Boing Boing 

Today's terrifying Web security vulnerability, courtesy of the 1990s crypto wars

The Logjam bug allows attackers to break secure connections by tricking the browser and server to communicate using weak crypto -- but why do browsers and servers support weak crypto in the first place?

Read the rest

Self-sustaining botnet made out of hacked home routers


Telcos send routers with default passwords to their customers, who never change them, and once they're compromised, they automatically scan neighboring IP space for more vulnerable routers from the same ISP.

Read the rest

Drug pump is "most insecure" devices ever seen by researcher

Security researcher Jeremy Richards has called the Hospira Lifecare PCA 3 drug-pump "the least secure IP enabled device" he's examined.

Read the rest

Legal threat against security researcher claims he violated lock's copyright


Mike Davis from Ioactive found serious flaws in the high-security the Cyberlock locks used by hospitals, airports and critical infrastructure, but when he announced his findings, he got a legal threat that cited the Digital Millennium Copyright Act.

Read the rest

Encrypting your laptop demystified

On The Intercept, Micah Lee follows up on his great primer on NSA-proof passwords with a soup-to-nuts tutorial on encrypting your laptop.

Read the rest

Sony sends pre-emptive threat letter to journalists


A lawyer retained by Sony has sent threat-letters to media outlets hinting at repercussions if they report on material in the huge dump of internal Sony docs from the North Korea hack that Wikileaks put online.

Read the rest

Arkansas cops send malware to whistleblowers' lawyers

An Arkansas lawyer representing ex-cops who blew the whistle on corruption in the Fort Smith Police Department says that when he gave the police brass a blank hard-drive for discovery documents, they returned it laden with sneaky malware, including a password-sniffing keylogger and a backdoor that would let the police department spy on their legal opponents.

Read the rest

Exploding the Phone: the untold, epic story of the phone phreaks

Phil Lapsley's Exploding the Phone does for the phone phreaks what Steven Levy's Hackers did for computer pioneers, capturing the anarchic move-fast-break-stuff pioneers who went to war against Ma Bell. Read the rest

NSA-proof passwords


The Intercept's Micah Lee explains how to use Diceware's to generate a passphrase that can survive the NSA's trillion-guess-per-second cracking attempts -- but which can still be easily memorized.

Read the rest

Backchannel: computers can talk to each other with heat

A paper by Ben Gurion University researchers to be presented at a Tel Aviv security conference demonstrates "Bitwhisper," a covert communications channel that allows computers to exchange data by varying their temperature, which can be detected by target machines within 40cm.

Read the rest

Automating remote BIOS attacks


Legbacore's upcoming "digital voodoo" presentation will reveal an automated means of discovering BIOS defects that are vulnerable to remote attacks, meaning that your computer can be compromised below the level of the OS by attackers who do not have physical access to it.

Read the rest

Windows 10 announcement: certified hardware can lock out competing OSes


Microsoft has announced a relaxation of its "Secure Boot" guidelines for OEMs, allowing companies to sell computers pre-loaded with Windows 10 that will refuse to boot any non-Microsoft OS.

Read the rest

Brute-force iPhone password guesser can bypass Apple's 10-guess lockout

The IP Box costs less than £200 and can guess all possible four-digit passwords in 111 hours.

Read the rest

Clinton's sensitive email was passed through a third-party spam filtering service


It's been years since the spam wars were at the front of the debate, but all the salient points from then remain salient today: when you let unaccountable third parties see your mail and decide which messages you can see, the potential for mischief is unlimited.

Read the rest

Laptop killing booby-trapped USB drive


The USB Killer is a booby-trapped, hand-made USB drive that will "burn down" your laptop if you insert it into your USB slot.

Read the rest

Three steps to save ourselves from firmware attacks


Following on the news that the (likely NSA-affiliated) Equation Group has developed a suite of firmware attacks that target the software embedded in your hard-drive and other subcomponents, it's time to expand the practice of information security to the realm of embedded software.

Read the rest

Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

No one explains security, privacy, crypto and safety better.Read the rest