Edward Snowden performs radical surgery on a phone to make it "go black"

animation (1)

If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it's not in use. Read the rest

Undetectable proof-of-concept chip poisoning uses analog circuits to escalate privilege

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1068

In A2: Analog Malicious Hardware, a paper given at the 2016 IEEE Symposium on Security and Privacy, a group of researchers from the University of Michigan detail a novel, frightening attack on the integrity of microprocessors that uses nearly undetectable tampering, late in the manufacturing process, to allow attackers to trip the "privilege" bit on the chip from userspace processes. Read the rest

Tor Project is working on a web-wide random number generator

hs_montreal_4

Random number generators are the foundation of cryptography -- that's why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed. Read the rest

Pastejacking: using malicious javascript to insert sneaky text into pasted terminal commands

DEC_VT100_terminal

When a computer stops behaving, the solution often involves looking up an obscure command and pasting it into the terminal -- even experienced administrators and programmers aren't immune to this, because remembering the exact syntax for commands you use once every couple years is a choresome task. Read the rest

Smart-meter vendor says that if we know how their system works, the terrorists will win

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1073

Phil Mocek filed a public records request to find out how Seattle's new smart meters -- supplied by Landis and Gyr -- will work. As Mocek writes, these meters are based on "unspecified and unverifiable sensors that monitor activity inside of private property and can communicate collected information in real-time to unspecified machines in remote locations, the workings of which are obscured from ratepayers, with interfaces used by [the city] that require specialized equipment and are thus completely unavailable to ratepayers for personal use or monitoring and verification of information communicated, is already shrouded in secrecy and seemingly proceeding despite repeated voicing of public concern and complete lack of public justification of expense." Read the rest

US Gov't survey: Half of Americans reluctant to shop online due to privacy & security fears

download (2)

A study by the Department of Commerce's National Telecommunications and Information Administration found that half of American Internet users are "deterred" from engaging in online transactions because of fears over privacy and security breaches. Read the rest

Brainjacking: the future of software security for neural implants

animation (2)

In a new scientific review paper published in World Neurosurgery, a group of Oxford neurosurgeons and scientists round up a set of dire, terrifying warnings about the way that neural implants are vulnerable to networked attacks. Read the rest

Kobo "upgrade" deprives readers of hundreds of DRM-locked ebooks

1024px-Kobo_ereader_touch_black_front

Chris writes, "After a recent Kobo software upgrade, a number of Kobo customers have reported losing e-books from their libraries--notably, e-books that had been transferred to Kobo from their Sony Reader libraries when Sony left the consumer e-book business. One customer reported missing 460 e-books, and the only way to get them back in her library would be to search and re-add them one at a time! Customers who downloaded their e-books and illegally broke the DRM don't have this problem, of course." Read the rest

Venerable hacker zine Phrack publishes its first issue in four years

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1051

Phrack has been publishing erratically since 1985, but the four year gap between the previous issue, published in April 2012, and the current issue, published yesterday, was so long that many (me included) feared it might have died. Read the rest

Deep Insert skimmers: undetectable, disposable short-lived ATM skimmers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1053

NCR reports in-the-wild sightings of "deep skimmers" (tiny, disposable card-skimmers that run on watch batteries and use crude radios to transmit to a nearby base-station) on ATMs around the world: "Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the United States." Read the rest

How standardizing DRM will make us all less secure

retailer

After decades of fighting for open Web standards that let anyone implement software to receive and render online data, the World Wide Web Consortium changed course and created EME, a DRM system that locks up video in formats that can only be played back with the sender's blessing, and which also gives media giants the power to threaten and sue security researchers who discover bugs in their code. Read the rest

Excellent advice for generating and maintaining your passwords

6101434856_e7eafdfdf2_b

It's World Password Day and you can celebrate it by fixing your crappy passwords. Read the rest

US government and SCOTUS change cybercrime rules to let cops hack victims' computers

CourtGavel

The Supreme Court -- at the behest of the US government -- has announced changes to "Rule 41," a crucial procedure of the US court system, which will give law enforcement sweeping powers to hack into computers anywhere in the world, including victims' computers, with drastically reduced oversight. Read the rest

EFF to FDA: the DMCA turns medical implants into time-bombs

Herzschrittmacher_auf_Roentgenbild

The Electronic Frontier Foundation just filed comments with the FDA in its embedded device cybersecurity docket, warning the agency that manufacturers have abused the Digital Millennium Copyright Act, threatening security researchers with lawsuits if they came forward with embarrassing news about defects in the manufacturers' products. Read the rest

James Clapper: Snowden accelerated crypto adoption by 7 years

EnronStockPriceAugust2000toJanuary2001.svg

Apparently America's spy agencies have a seven-year plan for cryptographic adoption: James Clapper, the Director of National Intelligence, has credited Edward Snowden with the acceleration of commercial adoption of encryption by 7 years. Read the rest

Hackers take $81 million from Bangladesh's central bank by pwning its $10 second-hand routers

2890262414_47dd52dd85_b

The central bank of Bangladesh lost $81M in a digital heist whose perpetrators have not been caught, thanks in large part to the bank's decision to run its computers without a firewall, and to run networking with second-hand cheapie routers it sourced for $10 each. Read the rest

Why Internet voting is a terrible idea, explained in small words anyone can understand

animation

In this 20 minute video, Princeton computer science prof Andrew Appel lays out the problems with Internet-based voting in crisp, nontechnical language that anyone can understand. Read the rest

More posts