Intel x86s hide another CPU that can take over your machine (you can't audit it)

PIC12C508-HD
Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. I've made it my mission to open up this system and make free, open replacements, before it's too late.

Scanners let Oklahoma cops seize funds from prepaid debit cards without criminal charges

Department of Homeland Security image for ERAD

The Oklahoma Department of Public Safety has purchased several 'Electronic Recovery and Access to Data' devices to install in police cruisers for seizing funds from prepaid debit cards during roadside arrests.

Read the rest

"State of Surveillance" with Ed Snowden: Watch full episode of VICE on HBO free online

Edward Snowden shows VICE founder Shane Smith how to make a smartphone go black. Jake Burghart for VICE on HBO.

VICE on HBO's "State of Surveillance" with Edward Snowden is now available to stream for free on vicenews.com.

The episode is hosted by VICE founder Shane Smith and features an in-depth interview with Snowden.

Read the rest

Hacker puppets explain why malware and popups are still a thing online

animation

Gus the hacker puppeteer (previously) writes, "Most of us have a relative whose computer or phone is still a snake's nest of pop-ups and malware. The 'YOUR COMPUTER HAS A VIRUS, CLICK TO SCAN' attack is still a thing, 2016 though it may be. And there are enough people asking 'why do ads pop up (on my iPhone, computer, etc)' for that question to register on Google search autocomplete." Read the rest

Password hashing demystified

1200px-Double-alaskan-rainbow

The password breaches are getting stronger and worser, and hardly a week goes by without a dump that's a couple zeroes bigger than the biggest to date -- but not all password breaches are created equal, and a lot depends on whether and how the passwords were hashed. Read the rest

Elon Musk Says Humans Will Go To Mars by 2024

Elon Musk (Reuters / Stephen Lam)

In my weekly segment on KCRW's “Press Play” news program with host Madeleine Brand, we listen to Elon Musk wax poetic about artificial intelligence and whether life might be a dream--and his plans to send humans to Mars by 2025.

Read the rest

No warrant is needed to get your phone's location data, U.S. appeals court rules

REUTERS/Zoran Milich
In a major blow to security and privacy advocates, a U.S. appeals court on Tuesday ruled that police don't have to have a warrant to obtain your cellphone location data. The ruling means that in America, you have zero expectation of privacy over the historical location data generated by your cell phone.

Read the rest

How security and privacy pros can help save the web from legal threats over vulnerability disclosure

drm-og-1

I have a new op-ed in today's Privacy Tech, the in-house organ of the International Association of Privacy Professionals, about the risks to security and privacy from the World Wide Web Consortium's DRM project, and how privacy and security pros can help protect people who discover vulnerabilities in browsers from legal aggression. Read the rest

United Arab Emirates hacked UK journalist

roadmap

A new research report from Citizenlab painstaking traces the origins of a series of sophisticated hacking attacks launched at Rori Donaghy, a UK journalist for Middle East Eye who founded the Emirates Center for Human Rights, which reports critically on the autocratic regime that runs the UAE, and 27 other targets. Read the rest

Security researcher discovers glaring problem with patient data system, FBI stages armed dawn raid

20160525_082708b

Justin Shafer was roused from his bed this week by thunderous knocking at his North Richland Hills, Texas home, and when he opened the door, found himself staring down the barrel of a 'big green' assault weapon, wielded by one of the 12-15 armed FBI agents on his lawn. Read the rest

DDoSers sell attacks for $5 on Fivver

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1068

Many years ago, EFF co-founder John Gilmore and I were discussing the prevalence of botnets, which are commonly used to launch distributed denial of service (DDoS) attacks that overwhelm websites with floods of traffic; John said that if the botnets were really on the rise at the reported rate, we should expect to see a massive crash in the price of DDoS services, following simple supply/demand logic. Read the rest

EFF fights order to remove public records documents detailing Seattle's smart-meters

animation (3)

Earlier this week, I wrote about the legal threats from Landis and Gyr against the Freedom of Information service Muckrock, which had received documents from the City of Seattle detailing the workings of Landis and Gyr's smart-meter system, which Seattle has purchased from them at public expense. Read the rest

Edward Snowden performs radical surgery on a phone to make it "go black"

animation (1)

If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it's not in use. Read the rest

Undetectable proof-of-concept chip poisoning uses analog circuits to escalate privilege

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1068

In A2: Analog Malicious Hardware, a paper given at the 2016 IEEE Symposium on Security and Privacy, a group of researchers from the University of Michigan detail a novel, frightening attack on the integrity of microprocessors that uses nearly undetectable tampering, late in the manufacturing process, to allow attackers to trip the "privilege" bit on the chip from userspace processes. Read the rest

Tor Project is working on a web-wide random number generator

hs_montreal_4

Random number generators are the foundation of cryptography -- that's why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed. Read the rest

Pastejacking: using malicious javascript to insert sneaky text into pasted terminal commands

DEC_VT100_terminal

When a computer stops behaving, the solution often involves looking up an obscure command and pasting it into the terminal -- even experienced administrators and programmers aren't immune to this, because remembering the exact syntax for commands you use once every couple years is a choresome task. Read the rest

Smart-meter vendor says that if we know how their system works, the terrorists will win

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1073

Phil Mocek filed a public records request to find out how Seattle's new smart meters -- supplied by Landis and Gyr -- will work. As Mocek writes, these meters are based on "unspecified and unverifiable sensors that monitor activity inside of private property and can communicate collected information in real-time to unspecified machines in remote locations, the workings of which are obscured from ratepayers, with interfaces used by [the city] that require specialized equipment and are thus completely unavailable to ratepayers for personal use or monitoring and verification of information communicated, is already shrouded in secrecy and seemingly proceeding despite repeated voicing of public concern and complete lack of public justification of expense." Read the rest

More posts