1 billion computer monitors vulnerable to undetectable firmware attacks

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1153

A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen. Read the rest

EFF and partners reveal Kazakh government phished journalists, opposition politicians

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1152

At Defcon, researchers from the Electronic Frontier Foundation, First Look Media and Amnesty International, revealed their findings on a major phishing attack through which the government of Kazakhstan was able to hack opposition journalists and arrange for an opposition politician's extradition from exile in Italy to Kazakhstan. Read the rest

Russian bill mandates backdoors in all communications apps

800px-Moscow_05-2012_Kremlin_23

A pending "anti-terrorism" bill in the Duma would require all apps to contain backdoors to allow the secret police to spy on the country's messaging, in order to prevent teenagers from being "brainwashed" to "murder police officers." Read the rest

United Arab Emirates hacked UK journalist

roadmap

A new research report from Citizenlab painstaking traces the origins of a series of sophisticated hacking attacks launched at Rori Donaghy, a UK journalist for Middle East Eye who founded the Emirates Center for Human Rights, which reports critically on the autocratic regime that runs the UAE, and 27 other targets. Read the rest

The UK government's voice-over-IP standard is designed to be backdoored

dadams2

GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security." Read the rest

If the FBI can force decryption backdoors, why not backdoors to turn on your phone's camera?

HAL9000.svg

Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest

Racial justice organizers to FBI vs Apple judge: crypto matters to #blacklivesmatter

600_439824805

Phenomena like the Harlem Cryptoparty demonstrate the connection between racial justice and cryptography -- civil rights organizers remember that the FBI spied on and blackmailed Martin Luther King, sending him vile notes encouraging him to kill himself. Read the rest

DoD wants $660M to respond to Freedom of Information request on "Hotplugs"

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x983

The Department of Defense sent Muckrock a demand for $660 million as a requirement for fulfilling a Freedom of Information Act request for records about the Hotplug, a gadget that allows you to transport computers without shutting them down -- used by law enforcement to move suspect computers to forensic facilities without shutting them down and potentially parking drives in an encrypted state. Read the rest

Wanting it badly isn't enough: backdoors and weakened crypto threaten the net

fantasy-639115_960_720
As you know, Apple just said no to the FBI's request for a backdoor in the iPhone, bringing more public attention to the already hot discussion on encryption, civil liberties, and whether “those in authority” should have the ability to see private content and communications -- what's referred to as “exceptional access.”[1]

Juniper blinks: firewall will nuke the NSA's favorite random number generator

image02

In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA. Read the rest

Juniper's products are still insecure; more evidence that the company was complicit

MX480_left.png

It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest

If you think self-driving cars have a Trolley Problem, you're asking the wrong questions

train

In my latest Guardian column, The problem with self-driving cars: who controls the code?, I take issue with the "Trolley Problem" as applied to autonomous vehicles, which asks, if your car has to choose between a maneuver that kills you and one that kills other people, which one should it be programmed to do? Read the rest

UK police rely heavily on cyberweapons but won't answer any questions about them

1024px-New_Scotland_Yard_sign_3

The UK police and security services have frequently touted the necessity of "equipment interference" techniques -- cyberweapons used to infect suspects' computers -- in their investigations, but they have refused to release any information about their use in response to 40 Freedom of Information requests from Motherboard. Read the rest

Israeli company's product can (allegedly) pwn any nearby mobile phone

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x909

The Interapp from Tel Aviv's Rayzone Group is an intrusion appliance that uses a cache of zero-day exploits against common mobile phone OSes and is marketed as having the capability to infect and take over any nearby phone whose wifi is turned on. Read the rest

Everybody knows: FBI won't confirm or deny buying cyberweapons from Hacking Team

1449679579152245

Back in July, a hacker dumped the emails and other files from Hacking Team, Italy's notorious cyber-arms dealer. Coincidentally, Vice had recently filed a Freedom of Information Act request with the FBI, asking if they were buying cyberweapons from Hacking Team. Read the rest

Devastating technical rebuttal to the Snoopers Charter

16369925086_4b0a51b9d7_b

The Snoopers Charter is the UK Tory government's proposal to force ISPs to retain records of all their customers' online activities, and the government has used the excuse of the Paris attacks to call for its immediate passage despite the fact that the £175m/year the government has budgeted to defray ISPs' costs is not even close to enough to pay for the massive surveillance effort, meaning that Britons' ISP bills are set to soar if it passes. Read the rest

Manhattan DA calls for backdoors in all mobile operating systems

g3

A new report from the Manhattan District Attorney calls for law requiring "any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant." Read the rest

More posts