Bruce Schneier on the coming IoT security dumpster-fire

Brain-Controlled_Prosthetic_Arm_2

Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. Read the rest

EFF is suing the US government to invalidate the DMCA's DRM provisions

Bunnie_Huang

The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. Read the rest

Ed Snowden and Andrew "bunnie" Huang announce a malware-detecting smartphone case

Acr821342097496832-8341-1024x768

Exiled NSA whistleblower Edward Snowden and legendary hardware hacker Andrew bunnie" Huang have published a paper detailing their new "introspection engine" for the Iphone, an external hardware case that clips over the phone and probes its internal components with a miniature oscilloscope that reads all the radio traffic in and out of the device to see whether malicious software is secretly keeping the radio on after you put it in airplane mode. Read the rest

Baseband vulnerability could mean undetectable, unblockable attacks on mobile phones

Qualcomm_MDM9615

The baseband firmware in your phone is the outermost layer of software, the "bare metal" code that has to be implicitly trusted by the phone's operating system and apps to work; a flaw in that firmware means that attackers can do scary things to your hone that the phone itself can't detect or defend against. Read the rest

Hacker claims $20K in dark web sales of leaked 'World-Check' terrorism watchlist

Reuters

Ever wonder if it's really a good idea for there to be “terrorism watch lists” created by for-profit businesses, with no accountability to the privacy rights of ordinary citizens like you and me?

The best-known of these, Thomson Reuters' “World-Check,” recently leaked to the so-called dark web. The database is compiled from public sources, and is sold by Thomson Reuters to vetted clients in government, intelligence agencies, banks, law firms, and the like.

Read the rest

For 90 years, lightbulbs were designed to burn out. Now that's coming to LED bulbs.

E27_with_38_LCD

In 1924, representatives of the world's leading lightbulb manufacturers formed Phoebus, a cartel that fixed the average life of an incandescent bulb at 1,000 hours, ensuring that people would have to regularly buy bulbs and keep the manufacturers in business. Read the rest

"Security is what happens to people, not machines"

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1142

Eleanor Saitta (previously) -- a security researcher who's done extensive work training vulnerable groups in information security and now security architect for Etsy -- appears on the most recent O'Reilly Security podcast (MP3), discussing a human-centered approach to security, design and usability that I found to be an accessible and concise critique of mainstream security thinking and an inspiring direction for security practitioners. Read the rest

Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites

800px-Red_onion_closeup_2

When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to. Read the rest

Leaked FBI documents reveal secret rules for spying on journalists with National Security Letters

nsls
Today, The Intercept published leaked documents that contain the FBI’s secret rules for targeting journalists and sources with National Security Letters (NSLs)—the controversial and unconstitutional warrantless tool the FBI uses to conduct surveillance without any court supervision whatsoever.

Read the rest

"Dark Overlord"'s health record dumps were calculated, reputation-building spectacles

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1123

"The Dark Overlord" is a hacker who's made headline by advertising the availability of millions of health records on darknet sites, sending samples to news-outlets to validate their authenticity; in an interview with Motherboard's Joseph Cox, Dark Overlord reveals that the disclosures are timed to put the pressure on other victims to pay ransoms to guarantee that their stolen data won't leak. Read the rest

Facebook: We did ‘a test’ last year using some people's location data to suggest friends

Photo: Reuters

Facebook recently told Fusion reporter Kashmir Hill that Facebook uses location data to recommend friends. People freaked out. Facebook retracted the statement. Then, the social media giant said what, that's crazy, LOL, no. No, we didn't do that at all. Now, Facebook’s communications team tells Hill the confusion arose “because there was a brief time when the social network used location for friend suggestions,” which involved a small percentage of Facebook users and stopped last year.

Read the rest

DoJ report: less than a quarter of one percent of wiretaps encounter any crypto

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1029-3

Despite all the scare talk from the FBI and the US intelligence services about terrorists "going dark" and using encrypted communications to talk with one another, the reality is that criminals are using crypto less than ever, according to the DoJ's own numbers. Read the rest

Donald Trump spied on Mar-a-Lago guest phone calls, former staff says

trump-ching-share

Wonder what kind of NSA commander-in-chief Donald Trump would be? Well, he had a phone console near his bed that could connect to every phone in his Mar-a-Lago estate, reports Aram Roston at Buzzfeed. Several workers told Buzzfeed that Trump used the equipment to secretly listen in on phone calls in the mid-2000s.

Read the rest

Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet

CCTV_Cameras

When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries. Read the rest

Healthcare workers prioritize helping people over information security (disaster ensues)

o_ensure_a_quick

In Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?, security researchers from Penn, Dartmouth and USC conducted an excellent piece of ethnographic research on health workers, shadowing them as they moved through their work environments, blithely ignoring, circumventing and sabotaging the information security measures imposed by their IT departments, because in so doing, they were saving lives. Read the rest

Fansmitter: malware that exfiltrates data from airgapped computers by varying the sound of their fans

animation (1)

In a new paper, researchers from Ben-Gurion University demonstrate a fiendishly clever procedure for getting data off of airgapped computers that have had their speakers removed to prevent acoustic data-transmission: instead of playing sound through the target computer's speakers, they attack its fans, varying their speeds to produce subtle sounds that humans can barely notice, but which nearby devices can pick up through their microphones. Read the rest

Privacy invasion? Facebook is using your phone's location data to suggest friends

REUTERS/Dado Ruvic

Well, this sounds like potentially a pretty big deal. Facebook is using smartphone location data to recommend new friends to users, which suggests many possible privacy invasions. This is also a technique NSA uses to track surveillance targets.

Read the rest

More posts