You can install ransomware on a Samsung Galaxy by sending it an SMS

Researchers from Context Security have identified a vulnerability in Samsung Galaxy phones: by embedding commands in the obsolete, 17-year-old WAP proptocol in an SMS message, attackers can put them into endless reboot loops, or encrypt their storage and charge the phone's owners for a decryption key. Read the rest

At least twice, Sean Spicer has accidentally tweeted the password to his official White House spokesman Twitter account

Day six! It's also a pretty shitty password. Let's hope he's got 2-factor auth turned on! Also, Trump's still using his insecure personal Android device. Read the rest

Researchers discover hundreds of thousands of unsuspected, Star Wars-themed twitterbots hiding in plain sight

Twitter is a great place for bots. Botherders like Shardcore produce amazing, politics, artistic bots that mine Twitter, inject useful information into Twitter, or just frolic on Twitter, making it a better place. Twitterbots produce entries in imaginary grimoires, conduct sociological research, produce virtual model railroads, alert the public when governments try to make bad news disappear, and much, much more. Read the rest

UPDATED: Ransomware creeps steal the entire St Louis library system

Update: The library system has recovered access to its computers.

The libraries of St Louis, MO have been crippled by a ransomware attack that has shut down the public terminals the library provides to the poor and vulnerable of St Louis, as well as the systems used to process book and material lending (the catalog is on a separate, uninfected system). Read the rest

Facebook CSO Alex Stamos is a human warrant-canary for the Trump era

Even before he took the job of Chief Security Officer of Yahoo, Alex Stamos had a reputation for being a badass: a thoughtful security ethicist who served as an expert witness in defense of Aaron Swartz, Stamos cemented his reputation by publicly humiliating the director of the NSA over mass surveillance. Read the rest

Political leaks disrupt Ecuadoran election

Opponents of Ecuadoran president Rafael Correa -- himself a prolific and shrewd social media campaigner -- have had their social media accounts hacked and used to dump embarrassing transcripts purporting to show their party in disarray and romantic scandals in their personal lives. Read the rest

Coded: new documentary series on hackers

Seth Godin sends us this trailer for Coded, a new documentary series on hackers: "There’s an invisible war being waged. And we’re all part of it. Foreign governments are hacking major corporations. Major corporations are collecting massive amounts of consumer data. And the NSA is listening…to everything. But a new generation of programmers armed with powerful technology is rising up and fighting back. Freethink presents a new original series: Coded." Read the rest

Squirrels are vastly more harmful to the world's power grids than "the cyber" is

Of 1700+ known acts of global power-grid sabotages, affecting some 5,000,000 people, 879 were caused by squirrels; between 0 and 1 were caused by Russia, and another 1 was caused by the USA (Stuxnet). Read the rest

Houseguests, technological literacy, and the goddamned wifi: a single chart

Randal Munroe nails it again in an XKCD installment that expresses the likelihood that your houseguests will be able to connect to your wifi (I confess to having been the "firmware" guide -- but also, having been reminded to do something about my own firmware when other difficult houseguests came to stay). Read the rest

Whatsapp: Facebook's ability to decrypt messages is a "limitation," not a "defect"

Facebook spokespeople and cryptographers say that Facebook's decision to implement Open Whisper Systems' end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user's knowledge reflects a "limitation" -- a compromise that allows users to continue conversations as they move from device to device -- and not a "defect." Read the rest

It turns out that halfway clever phishing attacks really, really work

A new phishing attack hops from one Gmail account to the next by searching through compromised users' previous emails for messages with attachments, then replies them from the compromised account, replacing the link to the attachment with a lookalike that sends you to a fake Google login page (they use some trickery to hide the fake in the location bar); the attackers stand by and if you enter your login/pass, they immediately seize control of your account and attack your friends. Read the rest

Moral panic: Japanese girls risk fingerprint theft by making peace-signs in photographs

Isao Echizen, a researcher at Japan's National Institute of Informatics, told a reporter from the Sankei Shimbun that he had successfully captured fingerprints from photos taken at 3m distance at sufficient resolution to recreate them and use them to fool biometric identification systems (such as fingerprint sensors that unlock mobile phones). Read the rest

Bible references make very weak passwords

An analysis of passwords found in the 2009 breach of Rockyou -- 32 million accounts -- finds a large number of Biblical references ("jesus"," "heaven", "faith", etc), including a number of Bible verse references ("john316"). Read the rest

New ransomware will delete all your files -- unless you read two articles on avoiding ransomware

A newly discovered strain of the Koolova ransomware encrypts all your files and deletes the keys -- unless you read two articles about avoiding ransomware: Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom (Bleeping Computer) and Stay safe while browsing (Google Security Blog). Read the rest

Hyperface: a fabric that makes computer vision systems see faces everywhere

Adam Harvey, creator of 2012's CV Dazzle project to systematically confound facial recognition software with makeup and hairstyles, presented his latest dazzle iteration, Hyperface, at the Chaos Communications Congress in Hamburg last month. Read the rest

No, Russia didn't hack Vermont's power grid

Despite what you might have read in this alarming story in the Washington Post, Russia did not hack Vermont's power authority. Read the rest

Your smart meter is very secure (against you) and very insecure (against hackers)

In On Smart Cities, Smart Energy, And Dumb Security -- Netanel Rubin's talk at this year's Chaos Communications Congress -- Rubin presents his findings on the failings in the security of commonly deployed smart meters. Read the rest

More posts