Facebook pitches in $500K to launch Harvard effort to fight election hacking and propaganda attacks

Joe Menn at Reuters reports that Facebook is pitching in an initial $500,000 in seed funding to launch a nonprofit that will work to protect American political parties, voting systems and information providers from malicious attacks by hackers and foreign nation-states.

Read the rest

Roomba wants to sell the maps of the inside of your home it created while cleaning

Your Roomba vacuum cleaner collects data about the size and geometry of your home as it cleans and transmits that data back to Irobot, Roomba's parent company -- and now the company says it wants to sell that data to companies like Apple and Google. Read the rest

Defcon's hotel business-center won't print from links or USBs

Defcon, the hacker and security conference, is coming to Caesar's Palace this weekend (I'm speaking!), and that means that the hotel needs to start thinking hard about the security of its systems, likely to be targeted both in earnest (by people who want to spy on attendees) and in jest (by attendees who want to prank their fellows by announcing that they've compromised everyone's systems). Read the rest

Security researcher arrested after he warns Hungarian transit company about their dumb mistake

A teenager discovered that the website of Budapesti Közlekedési Központ -- the public transit authority in Budapest -- would allow you to edit the price you paid for your tickets, so that purchasers could give themselves massive discounts on their travel, and when he told the authority about it, they had him arrested and issued a press-release boasting about it. Read the rest

A service that turns pictures of keys into working keys

Snap a picture of a key and Key Me will turn it into a working metal key: just a reminder that locks probably aren't as secure you imagine. (via Schneier) Read the rest

Security researchers: EFF's got your back at this summer's technical conferences

Are you a security researcher planning to present at Black Hat, Defcon, B-Sides or any of this summer's security events? Are you worried a big corporation or the government might attack you for revealing true facts about the defects in the security systems we entrust with our safety, privacy and health? Read the rest

Cheating Chinese certificate authorities, caught by Certificate Transparency, will get the death penalty

In 2012, Google introduced Certificate Transparency, an internet-wide tripwire system designed to catch cryptographic "certificate authorities" who abused their position to produce counterfeit credentials that would allow criminals, governments and police to spy on and tamper with secure internet connections. Read the rest

Limn 8: a social science journal issue devoted to hacking

Gabriella Coleman is the hacker anthropologist whose work on the free software movement, Anonymous and the Arab Spring, the politicization of hacking, and the true role of alt-right dank memes in the 2016 elections are critical reading for the 21st century. Read the rest

For sale: any Australian's full health record for a mere $22

A hacker who appears to have ongoing, continuous access to Australia's electronic health care records is selling access to any full record for 0.0089 bitcoin, or about USD22. Read the rest

Researchers demonstrate attack for pwning entire wind-farms

University of Tulsa security researchers Jason Staggs and his colleagues will present Adventures in Attacking Wind Farm Control Networks at this year's Black Hat conference, detailing the work they did penetration-testing windfarms. Read the rest

Industrial robotics security is really, really terrible

Researchers from Politecnico di Milano and Trend Micro conducted an audit of the information security design of commonly used industrial robots and found that these devices are extremely insecure: robots could be easily reprogrammed to violate their safety parameters, both by distorting the robots' ability to move accurately and by changing the movements the robots attempt to perform; hacked robots can also be made to perform movements with more force than is safe; normal safety measures that limit speed and force can be disabled; robots can be made to falsify their own telemetry, fooling human operators; emergency manual override switches can be disabled or hidden; robots can be silently switched from manual to automatic operation, making them move suddenly and forcefully while dangerously close to oblivious, trusting humans; and of course, robots can be caused to manufacture faulty goods that have to be remanufactured or scrapped. Read the rest

Ransomware crook's email provider shuts down account, so now no one can pay their ransom

Yesterday's massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware's author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account. Read the rest

A new ransomware strain is seemingly using a leaked NSA cyberweapon to race around the planet

Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab's honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue -- the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group -- into a new Petya strain. Read the rest

Canada: Trump shows us what happens when "good" politicians demand surveillance powers

The CBC asked me to write an editorial for their package about Canadian identity and politics, timed with the 150th anniversary of the founding of the settler state on indigenous lands. They've assigned several writers to expand on themes in the Canadian national anthem, and my line was "We stand on guard for thee." Read the rest

How hackers can steal your 2FA email account by getting you to sign up for another website

In a paper for IEEE Security, researchers from Cyberpion and Israel's College of Management Academic Studies describe a "Password Reset Man-in-the-Middle Attack" that leverages a bunch of clever insights into how password resets work to steal your email account (and other kinds of accounts), even when it's protected by two-factor authentication. Read the rest

Girl Scouts to offer cybersecurity badges

U.S. Girl Scouts as young as 5 years old will soon be able to earn their first-ever cybersecurity badges. 18 of these merit patches will be launched by the Girl Scouts of the USA starting in September, 2018.

Read the rest

Ukraine is Russia's testbed for launching devastating cyberwar attacks with total impunity

Ever since the Ukrainian "Maidan" revolution, the country has been subjected to waves of punishing cyberwar attacks, targeting its power grids, finance ministry, TV networks, election officials, and other critical systems. Read the rest

More posts