1Password's new travel mode locks you out of your accounts while you're travelling and crossing borders

1Password has taken Maciej Cegłowski's demand for a "travel mode" for our technology to heart, introducing a new feature that locks you out of your own accounts when you're in situations where you might lose control of your devices or be compelled to log into your accounts without your consent.

Read the rest

The abysmal information security at Trump properties has probably already compromised US secrets

Propublica and Gizmodo sent a penetration-testing team to Mar-a-Lago, the Trump resort that has been at the center of series of controversial potential breaches of US military secrecy (for example, loudly discussing sensitive information about the North Korean missile launch in the club's full, public dining room); they discovered that it would be child's play to hack the Mar-a-Lago networks, and that indeed, the networks have almost certainly already been hacked. Read the rest

The CIA created a "Snowden Stopper" to catch future whistleblowers

The latest Wikileaks release of leaked CIA cyberweapons includes "Scribbles" -- referred to by the CIA as the "Snowden Stopper" -- a watermarking tool that embeds web-beacon style tracking beacons into secret documents that quietly notify a central server every time the document is opened. Read the rest

Mafia used the text-message ticker at the bottom of a sports broadcast to get messages to mob bosses

Quelli che il Calcio (That which is Football) is one of Italy's top sports broadcasts and it is played in the country's prisons; it has a ticker that you can send SMSes to that then show up on screen. Read the rest

How to protect your privacy at a protest

Micah Lee and The Intercept put together this video with “tips on how to prepare your phone before you go to a protest and on how to safely communicate with your friends.”

Read the rest

The basic opsec failures that unmasked James Comey's Twitter show how hard this stuff is

Gizmodo's Ashley Feinberg (almost certainly) figured out that James Comey's secret Twitter handle was @projectexile7, because America's top G-man failed at some of the most basic elements of operational security. Read the rest

Wishbone breaks: massive leak of popular survey site reveals millions of teens' information

Wishbone is an online survey creation tool that's popular with teens, who use it to post quizzes, one of the top ten social Iphone apps in the USA. All of its records have leaked: millions of records, including millions of email addresses and full names, as well as hundreds of thousands of cellphone numbers. Read the rest

Washington Post and Jigsaw launch a collaborative pop-up dictionary of security jargon

Information security's biggest obstacle isn't the mere insecurity of so many of our tools and services: it's the widespread lack of general knowledge about fundamental security concepts, which allows scammers to trick people into turning off or ignoring security red flags. Read the rest

Advanced de-faking: using public sources to trace the true age of a suspected propaganda video

Henk van Ess teaches workshops in online investigative techniques; he worked with colleagues and a team of students from Axel Springer Academie to analyze a viral news video that purported to show a discarded missile launcher that had been discovered near Cairo's international airport in 2011, but only published last month. Read the rest

Federal magistrate judge in Illinois rules that being forced to unlock your phone with a fingerprint could violate your rights

M. David Weisman, a magistrate judge in Illinois's Eastern Division, denied a federal warrant application that would have allowed law enforcement officers to force suspects to unlock their mobile devices with a fingerprint, ruling that the suspects' Fourth Amendment (undue search and seizure) and Fifth Amendment (self-incrimination) rights protected them from being forced to unlock their devices. Read the rest

Human rights coalition to DHS: don't demand social media passwords from people entering the USA

A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly's remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry. Read the rest

It's very hard to maintain an anonymous Twitter account that can withstand government-level attempts to de-anonymize it

It's one thing to set up an "anonymous" Twitter Hulk account whose anonymity your friends and colleagues can't pierce, because the combination of your care not to tweet identifying details, the stilted Hulk syntax, and your friends' inability to surveil the global internet and compel phone companies to give up their caller records suffice for that purpose. Read the rest

Amnesty: hackers spent months building personas used to phish Qatari labor activists

In a new report, Amnesty International summarizes the security research they did on the victims of a sophisticated phishing attack aimed at Qatari labor activists, dubbed "Operation Kingphish." Read the rest

Anonymous infiltrated the KKK by friending Blue Lives Matter supporters on Facebook

The Anonymous activists behind "OpKKK" -- which infiltrated and unmasked Klan members, including many in US military and police departments -- began by creating thin-but-plausible fake identities on Facebook that signalled support for "Blue Lives Matter." By friending other accounts that indicated support for Blue Lives Matter, they found themselves being auto-suggested friendships with KKK members. Read the rest

Trump blabbed about response to North Korean missile launch in the Mar A Lago dining room while diners listened in

After a day of engaging in the most irresponsible activity a president can undertake (according to Donald Trump, anyway), President Trump and Japanese Prime Minister Shinzo Abe went to the Mar A Lago dining room with Steve Bannon and Michael Flynn, when Trump got a phone call about North Korea's missile tests. Read the rest

How to keep your secret activist Twitter account a secret

Despite his widely read criticism of Tor, The Gruqq -- a legendary, pseudonymous security expert -- uses it as first and last line of defense in keeping your secret, activist Twitter account a secret. Read the rest

It's awesome to see all these "rogue" government agency Twitter accounts, but what about hoaxes?

In the immediate aftermath of the Trump administration's gag orders on government employees disclosing taxpayer-funded research results, a series of high-profile "rogue" government agency accounts popped up on Twitter, purporting to be managed by civil servants who are unwilling to abide by the gag order. Read the rest

More posts