Waze is an awesome driving app that also lets hackers stalk you

Elena Scotti/FUSION

I use and love Waze every day to make driving in Los Angeles manageable for me. I still use it despite periodic bursts of tech news reports that the app leaves me vulnerable to security attacks and surveillance.

Read the rest

EFF to FDA: the DMCA turns medical implants into time-bombs

Herzschrittmacher_auf_Roentgenbild

The Electronic Frontier Foundation just filed comments with the FDA in its embedded device cybersecurity docket, warning the agency that manufacturers have abused the Digital Millennium Copyright Act, threatening security researchers with lawsuits if they came forward with embarrassing news about defects in the manufacturers' products. Read the rest

James Clapper: Snowden accelerated crypto adoption by 7 years

EnronStockPriceAugust2000toJanuary2001.svg

Apparently America's spy agencies have a seven-year plan for cryptographic adoption: James Clapper, the Director of National Intelligence, has credited Edward Snowden with the acceleration of commercial adoption of encryption by 7 years. Read the rest

Hackers take $81 million from Bangladesh's central bank by pwning its $10 second-hand routers

2890262414_47dd52dd85_b

The central bank of Bangladesh lost $81M in a digital heist whose perpetrators have not been caught, thanks in large part to the bank's decision to run its computers without a firewall, and to run networking with second-hand cheapie routers it sourced for $10 each. Read the rest

Why Internet voting is a terrible idea, explained in small words anyone can understand

animation

In this 20 minute video, Princeton computer science prof Andrew Appel lays out the problems with Internet-based voting in crisp, nontechnical language that anyone can understand. Read the rest

Turns out the U.S. military really is dropping “cyber bombs” on ISIS

Daily Beast

There's been an awful lot of talk about “cyber pathogens” and “cyber bombs” lately from the mouths of American officials discussing terrorism, and how we will vanquish it. President Obama mentioned “cyber ops” against Islamic State terrorists in one recent address. Today, we know a little more about what was behind last week's cyber-hawkish hacking headlines.

Read the rest

Hacking Team supplied cyber-weapons to corrupt Latin American governments for human rights abuses

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1040

In Hacking Team Malware Para La Vigilancia en América Latina, a new report from Derechos Digitales, we learn how Hacking Team, the hacked-and-disgraced cyber-arms dealer (previously) supplied weapons to corrupt state actors in latinamerica who used them to spy on political opposition, journalists and academics. Read the rest

Microsoft sues US government for the right to tell you when the feds are reading your email

REUTERS

“We appreciate that there are times when secrecy around a government warrant is needed,” Microsoft President Brad Smith wrote in a blog post Thursday. “But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.”

Read the rest

Brussels terrorists kept their plans in an unencrypted folder called "TARGET"

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1029

Remember how, in the wake of the horrific terrorist attacks on Brussels last month, authorities all over the world declared that the world was critically endangered by cryptography, insisting that crazy, far-reaching crypto-bans were necessary to prevent another attack? Read the rest

Let's Encrypt is actually encrypting the whole Web

free-ssl-certificate

Let's Encrypt (previously) a joint EFF-Mozilla-Linux Foundation project that lets anyone easily create an SSL certificate for free in minutes and install and configure it so that visitors to their Websites will be shielded from surveillance, came out of beta this week, and it's already making a huge difference. Read the rest

FBI paid 'gray hat' hackers to defeat iPhone security in San Bernardino terrorism case

Tashfeen Malik, left, and Syed Farook died on Dec. 2, 2015, in a gun battle with authorities several hours after their assault on a gathering of Farook's colleagues in San Bernardino, Calif., that left 14 people dead.

The FBI accessed the contents of a San Bernardino terrorist’s phone after receiving help from professional hackers who “discovered and brought to the bureau at least one previously unknown software flaw,” the Washington Post was first to report today.

Read the rest

URL shorteners are a short path to your computer's hard drive

shortn

Lots of cloud services use URL shorteners to allow their users to share access to networked folders, but with only six characters to brute force, it's possible to scan all the URLs associated with a cloud service, locate the open shared folders, and poison them with malware while you plunder them for secrets. Read the rest

UL has a new, opaque certification process for cybersecurity

UL_Mark.svg.png

The idea of a "Cyber-Underwriters Laboratories mark" is really in the air; in the past six months, I've had it proposed to me by spooks, regulators, activists, consumer protection advocates, and security experts. But the devil is in the details. Read the rest

The perfect suffix for your "cyber-" buzzword

tumblr_o5gjpjjiKe1s2jikwo1_1280 (1)

Adding "cyber-" to any initiative is a sure-fire budget- and approval-winner, at least in the military industrial complex. If you're struggling to figure out what to use on your opening slide, here's a handy crib-sheet. Read the rest

Philippines electoral data breach much worse than initially reported, possibly worst ever

comelec-website-hacked-20160327-1_01734F0CE6684E148BDC4AA19C1C2D87

In late March, the Philippine Commission on Elections website was defaced in an Anonymous op, and a few days later, Lulzsec Pilipinas dumped its voter database. At the time, the Commission claimed that no sensitive information was exposed in the breach, but that is clearly not the case. Read the rest

Why the rise of ransomware attacks should worry you

20012127713_aed0df29b4_b

Sean Gallagher does an excellent job of running down the economics and technology behind the rise and rise of ransomware attacks: ransomware has become a surefire way to turn a buck on virtually any network intrusion, and network intrusions themselves are trivial if you don't especially care whose networks you break into. Read the rest

Security flaws found in 3 state health insurance websites

Reuters / Phil McCarten

Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people.

Read the rest

More posts