HAL9000.svg

The World Wide Web Consortium, which makes the standards the Web runs on, continues to pursue work on DRM -- technology that you can't connect to without explicit permission, and whose bugs can't be reported without legal jeopardy lest you weaken it. Read the rest

Your smartwatch knows your ATM and phone PIN

animation (1)

Because a PIN-pad is so constrained and predictable, the accelerometer in your smartwatch is able to guess with a high degree of confidence (73%) what you enter into it -- it can also serve as a general-purpose keylogger, though with less accuracy (59%), thanks to the complexity of the keyboard. Read the rest

More posts