Boing Boing 

Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House


The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit.

Read the rest

Elaborate spear-phishing attempt against global Iranian and free speech activists, including an EFF staffer


Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication.

Read the rest

EFF announces the 2015 Pioneer Award winners


Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra will be awarded the EFF's prestigious prize recognizing the leaders who are extending freedom and innovation on the electronic frontier.

Read the rest

Samsung fridges can leak your Gmail logins

Researchers at Pen Test Partners took up the challenge to hack a smart fridge at Defcon's IoT Village, and discovered that they could man-in-the-middle your Google login credentials from Samsung fridges.

Read the rest

Car information security is a complete wreck -- here's why


Sean Gallagher's long, comprehensive article on the state of automotive infosec is a must-read for people struggling to make sense of the summer's season of showstopper exploits for car automation, culminating in a share-price-shredding 1.4M unit recall from Chrysler, whose cars could be steered and braked by attackers over the Internet.

Read the rest

"I hope the Chinese aren't collating the Ashley Madison data with their handy federal list of every American with a security clearance." -Bruce Sterling

-Bruce Sterling

Your Android unlock pattern sucks as much as your password did


In Tell Me Who You Are, and I Will Tell You Your Lock Pattern, Marte L√łge presented some of her Master's Thesis research on the guessability of Android lock-patterns -- and guess what?

Read the rest

Chuck Wendig's Zeroes: a hacker technothriller in the War Games lineage

Chuck Wendig's new technothriller Zeroes is a hacker misfit tale in the lineage of War Games and Sneakers, true to the spirit (and often, the minutae) of security work, and exciting as hell to boot.Read the rest

America's "worst voting machines" dropped in Virgina (at last)


AVS Winvote machines are so insecure that if they weren't hacked in the last election, "it was only because no one tried."

Read the rest

Hilariously terrifying talk about security

In Not Even Close: The State of Computer Security, a talk given at the Norwegian Deveopers' Conference, Microsoft Research's James Mickens gave the most acerbic, funny, terrifying security talk I can remember seeing (and I've seen a lot of 'em!).

Read the rest

Insurance monitoring dashboard devices used by Uber let hackers "cut your brakes" over wireless


UCSD computer scientist Stefan Savage and colleagues will present their work at Usenix Security: they were able to disable the brakes on a 2013 Corvette by breaking into a Mobile Devices/Metromile Pulse dongle, used by insurance companies to monitor driving in exchange for discounts on coverage.

Read the rest

Come see me at Defcon!


I'm speaking at Defcon this weekend in Las Vegas: my talk, "Fighting Back in the War on General Purpose Computers," is tomorrow (Friday) at 11AM in track 3, followed immediately by a signing at the No Starch Press table in the Champagne Ballroom at the Paris hotel.

Read the rest

Proof-of-concept firmware worm targets Apple computers

It's like Bad USB, with extra Thunderbolt badness: Web-based attacks can insert undetectable malicious software into a Mac's UEFI/BIOS, which spreads to other machines by infecting Thunderbolt and USB devices.

Read the rest

Going to DEFCON? EFF's got your back


The Electronic Frontier Foundation always has a huge presence at Las Vegas's DEFCON, but this year, we're hosting our first-ever badge-hack contest!

Read the rest

Self-aiming sniper rifle can be pwned over the Internet


The $13,000 Trackingpoint sniper rifle is vulnerable to wifi-based attacks that allow your adversary to redirect bullets to new targets of their choosing.

Read the rest

Chrysler has to recall its cars due to security vulnerabilities


Chrysler, whose Jeep Cherokees were demonstrated to be vulnerable to Internet-based attacks on their steering and brakes (as well as radios, air conditioning and other systems) has recalled 1.4M cars due to software vulnerabilities.

Read the rest

Once again: Crypto backdoors are an insane, dangerous idea


The Washington Post editorial board lost its mind and called on the National Academy of Sciences to examine "the conflict" over whether crypto backdoors can be made safe: the problem is, there's no conflict.

Read the rest