Bible references make very weak passwords

An analysis of passwords found in the 2009 breach of Rockyou -- 32 million accounts -- finds a large number of Biblical references ("jesus"," "heaven", "faith", etc), including a number of Bible verse references ("john316"). Read the rest

Autoexec.bat: the tee-shirt

Adam "Ape Lad" Koford writes, "Last Wednesday night as I was falling asleep, an idea came to me. The next morning I drew it and posted it online, not thinking much else of it. Then it started to go viral, and now it's on a shirt. Of all the drawings I've posted online over the past ten+ years, I guess I'm the autoexec.bat guy now." Read the rest

Feminist cybersecurity 101

The DIY Feminist Guide to Cybersecurity, available in Spanish and English, is designed to be a quickstart for "gendered, racialized, queerphobic, transphobic, ableist, and classist" threats to digital autonomy, created because "companies and developers frequently ignore or underestimate the digital threats to these spaces and their users." Read the rest

Digital self-defense for journalists

The Opennews project has published a set of annotated links to digital operational security tutorials that are relevant to journalists looking to defend themselves against various kinds of attacks, covering two-factor authentication, password managers, phishing, first aid for malware infections, and related subjects. (via 4 Short Links) Read the rest

Filmmakers want cameras with encrypted storage

Documentarians and news-gatherers who record sensitive material from confidential sources live in terror of having their cameras seized and their storage-cards plundered by law-enforcement; they struggle to remember to immediately transfer their files to encrypted laptop storage and wipe their cards while dodging bombs in conflict zones, or simply to remember to have robotically perfect operational security while they are trying to get a movie made. Read the rest

12 days of two-factor authentication: this Xmas, give yourself the gift of opsec

The Electronic Frontier Foundation has launched a new series, 12 Days of 2FA, in which every installment explains how to turn on two-factor authentication for a range of online services and platforms. Read the rest

Learning about the internal culture of the NSA from 262 leaked articles from its internal employee newsletter

The Intercept continues its work analyzing SID Today, the NSA's internal employee newsletter, with a fresh release of 262 articles -- these are in addition to the 166 articles published last spring. Read the rest

How governments and cyber-militias attack civil society groups, and what they can do about it

The University of Toronto's Citizen Lab (previously) is one of the world's leading research centers for cybersecurity analysis, and they are the first port of call for many civil society groups when they are targeted by governments and cyber-militias. Read the rest

Reflectacles get a new feature: CCTV-blinding infrared reflectors

Reflectacles, the hyper-reflective Ray Ban-style $75 glasses frames that Scott Urban is Kickstarting have a new feature: now you can get ones doped with materials that reflect the infrared light that CCTVs kick out to let them capture images in low light, which blind cameras' sensors. Cool! Read the rest

Digital Defenders: a free open-licensed booklet for kids about privacy and crypto

European Digital Rights has created a free, CC-licensed kids' booklet about privacy called Digital Defenders. Read the rest

In a leaked "weaponized information" catalog, Indian cyberarms dealer offers blackest-ever SEO

In 2014, an Indian company called Aglaya brought a 20-page brochure to ISS World (AKA the Wiretappers' Ball -- the annual trade fair where governments shop for surveillance technology): the brochure laid out the company's offerings, which ranged from mobile malware for Ios and Android to a unique "Weaponized Information" selection that combined denial-of-service with disinformation to "discredit a target" online. Read the rest

Edward Snowden performs radical surgery on a phone to make it "go black"

If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it's not in use. Read the rest

Volkswagen's internal Dieselgate probe stuck because the company used code-words for its cheat software

The internal Volkswagen investigators who are trying to figure out who knew what, when, about the company's illegal, lethal practice of programming its cars to cheat on emissions tests say they've been slowed down because the company assigned dozens of secret code-names to the software, such as "acoustic software." Read the rest

Brussels terrorists kept their plans in an unencrypted folder called "TARGET"

Remember how, in the wake of the horrific terrorist attacks on Brussels last month, authorities all over the world declared that the world was critically endangered by cryptography, insisting that crazy, far-reaching crypto-bans were necessary to prevent another attack? Read the rest

ISIS opsec: jihadi tech bureau recommends non-US crypto tools

The US government is attempting to force Apple to backdoor its Iphone security, congress is considering mandatory backdoors for all secure technology, and FBI director James Comey insists that this will work, because there's no way that America's enemies might just switch over to using technology produced in other countries without such mandates. Read the rest

Laura Poitras's Astro Noise: indispensable book and gallery show about mass surveillance

Laura Poitras is the Macarthur-winning, Oscar-winning documentarian who made Citizenfour. Her life has been dogged by government surveillance and harassment, and she has had to become a paranoid OPSEC ninja just to survive. Read the rest

Army decides to stop putting soldiers' Social Security numbers on their dog tags

In a major policy change that sounds like a Very Good Idea, the U.S. Army announced today that dog tags will no longer include the Social Security numbers of the soldier wearing them. SSNs have been part of this identification system for over 40 years.

Read the rest

More posts