Juniper blinks: firewall will nuke the NSA's favorite random number generator

image02

In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA. Read the rest

Juniper's products are still insecure; more evidence that the company was complicit

MX480_left.png

It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest

If you think self-driving cars have a Trolley Problem, you're asking the wrong questions

train

In my latest Guardian column, The problem with self-driving cars: who controls the code?, I take issue with the "Trolley Problem" as applied to autonomous vehicles, which asks, if your car has to choose between a maneuver that kills you and one that kills other people, which one should it be programmed to do? Read the rest

UK police rely heavily on cyberweapons but won't answer any questions about them

1024px-New_Scotland_Yard_sign_3

The UK police and security services have frequently touted the necessity of "equipment interference" techniques -- cyberweapons used to infect suspects' computers -- in their investigations, but they have refused to release any information about their use in response to 40 Freedom of Information requests from Motherboard. Read the rest

Israeli company's product can (allegedly) pwn any nearby mobile phone

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x909

The Interapp from Tel Aviv's Rayzone Group is an intrusion appliance that uses a cache of zero-day exploits against common mobile phone OSes and is marketed as having the capability to infect and take over any nearby phone whose wifi is turned on. Read the rest

Everybody knows: FBI won't confirm or deny buying cyberweapons from Hacking Team

1449679579152245

Back in July, a hacker dumped the emails and other files from Hacking Team, Italy's notorious cyber-arms dealer. Coincidentally, Vice had recently filed a Freedom of Information Act request with the FBI, asking if they were buying cyberweapons from Hacking Team. Read the rest

Devastating technical rebuttal to the Snoopers Charter

16369925086_4b0a51b9d7_b

The Snoopers Charter is the UK Tory government's proposal to force ISPs to retain records of all their customers' online activities, and the government has used the excuse of the Paris attacks to call for its immediate passage despite the fact that the £175m/year the government has budgeted to defray ISPs' costs is not even close to enough to pay for the massive surveillance effort, meaning that Britons' ISP bills are set to soar if it passes. Read the rest

Manhattan DA calls for backdoors in all mobile operating systems

g3

A new report from the Manhattan District Attorney calls for law requiring "any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant." Read the rest

UK law will allow secret backdoor orders for software, imprison you for disclosing them

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x829

Under the UK's new Snoopers Charter (AKA the Investigatory Powers Bill), the Secretary of State will be able to order companies to introduce security vulnerabilities into their software ("backdoors") and then bind those companies over to perpetual secrecy on the matter, with punishments of up to a year in prison for speaking out, even in court. Read the rest

UK police & spies will have warrantless access to your browsing history

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x818

A new plan from Tory Home Secretary/Sith Lord Theresa May will require ISPs to retain one year's worth of Britons' online activity, and hand it over to the police and security services on demand, without a warrant. Read the rest

23andme & Ancestry.com aggregated the world's DNA; the police obliged them by asking for it

KRZYWE

When 23andme and Ancestry.com began their projects of collecting and retaining the world's DNA, many commentators warned that this would be an irresistible target for authoritarians and criminals, and that it was only a matter of time until cops started showing up at their doors, asking for their customers' most compromising data. Read the rest

The FBI has no trouble spying on encrypted communications

cipav_timberline-440x393

Every time the Bureau wants to spy on someone whose communications are encrypted, they just hack them. Read the rest

EFF announces the 2015 Pioneer Award winners

Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra will be awarded the EFF's prestigious prize recognizing the leaders who are extending freedom and innovation on the electronic frontier. Read the rest

Check whether Hacking Team demoed cyberweapons for your local cops

Michael from Muckrock sez, "Turns out death squads aren't the only agencies buying Hacking Squad's controversial spyware. Town from Miami Shores, FL to Eugene, OR appeared on a list of US agencies that received demonstrations from the hacked surveillance vendor. MuckRock has mapped out who was on the lists, and is working to FOIA what these towns actually bought, if anything. Check and see if your city is on the map." Read the rest

Hacking Team leak: bogus copyright takedowns and mass DEA surveillance in Colombia

Fallout from yesterday's enormous dump of internal documents from Italy's notorious Hacking Team, a cyber-arms dealer for the world's worst autocratic regimes, is just getting started. Read the rest

GCHQ hacking squad worried about getting sued for copyright violation

The British spy-agency targeted anti-virus software and other common applications in reverse-engineering projects aimed at discovering and weaponizing defects in the code. Read the rest

If you want a picture of the future, imagine a Roomba leaking pix of your home, forever

The game-plan for future Roombas may fit them with cameras that send images of your home to a remote service that identifies obstacles and lets the little robots clean around them -- what could possibly go wrong? Read the rest

More posts