Every email NSA says it got after asking Americans for tips on how to protect their privacy

Former NSA chief Keith Alexander at Black Hat 2013 [Reuters]

At the Black Hat hacker convention in 2013, Former NSA director Keith Alexander asked hackers to help the NSA come up with ways to protect Americans' privacy and civil liberties.

"How do we start this discussion on defending our nation and protecting our civil liberties and privacy?" Alexander asked the Las Vegas crowd. "The reason I'm here is because you may have some ideas of how we can do it better. We need to hear those ideas."

Read the rest

The new Nexus phones: beautiful, secure, and a shot across the bow


Dan Gillmor has been playing with Google's new Nexus phones, the humungous 6P phablet and the smaller 5X, and he's written a shrewd and thorough review of what these phones do -- and more importantly, what they mean. Read the rest

How the market for zero-day vulnerabilities works


Zero-days -- bugs that are unknown to both vendors and users -- are often weaponized by governments, criminals, and private arms dealers who sell to the highest bidders. The market for zero-days means that newly discovered bugs are liable to go unpatched until they are used in a high-profile cyberattack or independently discovered by researchers who'd rather keep their neighbors safe than make a profit. Read the rest

FBI investigating ‘teen stoner hack’ of CIA Director John Brennan

John Brennan. Photo: Reuters

A pair of self-described teen stoner hackers say they breached an AOL account used by CIA Director John Brennan, the New York Post reported today.

Read the rest

Exploiting smartphone cables as antennae that receive silent, pwning voice commands


In IEMI Threats for Information Security: Remote Command Injection on Modern Smartphones, French government infosec researchers José Lopes Esteves and Chaouki Kasmi demonstrated a clever attack on smartphones that sent silent voice commands to OK Google and Siri by converting them to radio-waves and tricking headphone cables into acting as antennas. Read the rest

GPS, Plan B: US Navy teaches celestial navigation as fallback for cyberattack


The Naval Academy is digging sextants out of their storage spaces and asking the Merchant Marine Academy (which never stopped teaching celestial navigation) and training its students in celestial navigation so that the ships will still be able to find their way after their adversaries infect the GPS system with malware. Read the rest

Now we know the NSA blew the black budget breaking crypto, how can you defend yourself?


Well, obviously, we need to get Congress to start imposing adult supervision on the NSA, but until that happens, there are some relatively simple steps you can take to protect yourself. Read the rest

Ukrainian botmaster who tried to frame Brian Krebs extradited to US


When security-researcher/hornet-nest-kicker Brian Krebs outed Sergey "Flycracker" Vovnenko as administrator of a darknet crime site and botmaster of a 13,000-PC-strong botnet used to attack sites and launder stolen data, Vovnenko allegedly masterminded a plot to frame Krebs by mailing him heroin. Read the rest

The NSA sure breaks a lot of "unbreakable" crypto. This is probably how they do it.


There have long been rumors, leaks, and statements about the NSA "breaking" crypto that is widely believed to be unbreakable, and over the years, there's been mounting evidence that in many cases, they can do just that. Now, Alex Halderman and Nadia Heninger, along with a dozen eminent cryptographers have presented a paper at the ACM Conference on Computer and Communications Security (a paper that won the ACM's prize for best paper at the conference) that advances a plausible theory as to what's going on. In some ways, it's very simple -- but it's also very, very dangerous, for all of us. Read the rest

Thrust/parry/counter: the history of Web authentication


A beautiful piece of writing by Schabse presents the history of Web authentication as a series of conversational gambits and ripostes between someone who wants to let users prove their identity online, and someone who wants to impersonate those users. It's a great way to present a subject that's both esoteric and vital, and I've never seen it before. Read the rest

TPP requires countries to destroy security-testing tools (and your laptop)


Under TPP, signatories are required to give their judges the power to "order the destruction of devices and products found to be involved in" breaking digital locks, such as those detailed in this year's US Copyright Office Triennial DMCA Hearing docket, which were used to identify critical vulnerabilities in vehicles, surveillance devices, voting machines, medical implants, and many other devices in our world. Read the rest

What the barcode on your discarded boarding-pass reveals


Mostly it's your record locator and frequent flier number, but with that, an attacker can access the ticket record, see your future flights, your email address, and the details of the emergency contacts you'd added to the reservation. Read the rest

Security theater: ha ha, only serious


Adam Conover latest "Adam Ruins Everything" is five depressingly hilarious minutes on aviation security, security theater, privacy, and ritual humiliation, with a guest-appearance by Bruce Schneier. If you didn't laugh, you'd have to cry, although you can always do both, right? Read the rest

Smurfs vs phones: GCHQ's smartphone malware can take pics, listen in even when phone is off


In a new episode of the BBC's Panorama, Edward Snowden describes the secret mobile phone malware developed by GCHQ and the NSA, which has the power to listen in through your phone's mic and follow you around, even when your phone is switched off. Read the rest

Mayor of Stockton, CA detained by DHS at SFO, forced to give up laptop password


Mayor Anthony R. Silva was on his way back from a mayor's conference in China when the DHS border guards confiscated his laptop and phones and detained him, telling him he would not be allowed to leave until he gave them his passwords. He has still not had his devices returned. Read the rest

Data breaches are winning the privacy wars, so what should privacy advocates do?


My latest Guardian column, "Why is it so hard to convince people to care about privacy," argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing wave after wave of people who really want to protect their privacy. Read the rest

Newly disclosed Android bugs affect all devices


The newly released bugs are part of the Stagefright family of vulnerabilities, disclosed by Zimperium Zlabs. Read the rest

More posts