How it feels to be under DDoS attack

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1094

At this week's O'Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN -- a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees. Read the rest

Misconfigured database exposes sensitive data for 154 million US voters

ElectoralCollege2012.svg.png

A new US voter database leak has exposed the addresses, estimated income, ethnicity, phone numbers, political affiliation, and voting history of 154 million Americans.

Read the rest

1 in 5 snoop on a phone belonging to a friend or loved one

hqdefault

In Snooping on Mobile Phones: Prevalence and Trends, a paper presented at SOUPS 16, computer scientists from UBC and the University of Lisbon show that a rigorous survey reveals that up to one in five people have snooped on a loved one or friend by accessing their phone. Read the rest

One million machines, including routers, used to attack banks

ZyXEL_Prestige_600_series_20070304

Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest

W3C DRM working group chairman vetoes work on protecting security researchers and competition

drm-og-1

For a year or so, I've been working with the EFF to get the World Wide Web Consortium to take steps to protect security researchers and new market-entrants who run up against the DRM standard they're incorporating into HTML5, the next version of the key web standard. Read the rest

Who really hacked the DNC?

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1117

Earlier this week Crowdstrike, a security company hired by the Democratic National Committee, announced that the party's servers had been deeply penetrated by hackers working for the Russian government, who had made off with many sensitive files, including the DNC's Trump oppo research spreadsheet. Read the rest

Security economics: black market price of hacked servers drops to $6

5900608214_8c609f61e7_b (1)

A new Kaspersky report analyzes an online hacker marketplace called xDedic, where access to 70,000 hacked servers -- multiplayer game servers, billing servers, cellular/ISP servers, dating servers, betting servers, government and university servers -- in 173 countries can be bought for $6 and up. Read the rest

Intel x86s hide another CPU that can take over your machine (you can't audit it)

PIC12C508-HD
Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late.

Young Journalist contest: win admission to the HOPE hacker conference

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1096

This summer, NYC's Pennsylvania Hotel will once again fill with joyous hackers as 2600 Magazine celebrates the 11th Hackers on Planet Earth conference (HOPE): I'm giving a keynote, and if you're a student or young journalist, you can win admission to the conference by writing an article about subjects of interest to the event. Read the rest

Hacker puppets explain why malware and popups are still a thing online

animation

Gus the hacker puppeteer (previously) writes, "Most of us have a relative whose computer or phone is still a snake's nest of pop-ups and malware. The 'YOUR COMPUTER HAS A VIRUS, CLICK TO SCAN' attack is still a thing, 2016 though it may be. And there are enough people asking 'why do ads pop up (on my iPhone, computer, etc)' for that question to register on Google search autocomplete." Read the rest

Password hashing demystified

1200px-Double-alaskan-rainbow

The password breaches are getting stronger and worser, and hardly a week goes by without a dump that's a couple zeroes bigger than the biggest to date -- but not all password breaches are created equal, and a lot depends on whether and how the passwords were hashed. Read the rest

Jacob Appelbaum, Tor developer and Wikileaks staffer, resigns amid sex abuse claims

800px-RightsCon_Rio_2012-_Jacob_Applebaum

Appelbaum, whose work has put him in the crosshairs of his own government and foreign states, resigned from the Tor project on Friday, accompanied by a short note from Tor executive director Shari Steele. Read the rest

United Arab Emirates hacked UK journalist

roadmap

A new research report from Citizenlab painstaking traces the origins of a series of sophisticated hacking attacks launched at Rori Donaghy, a UK journalist for Middle East Eye who founded the Emirates Center for Human Rights, which reports critically on the autocratic regime that runs the UAE, and 27 other targets. Read the rest

Security researcher discovers glaring problem with patient data system, FBI stages armed dawn raid

20160525_082708b

Justin Shafer was roused from his bed this week by thunderous knocking at his North Richland Hills, Texas home, and when he opened the door, found himself staring down the barrel of a 'big green' assault weapon, wielded by one of the 12-15 armed FBI agents on his lawn. Read the rest

DDoSers sell attacks for $5 on Fivver

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1068

Many years ago, EFF co-founder John Gilmore and I were discussing the prevalence of botnets, which are commonly used to launch distributed denial of service (DDoS) attacks that overwhelm websites with floods of traffic; John said that if the botnets were really on the rise at the reported rate, we should expect to see a massive crash in the price of DDoS services, following simple supply/demand logic. Read the rest

EFF fights order to remove public records documents detailing Seattle's smart-meters

animation (3)

Earlier this week, I wrote about the legal threats from Landis and Gyr against the Freedom of Information service Muckrock, which had received documents from the City of Seattle detailing the workings of Landis and Gyr's smart-meter system, which Seattle has purchased from them at public expense. Read the rest

Edward Snowden performs radical surgery on a phone to make it "go black"

animation (1)

If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it's not in use. Read the rest

More posts