Social media site targeted at teen girls is leaking 5.5M+ passwords right now


I-Dressup is a social media site aimed at teen and tween girls, where users play and interact with fashion. Six days ago, Ars Technica's Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them. Read the rest

Demand that HP make amends for its self-destructing printers [SIGN AND SHARE!]


I've written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company's bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges. Read the rest

The democratization of censorship: when anyone can kill as site as effectively as a government can


On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." We haven't quite got there yet with Stuxnet, but there's a whole class of "advanced persistent threat" techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation. Read the rest

HTML standardization group calls on W3C to protect security researchers from DRM


The World Wide Web Consortium has embarked upon an ill-advised project to standardize Digital Rights Management (DRM) for video at the behest of companies like Netflix; in so doing, they are, for the first time, making a standard whose implementations will be covered under anti-circumvention laws like Section 1201 of the DMCA, which makes it a potential felony to reveal defects in products without the manufacturer's permission. Read the rest

Yahoo says at least 500 million accounts hacked, blames "state-sponsored actor"


Yahoo today confirmed that it suffered a massive data breach that exposed information for at least 500 million user accounts in 2014. If you have a Yahoo account, the company says you should review all your online accounts for any suspicious activity.

Read the rest

Not just Yemen: Canadian cyberarms dealer Netsweeper also helped censor the net in Bahrain


Netsweeper is a litigious cyberarms dealer that threatened to sue the University of Toronto's Citizen Lab when its researchers outed the company for its work in helping Yemen's despotic regime censor the internet; later, the company dropped its lawsuit. Read the rest

Sitelock abuses DMCA to censor rival's criticisms


Sitelock is a major player in online security; a rival, White Fir, thinks its products are subpar, and has published extensive articles explaining why White Fir's products are superior -- articles that Sitelock has targeted with fraudulent copyright claims. Read the rest

HP detonates its timebomb: printers stop accepting third party ink en masse


On September 13, owners of HP OfficeJet, OfficeJet Pro and OfficeJet Pro X began contacting third-party ink vendors by the thousand, reporting that their HP printers no longer accepted third-party ink. Read the rest

In a leaked "weaponized information" catalog, Indian cyberarms dealer offers blackest-ever SEO


In 2014, an Indian company called Aglaya brought a 20-page brochure to ISS World (AKA the Wiretappers' Ball -- the annual trade fair where governments shop for surveillance technology): the brochure laid out the company's offerings, which ranged from mobile malware for Ios and Android to a unique "Weaponized Information" selection that combined denial-of-service with disinformation to "discredit a target" online. Read the rest

Rules for trusting "black boxes" in algorithmic control systems


Tim O'Reilly writes about the reality that more and more of our lives -- including whether you end up seeing this very sentence! -- is in the hands of "black boxes": algorithmic decision-makers whose inner workings are a secret from the people they affect. Read the rest

A powerful attacker is systematically calibrating an internet-killing tool

050 056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1181

Someone -- possibly the government of China -- has launched a series of probing attacks on the internet's most critical infrastructure, using carefully titrated doses of denial-of-service to precisely calibrate a tool for shutting down the whole net. Read the rest

The DoJ is using a boring procedure to secure the right to unleash malware on the internet


The upcoming Rule 41 modifications to US Criminal Justice procedure underway at the Department of Justice will let the FBI hack computers in secret, with impunity, using dangerous tools that are off-limits to independent scrutiny -- all without Congressional approval and all at a moment at which America needs its law-enforcement community to be strengthening the nation's computers, not hoarding and weaponizing defects that put us all at risk. Read the rest

IoT malware exploits DVRs, home cameras via default passwords


The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect. Read the rest

Weird 'artificial' quake was 'clearly' North Korea's fifth nuclear test

North Korean leader Kim Jong Un provides field guidance during a fire drill of ballistic rockets by Hwasong artillery units of the KPA Strategic Force, in  undated KCNA photo released Sep. 6, 2016.

If the “man-made seismic event” reported along the North Korea/China border tonight by the USGS is confirmed to be a new nuclear test, America's next Commander-in-Chief will have complex new Pyongyang problems on their plate.

Read the rest

This week in terrifying, mind-boggling password breaches


800,000 usernames and passwords from Brazzers, a giant porn site; 98 million passwords from ("Russia's Yahoo") and, coming soon, the entire user database for VKontakte/, Russia's answer to Facebook. Read the rest

How To Be At War Forever

A man fills barrels with rubble to make a barricade to protect shops in the rebel held Douma area of Damascus, Syria Sep. 2, 2016. REUTERS

If you were the government and wanted to maintain a state of perpetual war, how would you go about it? Read the rest

Unprotected database exposes off-grid energy users in Guatemala, South Africa

Two of the leaked identification cards -- on the left, a South African ID, and a Guatemalan ID on the right. (Image: leaked database, via ZDnet)

An unprotected Kingo Solar database with the personal data and photos for thousands of off-the-grid electricity customers was accessible for months, reports Zack Whittaker at ZDnet. “Thousands of remote villagers in Guatemala and South Africa are living off the grid, but their personal information isn't,” he writes.

Read the rest

More posts