Boing Boing 

Russian software security firm Kaspersky threatened to 'rub out' rival, email reveals

Eugene Kaspersky, chairman and CEO of Kaspersky Lab, listens to a question during an interview in New York March 10, 2015. REUTERS


Eugene Kaspersky, chairman and CEO of Kaspersky Lab, listens to a question during an interview in New York March 10, 2015. REUTERS

A tech intrigue story from Joe Menn at Reuters on alleged dirty-doings between the software security firm Kaspersky and its rivals.

Read the rest

Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House


The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit.

Read the rest

Elaborate spear-phishing attempt against global Iranian and free speech activists, including an EFF staffer


Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication.

Read the rest

EFF announces the 2015 Pioneer Award winners


Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra will be awarded the EFF's prestigious prize recognizing the leaders who are extending freedom and innovation on the electronic frontier.

Read the rest

Samsung fridges can leak your Gmail logins

Researchers at Pen Test Partners took up the challenge to hack a smart fridge at Defcon's IoT Village, and discovered that they could man-in-the-middle your Google login credentials from Samsung fridges.

Read the rest

Car information security is a complete wreck -- here's why


Sean Gallagher's long, comprehensive article on the state of automotive infosec is a must-read for people struggling to make sense of the summer's season of showstopper exploits for car automation, culminating in a share-price-shredding 1.4M unit recall from Chrysler, whose cars could be steered and braked by attackers over the Internet.

Read the rest

Make your own TSA universal luggage keys


The image above, published in 2014 in this Herald.net story and credited to The Washington Post, showed the keying patterns for all of the TSA-complaint "Travel Sentry" luggage locks.

Read the rest

Ashley Madison leak 2.0: new dump is twice as large, and includes CEO's emails

ashleydump2

Self-proclaimed Ashley Madison hackers the Impact Team today released what looks like another 20 gigabytes of ill-gotten data. The just-dropped “other shoe” includes emails from the cheater-dating website's CEO.

Read the rest

"I hope the Chinese aren't collating the Ashley Madison data with their handy federal list of every American with a security clearance." -Bruce Sterling

-Bruce Sterling

Your Android unlock pattern sucks as much as your password did


In Tell Me Who You Are, and I Will Tell You Your Lock Pattern, Marte Løge presented some of her Master's Thesis research on the guessability of Android lock-patterns -- and guess what?

Read the rest

Giant dump of data purports to be from Ashleymadison.com


The dating site for people wanting to cheat on their spouses was breached last month.

Read the rest

New pornoscanners are also useless, cost $160 million

The new generation of millimeter-wave body scanners from the convicted war-criminals at L-3 were supposed to replace the useless, expensive backscatter radiation machines from Rapiscan with a more robust, less privacy invasive alternative.

Read the rest

America's "worst voting machines" dropped in Virgina (at last)


AVS Winvote machines are so insecure that if they weren't hacked in the last election, "it was only because no one tried."

Read the rest

Lenovo preloaded laptops with reformat-resistant perpetual crapware

The company abused the Windows installer's anti-theft mechanism, which reads the firmware for executables at install-time, embedding a ton of crappy, insecure shovelware that would be added to your computer every time you reinstalled the OS.

Read the rest

Hilariously terrifying talk about security

In Not Even Close: The State of Computer Security, a talk given at the Norwegian Deveopers' Conference, Microsoft Research's James Mickens gave the most acerbic, funny, terrifying security talk I can remember seeing (and I've seen a lot of 'em!).

Read the rest

Insurance monitoring dashboard devices used by Uber let hackers "cut your brakes" over wireless


UCSD computer scientist Stefan Savage and colleagues will present their work at Usenix Security: they were able to disable the brakes on a 2013 Corvette by breaking into a Mobile Devices/Metromile Pulse dongle, used by insurance companies to monitor driving in exchange for discounts on coverage.

Read the rest

Oracle's CSO demands an end to customers checking Oracle products for defects


Oracle Chief Security Officer Mary Ann Davidson's deleted post on the company blog was called "No, You Really Can't," and it demanded that Oracle's customers respect the company's outlandish license-agreement terms, and stop checking to see whether the products Oracle sold them were defective.

Read the rest