What the barcode on your discarded boarding-pass reveals


Mostly it's your record locator and frequent flier number, but with that, an attacker can access the ticket record, see your future flights, your email address, and the details of the emergency contacts you'd added to the reservation. Read the rest

Security theater: ha ha, only serious


Adam Conover latest "Adam Ruins Everything" is five depressingly hilarious minutes on aviation security, security theater, privacy, and ritual humiliation, with a guest-appearance by Bruce Schneier. If you didn't laugh, you'd have to cry, although you can always do both, right? Read the rest

Smurfs vs phones: GCHQ's smartphone malware can take pics, listen in even when phone is off


In a new episode of the BBC's Panorama, Edward Snowden describes the secret mobile phone malware developed by GCHQ and the NSA, which has the power to listen in through your phone's mic and follow you around, even when your phone is switched off. Read the rest

Mayor of Stockton, CA detained by DHS at SFO, forced to give up laptop password


Mayor Anthony R. Silva was on his way back from a mayor's conference in China when the DHS border guards confiscated his laptop and phones and detained him, telling him he would not be allowed to leave until he gave them his passwords. He has still not had his devices returned. Read the rest

Data breaches are winning the privacy wars, so what should privacy advocates do?


My latest Guardian column, "Why is it so hard to convince people to care about privacy," argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing wave after wave of people who really want to protect their privacy. Read the rest

Newly disclosed Android bugs affect all devices


The newly released bugs are part of the Stagefright family of vulnerabilities, disclosed by Zimperium Zlabs. Read the rest

Theoretical "auto-brothel" attack on mechanics' computers could infect millions of cars


Companies like GM have engineered their cars so that it's a felony to make independent diagnostic tools for them, or to investigate the official diagnostic tools rented to mechanics in exchange for a promise to only buy GM's hyper-inflated replacement parts. Read the rest

Right to Encrypt is under fire in America. Savecrypto.org is fighting for your crypto rights.


The Intercept just published an amazing article by Jim Bamford yesterday talking about how the NSA exploited a backdoor in Vodafone to spy on Greek politicians and journalists during the 2004 Olympics.

Bamford is an American author and journalist best known for his writing about United States intelligence agencies, and in particular the National Security Agency.

In a meticulous investigation, Bamford reports at the Intercept that the NSA was behind the notorious, legendary “Athens Affair”. After the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s method of wiretapping voice calls. The attacker spied on phone calls of the president and other Greek politicians and journalists before the hack was found out.

Freedom of the Press Foundation director Trevor Timm wrote for the Guardian about why this is exactly why encryption backdoors are so dangerous.

What are encryption backdoors? For non-techie readers, basically these are ways the government can unencrypt your "locked" communications if they decide they want to see your private material for any secret reason.

And in related news, rumor has it the White House is nearing a decision on whether to embrace the right to encryption for American citizens, or join the FBI in calling for backdoors.

Dozens of civil liberties groups, including Freedom of the Press Foundation, launched this site and petition today that feeds into the White House petition system: savecrypto.org.

If you care about this issue, right now is the time to take action. Read the rest

In online censorship arms race, Thailand vows a China-style “Great Firewall”


“Thai authorities are planning to tighten control over the Internet, creating a single international access point so they can better monitor content,” reports Voice Of America Correspondent Steve Herman in Bangkok.

The plan is being called Thailand’s own "Great Firewall," after the colloquial term used to describe the Chinese government's extensive and effective internet censorship system. Read the rest

How to break into a Brinks lockbox in seconds


We already know that Brinks' computerized safes can be hacked within a minute, but did you know their traditional lockboxes are even easier to get into?

YouTuber jcazes provides instructions, complete with all the exhaustive details required to understand Brinks' intricate mechanism.

Step 1: Insert a paperclip, applying vertical tension Step 2: turn the paperclip Step 3: laugh

Read the rest

The FBI has no trouble spying on encrypted communications


Every time the Bureau wants to spy on someone whose communications are encrypted, they just hack them. Read the rest

Obama and China's Xi Jinping make a deal on commercial cyber espionage

The Financial Times reports that U.S. President Barack Obama has negotiated a commitment from Chinese counterpart Xi Jinping that China will not conduct commercial cyber espionage. In what were reportedly tense, prolonged talks, Obama communicated to the Chinese leader that the United States was ready to impose sanctions on Chinese companies accused of profiting from stolen industrial secrets. Read the rest

Why biometrics suck, the Office of Personnel Management edition


The nation-state hackers who stole 5.6 million+ records of US government employees (cough China cough) also took 5.6 million+ fingerprints. But it's no problem: those people can just get new fingerprints and revoke their old ones right? Read the rest

Sparrows practice locks: a great starting place for locksport


Canadian locksport supplier Sparrows makes some of the best advanced picks in the world, but they're also the rank beginner's best friend. Read the rest

Symantec caught issuing rogue Google.com certificates


Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or a government to act as a man-in-the-middle between you and your bank, email provider, or employer, undetectably intercepting communications that you believed to be secure. Read the rest

Poker malware infects your computers and peeks at your cards


Odlanor is Windows malware that targets users of Pokerstars and Full Tilt Poker, and exfiltrates information about their cards to their competitors. Read the rest

3D print your own TSA Travel Sentry keys and open anyone's luggage


Watch this video on The Scene.

The TSA mandates that all checked luggage must be locked with a deliberately flawed lock that can be opened with one of a handful of skeleton keys that are supposed to be kept secret. It's been more than a year since the TSA allowed a newspaper photographer to print a high-rez photo of its universal luggage-lock keys, allowing any moderately skilled locksmith to create her own set. Ars Technica downloaded a set of key STL files from Github, printed them on a consumer 3D printer, and showed that they could gain entry to any luggage.

It's a model for what happens with any kind of law-enforcement/public safety back door: the universal keys leak and there's no way to re-key all those locks out there in the field. The FBI and UK security services are calling for backdoors in all crypto -- the code we use to protect everything from pacemakers to bank accounts. This is as neat an illustration of why that's a bad idea as you could ask for. Read the rest

More posts