Securing the IoT: a tele-dildo controlled through the Tor network

Security researcher Sarah Jamie Lewis wanted to demonstrate that the horrific stories of insecure networked sex-toys (and other Internet of Things devices) was the result of manufacturers' negligence, not the intrinsic limitations of information security. Read the rest

What not to do when you're anonymous, if you want to stay that way

If you're using an anonymity tool -- Tor or something like it -- to be anonymous on the internet, it's really easy to screw it up and do something that would allow an adversary of varying degrees of power (up to and including powerful governments) to unmask you. Read the rest

Defcon's hotel business-center won't print from links or USBs

Defcon, the hacker and security conference, is coming to Caesar's Palace this weekend (I'm speaking!), and that means that the hotel needs to start thinking hard about the security of its systems, likely to be targeted both in earnest (by people who want to spy on attendees) and in jest (by attendees who want to prank their fellows by announcing that they've compromised everyone's systems). Read the rest

Journalism After Snowden: essays about a free press in a surveillance state

Journalism After Snowden: The Future of the Free Press in the Surveillance State is a new essay collection from Columbia Journalism Review Books with contributions from Ed Snowden, Alan Rusbridger (former editor-in-chief of The Guardian); Jill Abramson (former New York Times executive editor; Glenn Greenwald, Steve Coll (Dean of Columbia Graduate School of Journalism), Clay Shirky, Cass Sunstein, and Julia Angwin. Read the rest

Opsec and #blacklivesmatter: how Trump is motivating activists to learn and practice digital security

It's been more than two years since Harlem Cryptoparty made the connection between the struggle for racial justice in America and access to networks and encryption; the Trump election has strengthened that proposition, with a national network of Digital Security in the Era of Trump workshops where activists train each other on operational security. Read the rest

Opsec for a world where the laptop ban goes global

If the Trump administration makes good on its promise to pack all potentially explosive laptops together in a blast-multiplying steel case in the plane's hold, it will be good news for would-be bombers -- and bad news for your data security. Read the rest

1Password's new travel mode locks you out of your accounts while you're travelling and crossing borders

1Password has taken Maciej Cegłowski's demand for a "travel mode" for our technology to heart, introducing a new feature that locks you out of your own accounts when you're in situations where you might lose control of your devices or be compelled to log into your accounts without your consent.

Read the rest

The abysmal information security at Trump properties has probably already compromised US secrets

Propublica and Gizmodo sent a penetration-testing team to Mar-a-Lago, the Trump resort that has been at the center of series of controversial potential breaches of US military secrecy (for example, loudly discussing sensitive information about the North Korean missile launch in the club's full, public dining room); they discovered that it would be child's play to hack the Mar-a-Lago networks, and that indeed, the networks have almost certainly already been hacked. Read the rest

The CIA created a "Snowden Stopper" to catch future whistleblowers

The latest Wikileaks release of leaked CIA cyberweapons includes "Scribbles" -- referred to by the CIA as the "Snowden Stopper" -- a watermarking tool that embeds web-beacon style tracking beacons into secret documents that quietly notify a central server every time the document is opened. Read the rest

Mafia used the text-message ticker at the bottom of a sports broadcast to get messages to mob bosses

Quelli che il Calcio (That which is Football) is one of Italy's top sports broadcasts and it is played in the country's prisons; it has a ticker that you can send SMSes to that then show up on screen. Read the rest

How to protect your privacy at a protest

Micah Lee and The Intercept put together this video with “tips on how to prepare your phone before you go to a protest and on how to safely communicate with your friends.”

Read the rest

The basic opsec failures that unmasked James Comey's Twitter show how hard this stuff is

Gizmodo's Ashley Feinberg (almost certainly) figured out that James Comey's secret Twitter handle was @projectexile7, because America's top G-man failed at some of the most basic elements of operational security. Read the rest

Wishbone breaks: massive leak of popular survey site reveals millions of teens' information

Wishbone is an online survey creation tool that's popular with teens, who use it to post quizzes, one of the top ten social Iphone apps in the USA. All of its records have leaked: millions of records, including millions of email addresses and full names, as well as hundreds of thousands of cellphone numbers. Read the rest

Washington Post and Jigsaw launch a collaborative pop-up dictionary of security jargon

Information security's biggest obstacle isn't the mere insecurity of so many of our tools and services: it's the widespread lack of general knowledge about fundamental security concepts, which allows scammers to trick people into turning off or ignoring security red flags. Read the rest

Advanced de-faking: using public sources to trace the true age of a suspected propaganda video

Henk van Ess teaches workshops in online investigative techniques; he worked with colleagues and a team of students from Axel Springer Academie to analyze a viral news video that purported to show a discarded missile launcher that had been discovered near Cairo's international airport in 2011, but only published last month. Read the rest

Federal magistrate judge in Illinois rules that being forced to unlock your phone with a fingerprint could violate your rights

M. David Weisman, a magistrate judge in Illinois's Eastern Division, denied a federal warrant application that would have allowed law enforcement officers to force suspects to unlock their mobile devices with a fingerprint, ruling that the suspects' Fourth Amendment (undue search and seizure) and Fifth Amendment (self-incrimination) rights protected them from being forced to unlock their devices. Read the rest

Human rights coalition to DHS: don't demand social media passwords from people entering the USA

A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly's remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry. Read the rest

More posts