Boing Boing 

Self-aiming sniper rifle can be pwned over the Internet


The $13,000 Trackingpoint sniper rifle is vulnerable to wifi-based attacks that allow your adversary to redirect bullets to new targets of their choosing.

Read the rest

Chrysler has to recall its cars due to security vulnerabilities


Chrysler, whose Jeep Cherokees were demonstrated to be vulnerable to Internet-based attacks on their steering and brakes (as well as radios, air conditioning and other systems) has recalled 1.4M cars due to software vulnerabilities.

Read the rest

Once again: Crypto backdoors are an insane, dangerous idea


The Washington Post editorial board lost its mind and called on the National Academy of Sciences to examine "the conflict" over whether crypto backdoors can be made safe: the problem is, there's no conflict.

Read the rest

Hackers can pwn a Jeep Cherokee from the brakes and steering to the AC and radio


A zero-day exploit for Jeep Cherokees allows hackers to control everything from the engine to the air-conditioning over the Internet, overriding the driver at the dashboard.

Read the rest

UK schools' "anti-radicalisation" software lets hackers spy on kids


The spyware that Impero supplies to UK schools -- which searches kids' Internet use for "jihadi" terms -- uses "password" as its default password, and the company has threatened brutal legal reprisals against the researcher who repeatedly demonstrated their total security negligence.

Read the rest

What horrible things did we learn about Hacking Team today?


The enormous dump of docs from cyber-arms-dealer Hacking Team continues to yield up details, like the time the company tried to sell spying tools to a death squad.

Read the rest

What happened at yesterday's Congressional hearings on banning crypto?


Cryptographers and security experts gathered on the Hill yesterday to tell Congress how stupid it was to ban crypto in order to make it easier to spy on "bad guys."

Read the rest

Argentine police raid programmer who discovered fatal e-voting flaws


Joaquín Sorianello found the defects in MSA, manufacturer of the Vot.ar e-voting system, and the next he heard about it was when the police came to his house, seized every piece of electronic equipment.

Read the rest

Hacking Team leak: bogus copyright takedowns and mass DEA surveillance in Colombia


Fallout from yesterday's enormous dump of internal documents from Italy's notorious Hacking Team, a cyber-arms dealer for the world's worst autocratic regimes, is just getting started.

Read the rest

You'll falafel about this horrifying new pita-sized crypto-key-sniffing hack


I nearly falafel my chair when I read about the Israeli researchers who've designed a device that can derive crypto keys from the unintentional radio signals emitted by a computer's CPU—and miniaturized it until it can fit into a pita.

Read the rest

Schneier: China and Russia probably did get the Snowden leaks -- by hacking the NSA

Bruce Schneier weighs in on last week's ridiculous UK government talking points memo that Murdoch's Sunday Times dutifully published as front-page news.

Read the rest

Navy openly solicits for 0-day bugs to weaponize


A solicitation on FedBizOpps from the Navy asks security researchers to sell them their "vulnerability intelligence, exploit reports and operational exploit binaries affecting widely used and relied upon commercial software."

Read the rest

US Government Office of Personnel Management has a second, much worse breach


The second attack is being blamed on Chinese state actors, and it netted the archives of Standard Form 86, which records applicants' mental illnesses, drug and alcohol use, past arrests and bankruptcies and lists of contacts and relatives.

Read the rest

US CIO defies the FBI, orders HTTPS for all government websites


Tony Scott, CIO of the US government, has spit in the eye of assistant FBI director Michael Steinbach, who called on companies "to build technological solutions to prevent encryption above all else."

Read the rest

Internet-connected hospital drug pumps vulnerable to remote lethal-dose attacks


Researcher Billy Rios (previously) has extended his work on vulnerabilities in hospital drug pumps, discovering a means by which their firmware can be remotely overwritten with new code that can result in lethal overdoses for patients.

Read the rest

Open garage-doors in less than a minute with a hacked kid's toy

Applied Hacking's Samy Kamkar (previously) has released Opensesame, an app for hacked IM-ME texting toys that can open millions of fixed-code garage doors in less than a minute.

Read the rest

IRS leaks 100K taxpayers' data to identity thieves


The IRS sent extensive dossiers on 100,000 US taxpayers to identity thieves who used weak "secret security" questions to trick the agency's "Get Transcript" service.

Read the rest