Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop. Read the rest

The secret text of the GOP's border bill reveals plan to dramatically increase surveillance of Americans and visitors

Sen. John Cornyn [R-TX, @JohnCornyn, +1 202-224-2934] introduced the Building America's Trust Act as a "long-term border security and interior enforcement strategy" but refused to release the bill's text, which has now leaked. Read the rest

It's not hard to think of ways to outsmart Stingray-detector apps

A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other "cell-site simulators" (AKA IMSI catchers). Read the rest

Securing the IoT: a tele-dildo controlled through the Tor network

Security researcher Sarah Jamie Lewis wanted to demonstrate that the horrific stories of insecure networked sex-toys (and other Internet of Things devices) was the result of manufacturers' negligence, not the intrinsic limitations of information security. Read the rest

Reidentification attack reveals German judge's porn-browsing habits

In their Defcon 25 presentation, "Dark Data", journalist Svea Eckert and data scientist Andreas Dewes described how easy it was to get a massive trove of "anonymized" browsing habits (collected by browser plugins) and then re-identify the people in the data-set, discovering (among other things), the porn-browsing habits of a German judge and the medication regime of a German MP. Read the rest

What not to do when you're anonymous, if you want to stay that way

If you're using an anonymity tool -- Tor or something like it -- to be anonymous on the internet, it's really easy to screw it up and do something that would allow an adversary of varying degrees of power (up to and including powerful governments) to unmask you. Read the rest

Malware sucks: crappy code makes it easy to hack hackers

Common Remote Access Trojan (RAT) tools -- which allow hackers to remotely control hijacked computers, from the cameras and mics to the hard-drive and keyboard -- are very badly written and it's easy to hijack computers running the "command and control" components that malicious hackers use to control RATted systems. Read the rest

EU's highest court strikes down passenger data-sharing arrangement with Canada

The European Court of Justice has ruled that the 2014 EU-Canada passenger name record (PNR) agreement was "incompatible with the fundamental rights recognised by the EU," because the records ("names, travel dates, itineraries, ticket and contact details, travel agents and other information") were used for purposes "beyond what is strictly necessary for the prevention and detection of terrorist offences and serious transnational crime." Read the rest

Roomba wants to sell the maps of the inside of your home it created while cleaning

Your Roomba vacuum cleaner collects data about the size and geometry of your home as it cleans and transmits that data back to Irobot, Roomba's parent company -- and now the company says it wants to sell that data to companies like Apple and Google. Read the rest

China forces Xinjiang Uyghurs to install mobile spyware, enforces with stop-and-frisk

China's Xinjiang province is home to the Uyghur ethnic/religious minority, whose fights for self-determination have been brutally and repeatedly crushed by the Chinese state: now, people in Xinjiang are being required to install mobile spyware on their devices. Read the rest

Swedish transport agency breach exposes millions, from spies to confidential informants

The Swedish Transportstyrelsen (Transport Agency) botched its outsourcing to IBM, uploading its records to IBM's cloud and then emailing cleartext copies to marketing managers, unvetted IBM employees in the Czech Republic and others. Read the rest

A brief history of Alice & Bob, cryptography's first couple

Alice and Bob are the hypothetical communicants in every cryptographic example or explainer, two people trying to talk with one another without being thwarted or overheard by Eve, Mallory and their legion of nefarious friends. Read the rest

Puzzles that teach the fundamentals of crypto's essential, elusive zero-knowledge proofs

Zero-knowledge proofs are one of the most important concepts in cryptography: they're a way to "validate a computation on private data by allowing a prover to generate a cryptographic proof that asserts to the correctness of the computed output" -- in other words, a way to prove that something is true without learning the details. Read the rest

Guide to finding and erasing your online data doppelganger

The New York Times rounds up direct links to several services surveillance opt-out screens, including some I'd never thought to look for (Amazon), as well as instructions for installing tracking blockers and no-script extensions that will limit the data trail you exhaust behind yourself as you traverse the net. Read the rest

The Private Eye: a supervillain tries to bring the internet back to a world where the press are the cops

Brian K Vaughan and artists Marcos Martin and Muntsa Vicente started syndicating The Private Eye just before the first Snowden revelations hit, which was a fortuitous bit of timing for them, since their surreal science fictional tale was set in a future where the rupture of all internet security had provoked humanity into banning the internet altogether, replacing it with a world where cable news was so dominant that the police had been replaced by reporters.

Mozilla's new Android browser blocks ads and trackers

Mozilla has extended and improved its Firefox Focus browser, heretofore an Ios product, bringing it to Android, with auto-blocking of trackers and ads and making it easy to erase your browser history. Read the rest

In Rhode Island, students and parents must let schools spy on them day and night through their laptops

A majority of the Rhode Island school districts with "1-1" programs where each student is issued a laptop have a blanket policy of spying on the students and everything they do on their laptops, during, before and after school hours, on or off school premises, without any evidence (or even suspicion ) of wrongdoing. Read the rest

More posts