Donald Trump's mail-servers are running Windows 2003


Security researcher Kevin Beaumont had a look at the mail servers operated by the Trump organization and found a veritable dumpster fire: systems running Windows 2003 (!), unpatched, badly configured. Read the rest

California DMV thinks "INFOS3C" is a dirty word


The California DMV has rejected Opendns founder David Ulevitch's application for an "1NFOS3C" vanity license plate because it includes "a term of lust or depravity." Read the rest

After being outed for massive hack and installing an NSA "rootkit," Yahoo cancels earnings call


What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest

Joi Ito interviews Barack Obama for Wired: machine learning, neurodiversity, basic research and Star Trek


Joi Ito (previously) -- director of MIT Media Lab, former Creative Commons chief, investor, entrepreneur, and happy mutant -- interviewed Barack Obama for a special, Obama-edited issue of Wired. Read the rest

Information security needs its own National Institutes of Health


Superstar security researcher Dan Kaminsky (previously) wants to create a "National Institutes of Health for computer security" -- a publicly funded research institution that figures out how to prevent and cope with large-scale security issues in networked devices. Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries


Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The Copyright Office wants your comments on whether it should be illegal to fix your own stuff


Under Section 1201 of the DMCA, a law passed in 1998, people who fix things can be sued (and even jailed!) for violating copyright law, if fixing stuff involves bypassing some kind of copyright lock; this has incentivized manufacturers so that fixing your stuff means breaking this law, allowing them to decide who gets to fix your stuff and how much you have to pay to have it fixed. Read the rest

Yahoo didn't install an NSA email scanner, it was a "buggy" NSA "rootkit"


Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest

Johnson & Johnson says people with diabetes don't need to worry about potentially lethal wireless attacks on insulin pumps


Rapid7 security researcher Jay Radcliffe (previously) has Type I diabetes, and has taken a personal interest in rooting out vulnerabilities in the networked, wireless-equipped blood-sugar monitors and insulin-pumps marketed to people with diabetes, repeatedly discovering potentially lethal defects in these devices. Read the rest

Your next DDoS attack, brought to you courtesy of the IoT


The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition


It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

EFF to court: don't let US government prosecute professor over his book about securing computers


In July, the Electronic Frontier Foundation filed a federal lawsuit on behalf of Dr Matthew Green, a Johns Hopkins Information Security Institute Assistant Professor of Computer Science; now the US government has asked a court to dismiss Dr Green's claims. A brief from EFF explains what's at stake here: the right of security experts to tell us which computers are vulnerable to attack, and how to make them better. Read the rest

Let's kill inane "(in)security questions"


After last week's revelation of a record-smashing breach at Yahoo (which the company covered up for years), security researcher Matt Blaze tweeted: "Sorry, but if you have a Yahoo account, you will need to find a new mother, and have grown up on a different street." Ha, ha, only serious. Read the rest

O'Reilly's holding a security conference in NYC, Oct 30-Nov 2


I've been going to O'Reilly conferences since the first P2P conference in 2001; for 15 years, they've been blowing my mind. Read the rest

Social media site targeted at teen girls is leaking 5.5M+ passwords right now


I-Dressup is a social media site aimed at teen and tween girls, where users play and interact with fashion. Six days ago, Ars Technica's Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them. Read the rest

Demand that HP make amends for its self-destructing printers [SIGN AND SHARE!]


I've written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company's bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges. Read the rest

The democratization of censorship: when anyone can kill as site as effectively as a government can


On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." We haven't quite got there yet with Stuxnet, but there's a whole class of "advanced persistent threat" techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation. Read the rest

More posts