Ex-Fox News host: when I filed a sexual harassment claim against Ailes, the company hacked and stalked me

In a federal complaint against Fox News, former Outnumbered host Andrea Tantaros claims that after she filed a sexual harassment claim against the former CEO Roger Ailes, Fox News contracted with a psyops team to set up a "black room" to run a hate campaign that targeted her by cyberstalking her, implanting malware on her computer, and libeling her on "fake news" sites. Read the rest

FedEx still begging suckers to install Flash for online print orders

Yesterday I went to FedEx.com to order some printed fliers from my desktop. Sounds easy enough, right? Wrong. Along with other idiots committed to proprietary Flash UI, FedEx is one of the last holdouts who won't let customers give them money unless they install Flash. So VistaPrint got my business. Read the rest

Brickerbot is mysterious antimalware that nukes badly secured Internet of Shit gadgets

The Mirai Worm is a seemingly unstoppable piece of malware that targets the garbage-security Internet of Things gadgets that have proliferated through the world; these gadgets then used to deliver equally unstoppable floods of traffic that endanger whole countries. Read the rest

How to protect your privacy at a protest

Micah Lee and The Intercept put together this video with “tips on how to prepare your phone before you go to a protest and on how to safely communicate with your friends.”

Read the rest

Creepy, sketchy stalkerware vendor get hacked, announced bug-bounty program

Flexispy (previously) is the creepy, sketchy stalkerware company that makes tools that allow jealous, abusive spouses track their partners, and then hides their profits in offshore money-laundries. Read the rest

DEA bought zero-day exploits from disgraced cyber-arms dealer Hacking Team

A Freedom of Information Act request reveals that the DEA spent $575,000 buying access to weaponized zero-day exploits sold by Hacking Team, the hacked and disgraced Italian cyber-arms dealer who outfitted despots, dictators, the FBI, and America's local police departments. Read the rest

Blockers will win the ad-blocking arms race

Ad-blockers begat ad-blocker-blockers, which begat ad-blocker-blocker-blockers, with no end in sight. Read the rest

The latest NSA dump from the Shadow Brokers tells you how to break into banks

The mysterious tragicomic hacking group The Shadow Brokers continues to dump incredibly compromising cyberweapons and internal information looted from the NSA, accompanied by Borat-compliant gibberish that reads like someone trying to make you guess whether there's a false flag in play, and if so, who is waving it. Read the rest

Masterprints: synthetic fingerprints that unlock up to 65% of phones (in theory)

When the touch-sensors on phones capture your fingerprint, they're really only taking a low-resolution, partial snapshot and loosely matching it to a stored image -- which is how a research team from MSU and NYU were able to synthesize their Masterprints ("a fingerprint that serendipitously matches a certain proportion of the fingerprint population"), which drastically reduce the space of possible "guesses" that an attacker has to make to unlock a phone or other device. Read the rest

Aga added networking to their super-high-end cookers, integrating them into the Internet of Shit

Aga is an iconic European over-maker famous for a longstanding, ostentatious design that required the owner to burn fuel around the clock to maintain temperature across the cooker's titanic thermal mass, so much so that owners of British country homes integrated them into their household heating systems. Read the rest

Securing driverless taxis is going to be really, really hard

Charlie Miller made headlines in 2015 as part of the team that showed it was possible to remote-drive a Jeep Cherokee over the internet, triggering a 1.4 million vehicle recall; now, he's just quit a job at Uber where he was working on security for future self-driving taxis, and he's not optimistic about the future of this important task. Read the rest

Human rights coalition from the global south to W3C: don't put DRM in web standards!

The Just Net Coalition -- whose membership roll includes leading human rights organisations from across the global south -- have written urgently to the World Wide Web Coalition and its founder, Tim Berners-Lee, calling on him to intervene to stop the Consortium from publishing its first-ever DRM standard, a system for restricting video streams called Encrypted Media Extensions. Read the rest

Floods of WordPress attacks traced to easily hackable, ISP-supplied routers

Wordfence, a security research company, discovered that the reason Algeria is the country most often seen in attacks on WordPress blogs is that the country's largest ISP distributes home routers that are locked in an insecure state, with an open port that lets attackers seize control of them and use them to stage attacks on higher-value targets. Read the rest

Cyber-arms dealers offer to sell surveillance weapons to undercover Al Jazeera reporters posing as reps of South Sudan and Iran

Companies in the EU and China have been caught offering to commit fraud to launder sales of mass surveillance weapons to Al Jazeera reporters posing as representatives of autocratic regimes under sanction for gross human rights abuses; these weapons would allow their users to target and round up political dissidents for arbitrary detention, torture and murder. Read the rest

Britons! Ask the W3C to protect disabled access, security research, archiving and innovation from DRM

With two days to go until the close of the World Wide Web Consortium members' poll on finalising DRM and publishing it as an official web standard, the UK Open Rights Group is asking Britons to write to the Consortium and its founder, Tim Berners-Lee, to advocate for a much-needed, modest compromise that would protect the open web from the world's bizarre, awful, overreaching DRM laws. Read the rest

Dallas's 156 tornado sirens hacked and repeatedly set off in the middle of Saturday night

If you've ever witnessed an emergency siren test, you know how terrifying these things are: engineered to be bowel-looseningly urgent, to pierce through any sense that it's probably just a misfire, to motivate you to drop everything and rush for the emergency shelters, equally useful for tornadoes and incoming ICBMs. Read the rest

A year later, no action from Chinese company whose insecure PVRs threaten all internet users

It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them. Read the rest

More posts