Security researchers: EFF's got your back at this summer's technical conferences

Are you a security researcher planning to present at Black Hat, Defcon, B-Sides or any of this summer's security events? Are you worried a big corporation or the government might attack you for revealing true facts about the defects in the security systems we entrust with our safety, privacy and health? Read the rest

Cheating Chinese certificate authorities, caught by Certificate Transparency, will get the death penalty

In 2012, Google introduced Certificate Transparency, an internet-wide tripwire system designed to catch cryptographic "certificate authorities" who abused their position to produce counterfeit credentials that would allow criminals, governments and police to spy on and tamper with secure internet connections. Read the rest

Limn 8: a social science journal issue devoted to hacking

Gabriella Coleman is the hacker anthropologist whose work on the free software movement, Anonymous and the Arab Spring, the politicization of hacking, and the true role of alt-right dank memes in the 2016 elections are critical reading for the 21st century. Read the rest

For sale: any Australian's full health record for a mere $22

A hacker who appears to have ongoing, continuous access to Australia's electronic health care records is selling access to any full record for 0.0089 bitcoin, or about USD22. Read the rest

Researchers demonstrate attack for pwning entire wind-farms

University of Tulsa security researchers Jason Staggs and his colleagues will present Adventures in Attacking Wind Farm Control Networks at this year's Black Hat conference, detailing the work they did penetration-testing windfarms. Read the rest

Industrial robotics security is really, really terrible

Researchers from Politecnico di Milano and Trend Micro conducted an audit of the information security design of commonly used industrial robots and found that these devices are extremely insecure: robots could be easily reprogrammed to violate their safety parameters, both by distorting the robots' ability to move accurately and by changing the movements the robots attempt to perform; hacked robots can also be made to perform movements with more force than is safe; normal safety measures that limit speed and force can be disabled; robots can be made to falsify their own telemetry, fooling human operators; emergency manual override switches can be disabled or hidden; robots can be silently switched from manual to automatic operation, making them move suddenly and forcefully while dangerously close to oblivious, trusting humans; and of course, robots can be caused to manufacture faulty goods that have to be remanufactured or scrapped. Read the rest

Ransomware crook's email provider shuts down account, so now no one can pay their ransom

Yesterday's massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware's author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account. Read the rest

A new ransomware strain is seemingly using a leaked NSA cyberweapon to race around the planet

Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab's honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue -- the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group -- into a new Petya strain. Read the rest

How hackers can steal your 2FA email account by getting you to sign up for another website

In a paper for IEEE Security, researchers from Cyberpion and Israel's College of Management Academic Studies describe a "Password Reset Man-in-the-Middle Attack" that leverages a bunch of clever insights into how password resets work to steal your email account (and other kinds of accounts), even when it's protected by two-factor authentication. Read the rest

Ukraine is Russia's testbed for launching devastating cyberwar attacks with total impunity

Ever since the Ukrainian "Maidan" revolution, the country has been subjected to waves of punishing cyberwar attacks, targeting its power grids, finance ministry, TV networks, election officials, and other critical systems. Read the rest

Mozilla's new Android browser blocks ads and trackers

Mozilla has extended and improved its Firefox Focus browser, heretofore an Ios product, bringing it to Android, with auto-blocking of trackers and ads and making it easy to erase your browser history. Read the rest

$28 Chinese app is a browser for insecure webcams

Chinese state media reports on a $28/RMB188 app that browses webcams whose default passwords haven't been changed, allowing subscribers to watch the goings-on in stores, living rooms, bedrooms, children's rooms, and anywhere a CCTV might be installed. Read the rest

The 2016 elections taught us to watch for attacks that undermine the legitimacy of elections

Princeton computer scientist and former White House Deputy CTO Ed Felten (previously) writes about the security lessons of the 2016 election: first, that other nation-states are more aggressive than generally supposed, and second, that you don't need to hack the vote-totals to effect devastation on an adversary -- it's sufficient to undermine the election's legitimacy by messing with voter rolls, "so there is uncertainty about whether the correct people were allowed to vote." Read the rest

Israeli company's spyware used to target corruption-fighting journalists and lawyers in Mexico

The NSO Group is an Israeli firm that describes itself as a "cyber warfare" company, dealing exclusively to governments, including the famously corrupt and dysfunctional government of Mexico. The NSO Group is presently for sale, with a $1 billion pricetag. Read the rest

Make: a gorgeous, dramatic Internet Kill Switch

Want to be really sure that your Internet of Things gadgets and laptops aren't being remotely controlled by malware? Read the rest

What's worse than shitty, hacked voting machines? Unauditable, shitty voting machines

The news of attempts by Russian hackers to compromise US voting systems will forever throw into question the results of close US elections -- but that's not just because voting machines are security tire-fires, it's because they're security tire-fires whose vote-counts cannot be audited. Read the rest

Germany mulls sweeping surveillance bill, crypto backdoors and fingerprinting kids

Germany's interior ministry has announced sweeping new surveillance powers ahead of the coming national election, which would include the right to infect residents' computers with malware in order to spy on their encrypted communications (shades of the illegal Bundestrojaner program), ordering tech companies to deliberately introduce defects into their cryptography, and fingerprinting children as young as 6. Read the rest

More posts