security Model stealing, rewarding hacking and poisoning attacks: a taxonomy of machine learning's failure modes Cory Doctorow
security 95% of America's largest voting districts' mailservers lack basic anti-phishing protection Cory Doctorow
infosec This Welsh password generator might keep you safe from hackers, but definitely from dragons Thom Dunn
happy mutants Tiny alterations in training data can introduce "backdoors" into machine learning models Cory Doctorow
Boing Boing Gadgets Consumer Reports Labs is hiring 8 staffers: technologists, journalists and wonks Cory Doctorow
books An interview with Andy Greenberg about his book Sandworm, on the Russian state hackers who attack power grids Cory Doctorow
happy mutants Tpmfail: a timing attack that can extract keys from secure computing chips in 4-20 minutes Cory Doctorow
crime A woman's stalker compromised her car's app, giving him the ability to track and immobilize it Cory Doctorow
security My review of Sandworm: an essential guide to the new, reckless world of "cyberwarfare" Cory Doctorow
security White House cybersecurity adviser Giuliani took his iPhone to the Genius Bar when he forgot his password David Pescovitz
security New York Times abruptly eliminates its "director of information security" position: "there is no need for a dedicated focus on newsroom and journalistic security" Cory Doctorow
security Japanese robot hotel chain ignored repeated warnings that its in-room "bed-facing" robots could be turned into spy devices Cory Doctorow
security Equifax used "admin/admin" as login and pass for an unencrypted server full of your personal data Cory Doctorow
security It's dismayingly easy to make an app that turns a smart-speaker into a password-stealing listening device and sneak it past the manufacturer's security checks Cory Doctorow
security Attribution is hard: the incredible skullduggery used to try to blame the 2018 Olympic cyberattack on North Korea Cory Doctorow