Wishbone breaks: massive leak of popular survey site reveals millions of teens' information

Wishbone is an online survey creation tool that's popular with teens, who use it to post quizzes, one of the top ten social Iphone apps in the USA. All of its records have leaked: millions of records, including millions of email addresses and full names, as well as hundreds of thousands of cellphone numbers. Read the rest

Washington Post and Jigsaw launch a collaborative pop-up dictionary of security jargon

Information security's biggest obstacle isn't the mere insecurity of so many of our tools and services: it's the widespread lack of general knowledge about fundamental security concepts, which allows scammers to trick people into turning off or ignoring security red flags. Read the rest

Advanced de-faking: using public sources to trace the true age of a suspected propaganda video

Henk van Ess teaches workshops in online investigative techniques; he worked with colleagues and a team of students from Axel Springer Academie to analyze a viral news video that purported to show a discarded missile launcher that had been discovered near Cairo's international airport in 2011, but only published last month. Read the rest

Federal magistrate judge in Illinois rules that being forced to unlock your phone with a fingerprint could violate your rights

M. David Weisman, a magistrate judge in Illinois's Eastern Division, denied a federal warrant application that would have allowed law enforcement officers to force suspects to unlock their mobile devices with a fingerprint, ruling that the suspects' Fourth Amendment (undue search and seizure) and Fifth Amendment (self-incrimination) rights protected them from being forced to unlock their devices. Read the rest

Human rights coalition to DHS: don't demand social media passwords from people entering the USA

A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly's remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry. Read the rest

It's very hard to maintain an anonymous Twitter account that can withstand government-level attempts to de-anonymize it

It's one thing to set up an "anonymous" Twitter Hulk account whose anonymity your friends and colleagues can't pierce, because the combination of your care not to tweet identifying details, the stilted Hulk syntax, and your friends' inability to surveil the global internet and compel phone companies to give up their caller records suffice for that purpose. Read the rest

Amnesty: hackers spent months building personas used to phish Qatari labor activists

In a new report, Amnesty International summarizes the security research they did on the victims of a sophisticated phishing attack aimed at Qatari labor activists, dubbed "Operation Kingphish." Read the rest

Anonymous infiltrated the KKK by friending Blue Lives Matter supporters on Facebook

The Anonymous activists behind "OpKKK" -- which infiltrated and unmasked Klan members, including many in US military and police departments -- began by creating thin-but-plausible fake identities on Facebook that signalled support for "Blue Lives Matter." By friending other accounts that indicated support for Blue Lives Matter, they found themselves being auto-suggested friendships with KKK members. Read the rest

Trump blabbed about response to North Korean missile launch in the Mar A Lago dining room while diners listened in

After a day of engaging in the most irresponsible activity a president can undertake (according to Donald Trump, anyway), President Trump and Japanese Prime Minister Shinzo Abe went to the Mar A Lago dining room with Steve Bannon and Michael Flynn, when Trump got a phone call about North Korea's missile tests. Read the rest

How to keep your secret activist Twitter account a secret

Despite his widely read criticism of Tor, The Gruqq -- a legendary, pseudonymous security expert -- uses it as first and last line of defense in keeping your secret, activist Twitter account a secret. Read the rest

It's awesome to see all these "rogue" government agency Twitter accounts, but what about hoaxes?

In the immediate aftermath of the Trump administration's gag orders on government employees disclosing taxpayer-funded research results, a series of high-profile "rogue" government agency accounts popped up on Twitter, purporting to be managed by civil servants who are unwilling to abide by the gag order. Read the rest

Bible references make very weak passwords

An analysis of passwords found in the 2009 breach of Rockyou -- 32 million accounts -- finds a large number of Biblical references ("jesus"," "heaven", "faith", etc), including a number of Bible verse references ("john316"). Read the rest

Autoexec.bat: the tee-shirt

Adam "Ape Lad" Koford writes, "Last Wednesday night as I was falling asleep, an idea came to me. The next morning I drew it and posted it online, not thinking much else of it. Then it started to go viral, and now it's on a shirt. Of all the drawings I've posted online over the past ten+ years, I guess I'm the autoexec.bat guy now." Read the rest

Feminist cybersecurity 101

The DIY Feminist Guide to Cybersecurity, available in Spanish and English, is designed to be a quickstart for "gendered, racialized, queerphobic, transphobic, ableist, and classist" threats to digital autonomy, created because "companies and developers frequently ignore or underestimate the digital threats to these spaces and their users." Read the rest

Digital self-defense for journalists

The Opennews project has published a set of annotated links to digital operational security tutorials that are relevant to journalists looking to defend themselves against various kinds of attacks, covering two-factor authentication, password managers, phishing, first aid for malware infections, and related subjects. (via 4 Short Links) Read the rest

Filmmakers want cameras with encrypted storage

Documentarians and news-gatherers who record sensitive material from confidential sources live in terror of having their cameras seized and their storage-cards plundered by law-enforcement; they struggle to remember to immediately transfer their files to encrypted laptop storage and wipe their cards while dodging bombs in conflict zones, or simply to remember to have robotically perfect operational security while they are trying to get a movie made. Read the rest

12 days of two-factor authentication: this Xmas, give yourself the gift of opsec

The Electronic Frontier Foundation has launched a new series, 12 Days of 2FA, in which every installment explains how to turn on two-factor authentication for a range of online services and platforms. Read the rest

More posts