Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites

800px-Red_onion_closeup_2

When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to. Read the rest

Leaked FBI documents reveal secret rules for spying on journalists with National Security Letters

nsls
Today, The Intercept published leaked documents that contain the FBI’s secret rules for targeting journalists and sources with National Security Letters (NSLs)—the controversial and unconstitutional warrantless tool the FBI uses to conduct surveillance without any court supervision whatsoever.

Read the rest

"Dark Overlord"'s health record dumps were calculated, reputation-building spectacles

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1123

"The Dark Overlord" is a hacker who's made headline by advertising the availability of millions of health records on darknet sites, sending samples to news-outlets to validate their authenticity; in an interview with Motherboard's Joseph Cox, Dark Overlord reveals that the disclosures are timed to put the pressure on other victims to pay ransoms to guarantee that their stolen data won't leak. Read the rest

Facebook: We did ‘a test’ last year using some people's location data to suggest friends

Photo: Reuters

Facebook recently told Fusion reporter Kashmir Hill that Facebook uses location data to recommend friends. People freaked out. Facebook retracted the statement. Then, the social media giant said what, that's crazy, LOL, no. No, we didn't do that at all. Now, Facebook’s communications team tells Hill the confusion arose “because there was a brief time when the social network used location for friend suggestions,” which involved a small percentage of Facebook users and stopped last year.

Read the rest

DoJ report: less than a quarter of one percent of wiretaps encounter any crypto

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1029-3

Despite all the scare talk from the FBI and the US intelligence services about terrorists "going dark" and using encrypted communications to talk with one another, the reality is that criminals are using crypto less than ever, according to the DoJ's own numbers. Read the rest

Donald Trump spied on Mar-a-Lago guest phone calls, former staff says

trump-ching-share

Wonder what kind of NSA commander-in-chief Donald Trump would be? Well, he had a phone console near his bed that could connect to every phone in his Mar-a-Lago estate, reports Aram Roston at Buzzfeed. Several workers told Buzzfeed that Trump used the equipment to secretly listen in on phone calls in the mid-2000s.

Read the rest

Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet

CCTV_Cameras

When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries. Read the rest

Healthcare workers prioritize helping people over information security (disaster ensues)

o_ensure_a_quick

In Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?, security researchers from Penn, Dartmouth and USC conducted an excellent piece of ethnographic research on health workers, shadowing them as they moved through their work environments, blithely ignoring, circumventing and sabotaging the information security measures imposed by their IT departments, because in so doing, they were saving lives. Read the rest

Fansmitter: malware that exfiltrates data from airgapped computers by varying the sound of their fans

animation (1)

In a new paper, researchers from Ben-Gurion University demonstrate a fiendishly clever procedure for getting data off of airgapped computers that have had their speakers removed to prevent acoustic data-transmission: instead of playing sound through the target computer's speakers, they attack its fans, varying their speeds to produce subtle sounds that humans can barely notice, but which nearby devices can pick up through their microphones. Read the rest

Privacy invasion? Facebook is using your phone's location data to suggest friends

REUTERS/Dado Ruvic

Well, this sounds like potentially a pretty big deal. Facebook is using smartphone location data to recommend new friends to users, which suggests many possible privacy invasions. This is also a technique NSA uses to track surveillance targets.

Read the rest

Rubber fingertips to use with fingerprint-based authentication systems

988561_2_062416-IdentityPad-Passcode_standard

Mian Wei, a Chinese student at the Rhode Island School of Design, has created an experimental series of fake fingertips with randomly generated fingerprints that work with Apple and Android fingerprint authentication schemes, as well as many others. Read the rest

Student journalists: 5 days left to win a badge to NYC's Hackers on Planet Earth!

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1096-1

If you're a student journalist and want to attend HOPE XI, the Eleventh Hackers on Planet Earth conference (July 22-24, NYC) you can win free admission (and an interview with me!) by submitting an article about any of the topics come up at HOPE conferences! Get writing! Read the rest

How to protect the future web from its founders' own frailty

OrfnjkI
Earlier this month, I gave the afternoon keynote at the Internet Archive's Decentralized Web Summit, and my talk was about how the people who founded the web with the idea of having an open, decentralized system ended up building a system that is increasingly monopolized by a few companies -- and how we can prevent the same things from happening next time.

Google's version of the W3C's video DRM has been cracked

animation

Since 2013, the World Wide Web Consortium (W3C) has been working with the major browser companies, Netflix, the MPAA, and a few other stakeholders to standardize "Encrypted Media Extensions" (EME), which attempts to control web users' behavior by adding code to browsers that refuses to obey user instructions where they conflict with the instructions sent by video services. Read the rest

How it feels to be under DDoS attack

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1094

At this week's O'Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN -- a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees. Read the rest

Misconfigured database exposes sensitive data for 154 million US voters

ElectoralCollege2012.svg.png

A new US voter database leak has exposed the addresses, estimated income, ethnicity, phone numbers, political affiliation, and voting history of 154 million Americans.

Read the rest

1 in 5 snoop on a phone belonging to a friend or loved one

hqdefault

In Snooping on Mobile Phones: Prevalence and Trends, a paper presented at SOUPS 16, computer scientists from UBC and the University of Lisbon show that a rigorous survey reveals that up to one in five people have snooped on a loved one or friend by accessing their phone. Read the rest

More posts