Boing Boing 

New NSA leaks: does crypto still work?


Matthew Green's got an excellent postmortem on the huge dump of NSA docs Der Spiegel last weekend.

Read the rest

Fingerprints can be reproduced from photos of your hands

A presentation by Starbug at the 31st Chaos Communications Congress (previously) demonstrated a technique for deriving fingerprints from a couple of photographs of your hands. Starbug's proof of concept was a copy of the fingerprints of German Defense Minister Ursula von der Leyen.

Read the rest

Livestreams from the Chaos Communications Congress

The 31st Chaos Communications Congress is underway in Hamburg, where some of the most important, entertaining, mind-blowing, and earth-shaking information about computer security and politics will be revealed. Here's the livestream. (via Hacker News)

Telcos' anti-Net Neutrality argument may let the MPAA destroy DNS


The telcos' ongoing battle against Net Neutrality have led them to make a lot of silly legalistic arguments, but one in particular has opened the whole Internet to grave danger from a legal attack from the entertainment industry, which may finally realize its longstanding goal of subverting DNS to help it censor sites it dislikes, even if it makes life much easier for thieves and spies who use DNS tricks to rob and surveil.

Read the rest

Usbdriveby: horrifying proof-of-concept USB attack

Samy Kamkar has a proof-of-concept attack through which he plugs a small USB stick into an unlocked Mac OS X machine and then quickly and thoroughly compromises the machine, giving him total, stealthy control over the system in seconds, even reprogramming the built-in firewall to blind it to its actions.

Read the rest

Over 700 million people have taken steps to improve privacy since Snowden


As Schneier points out, the way this is spun ("only 39% of people did something because of Snowden") is bullshit: the headline number is that more than 700 million people are in the market for a product that barely exists, and that could make more money than Facebook if you get it right.

Read the rest

Crowdfunding a USB-stick-sized, GNU/Linux-ready computer

A reader writes, "The USB Armory is full-blown computer (800MHz ARM® processor, 512MB RAM) in a tiny form factor (65mm x 19mm x 6mm USB stick) designed from the ground up with information security applications in mind."

Read the rest

Spies can't make cyberspace secure AND vulnerable to their own attacks


In his Sunday Observer column, John Naughton makes an important point that's hammered home by the escape of the NSA/GCHQ Regin cyberweapon into the wild: spies who make war on the Internet can't be trusted with its security.

Read the rest

Innovation in lockpicks: the "hall pass" and the EOD speed-picking set

The Hall Pass is a stainless steel, credit-card-sized pick designed to be slid between the door and the jamb (saving you from cracking your credit cards); the EOD is an extensive speed-pick set that is nevertheless optimized for portability and compactness.

Read the rest

Wall Street phishers show how dangerous good syntax and a good pitch can be


Major Wall Street institutions were cracked wide open by a phishing scam from FIN4, a hacker group that, unlike its competition, can write convincingly and employs some basic smarts about why people open attachments.

Read the rest

Analysis of leaked logs from Syria's censoring national firewall


Syria's brutal Assad government uses censorware from California's Blue Coat System as part of its systematic suppression of dissent and to help it spy on dissidents; 600GB of 2011 logs from Syria's seven SG-9000 internet proxies were leaked by hacktivist group Telecomix and then analyzed by University College London's Emiliano De Cristofaro.

Read the rest

Essential reading: the irreconcilable tension between cybersecurity and national security


Citizenlab's Ron Diebert lays out the terrible contradiction of putting spy agencies -- who rely on vulnerabilities in the networks used by their adversaries -- in change of cybersecurity, which is securing those same networks for their own citizens.

Read the rest

E-cigs and malware: real threat or Yellow Peril 2.0?


After a redditor claimed to have gotten a computer virus from factory-installed malware on an e-cig charger, the Guardian reported out the story and concluded that it's possible.

Read the rest

Router for gamers lets you filter games by distance

The forthcoming Netduma router has a geofilter that lets you restrict the games you join by distance, so you only play against nearby gamers, eliminating a leading cause of lag.

Read the rest

ISPs caught sabotaging their customers' email encryption


Ever since 2013, when the Electronic Frontier Foundation started shaming email providers that did not encrypt their customers' email, more and more mail providers have turned on STARTTLS, which protects email in transit from snooping, without requiring users to take any additional steps.

Read the rest

Cyberwar's hidden victims: NGOs


A new report from the storied Citizen Lab at the University of Toronto documents the advanced, persistent threats levied against civil society groups and NGOs -- threats that rival those facing any government or Fortune 100 company, but whose targets are much less well-equipped to defend themselves.

Read the rest

Indispensable BBC/OU series on cybercrime starts tomorrow

Mike from the Open University sez, "The OU and the BBC have created a new six part series about cybercrime, presented by the technology journalist Ben Hammersley."

Read the rest