Boing Boing 

Typing patterns are the latest anonymity-shattering personal identifier

crapLong a theoretical threat, the observation of typing patterns has been refined into a "a highly practical attack" aimed at user anonymity over the internet.

Read the rest

Self-aiming sniper rifle can be pwned over the Internet


The $13,000 Trackingpoint sniper rifle is vulnerable to wifi-based attacks that allow your adversary to redirect bullets to new targets of their choosing.

Read the rest

Chrysler has to recall its cars due to security vulnerabilities


Chrysler, whose Jeep Cherokees were demonstrated to be vulnerable to Internet-based attacks on their steering and brakes (as well as radios, air conditioning and other systems) has recalled 1.4M cars due to software vulnerabilities.

Read the rest

Once again: Crypto backdoors are an insane, dangerous idea


The Washington Post editorial board lost its mind and called on the National Academy of Sciences to examine "the conflict" over whether crypto backdoors can be made safe: the problem is, there's no conflict.

Read the rest

Hackers can pwn a Jeep Cherokee from the brakes and steering to the AC and radio


A zero-day exploit for Jeep Cherokees allows hackers to control everything from the engine to the air-conditioning over the Internet, overriding the driver at the dashboard.

Read the rest

How did an Ohio inmate get prison administrators' usernames and passwords?

Ohio authorities are investigating how a prisoner obtained a list of the usernames and passwords for prison administrators.

Read the rest

With faked degrees, U.S. tech official ran law enforcement data systems for years. Then he resigned, got a new gov job.

download (2)

A technology officer with faked college degrees resigned from the Interior Department after he was busted. He was then hired by the Census Bureau.

Read the rest

UK schools' "anti-radicalisation" software lets hackers spy on kids


The spyware that Impero supplies to UK schools -- which searches kids' Internet use for "jihadi" terms -- uses "password" as its default password, and the company has threatened brutal legal reprisals against the researcher who repeatedly demonstrated their total security negligence.

Read the rest

United rewards security researchers with air miles

_84307940_united_airline

The BBC reports that after two "hackers" spotted security holes in its website, United rewarded them with a million miles each.

One security expert said the scheme was a big step forward for online security.

"Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us," said security consultant Dr Jessica Barker.

"Bug bounties are common in tech companies as they tend to understand online security a bit more, but other industries are catching up," said Dr Barker.

US Army National Guard reveals they, too, recently suffered data breach

635721484851419183-national-guard

Officials at the Army National Guard said Friday afternoon (best time to drop really bad news) that personal info on former and current members was exposed inadvertently by a contractor. Guardsmen were advised to check their personal credit reports for signs of any unauthorized activity.

Read the rest

Moxie Marlinspike profiled in WSJ. Obama thinks secure messaging apps like the one he built are “a problem.”

[Wall Street Journal]


[Wall Street Journal]

The Wall Street Journal just discovered what some of us have known for a long time: Moxie Marlinspike is really cool, and the work he does is important.

Read the rest

US says hackers stole Social Security numbers from 21.5 million people in OPM data breach

shadowofthehacker

The U.S. Office of Personnel Management (OPM) said today that hackers stole sensitive data, including social security numbers, of about 21.5 million people from background investigation databases.

Read the rest

What horrible things did we learn about Hacking Team today?


The enormous dump of docs from cyber-arms-dealer Hacking Team continues to yield up details, like the time the company tried to sell spying tools to a death squad.

Read the rest

What happened at yesterday's Congressional hearings on banning crypto?


Cryptographers and security experts gathered on the Hill yesterday to tell Congress how stupid it was to ban crypto in order to make it easier to spy on "bad guys."

Read the rest

Report: Uber uses GPS to punish drivers in China who get close to protests

CHINA UBER

Uber is urging its drivers in China “not to get involved in conflicts with authorities and has threatened to punish those who disobey,” reports the Wall Street Journal.

Read the rest

Argentine police raid programmer who discovered fatal e-voting flaws


Joaquín Sorianello found the defects in MSA, manufacturer of the Vot.ar e-voting system, and the next he heard about it was when the police came to his house, seized every piece of electronic equipment.

Read the rest

Computer scientists on the excruciating stupidity of banning crypto

A paper from some of the most important names in crypto/security history scorchingly condemns plans by the US and UK governments to ban "strong" (e.g. "working") crypto.

Read the rest