FBI chief demands an end to cellphone security

If your phone is designed to be secure against thieves, voyeurs, and hackers, it'll also stop spies and cops. So the FBI has demanded that device makers redesign their products so that they -- and anyone who can impersonate them -- can break into them at will.

Read the rest

Darkmatter: a secure Paranoid Android version that hides from attackers

Stock Android phones with the Darkmatter OS use encrypted storage, OS-level app controls, and secure messaging by default, but if the phone thinks it's under attack, it dismounts all the encrypted stuff and reboots as a stock Android phone with no obvious hints that its owner has anything hidden on it.

Read the rest

Malware needs to know if it's in the Matrix


Once a security researcher discovers a new strain of malicious software -- running a virtual machine on a test-bench -- and adds its signature to anti-virus and network monitor blacklists, it's game over. So today's malware devotes enormous energy to figuring out if it's running on a real computer, or inside one of its enemies' virtual worlds.

Read the rest

Fixing the unfixable USB bug


Security experts have been haunted by the prospect of unpatchable, potent, fundamental bug in USB devices; the tension only heightened when sourcecode for an exploit went live last week.

Read the rest

Sore losers: How casinos went after two guys who found a video poker bug


John Kane, who'd lost a fortune to Video King machines, discovered a subtle bug that let him win big -- so the casinos put him in handcuffs.

Read the rest

Petition: make it safe to report security flaws in computers


Laws like the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act put security researchers at risk of felony prosecution for telling you about bugs in the computers you put your trust in, turning the computers that know everything about us and watch everything we do into reservoirs of long-lived pathogens that governments, crooks, cops, voyeurs and creeps can attack us with.

Read the rest

Sourcecode for "unpatchable" USB exploit now on Github


Last summer's Black Hat presentation on "Badusb" by Karsten Nohl alerted the world to the possibility that malware could be spread undetectably by exploiting the reprogrammable firmware in USB devices -- now, a second set of researchers have released the code to let anyone try it out for themselves.

Read the rest

Mobile malware infections race through Hong Kong's Umbrella Revolution


The protesters are dependent on mobile apps to coordinate their huge, seemingly unstoppable uprising, and someone -- maybe the Politburo, maybe a contractor -- has released virulent Ios and Android malware into their cohort, and the pathogens are blazing through their electronic ecosystem.

Read the rest

Smart thermostat makes dumb security mistakes

Andrew Tierney had a close look at Heatmiser's popular wifi-enabled thermostat and found it to be riddled with security vulnerabilities.

Read the rest

Tabnapping: a new phishing attack [2010]

Aza Raskin's Tabnapping is a proof-of-concept for a fiendish attack: a tab that waits until you're not watching, then turns itself into a convincing Google login screen that you assume you must have opened.

Read the rest

Free cybersecurity MOOC


The Open University's "Introduction to Cyber Security" is a free online course -- with optional certificate -- that teaches the fundamentals of crypto, information security, and privacy; I host the series, which starts on Oct 13."

Read the rest

Fake, phone-attacking cell-towers are all across America


The towers attack the baseband radio in your phone and use it to hack the OS; they're only visible if you're using one of the customized, paranoid-Android, post-Snowden secure phones, and they're all around US military bases.

Read the rest

When law-enforcement depends on cyber-insecurity, we're all at risk


It's not enough to pass rules limiting use of "stingray" mobile-phone surveillance devices by civilians: for so long as cops depend on these devices, the vulnerabilities they exploit will not be fixed, leaving us all at risk.

Read the rest

Save the net, break up the NSA

Bruce Schneier nails it: "efficiency is not the most important goal here; security and liberty are."

Read the rest

GCHQ's black bag of dirty hacking tricks revealed

The dirty tricks used by JTRIG -- the toolsmiths of the UK spy agency GCHQ -- have been published, with details on how the agency manipulates public opinion, censors Youtube, games pageview statistics, spy on Ebay use, conduct DDoS attacks, and connect two unsuspecting parties with one another by phone.

Read the rest