Jeb Bush: Leave NSA Alone

Jeb Bush Campaign 2016 photo
“We must stop demonizing these quiet intelligence professionals and start giving them the tools they need.”

Ashley Madison users chose passwords like "whyareyoudoingthis"

Now that 11.7 million Ashley Madison users' passwords been shown to be crackable, we're learning that password security has not improved since the last giant dump of user passwords. Read the rest

Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

A flaw in the fraudulent dating site's password hashing means that at least 15 million of its users' passwords are liable to decryption. Read the rest

NYC to-do: "Art, Design, and The Future of Privacy," Sept 17

A night of talks and conversations about privacy and tech, centered on humane design and user-experience -- I'm speaking there! Read the rest

Your baby monitor is an Internet-connected spycam vulnerable to voyeurs and crooks

Researchers revealed ten major vulnerabilities in Internet-of-Things babycams from a variety of vendors ranging from spunky startups like Ibaby Labs to rock-ribbed (and deep-pocketed -- attention, class actioneers!) giants like Philips. Read the rest

Russian software security firm Kaspersky threatened to 'rub out' rival, email reveals

Eugene Kaspersky, chairman and CEO of Kaspersky Lab, listens to a question during an interview in New York March 10, 2015. REUTERS
A hot tech intrigue story from Joe Menn at Reuters on alleged dirty-doings between Kaspersky and its rivals.

Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House

The spear-phishing attempt appears to be part of "Pawn Storm," a massive attack that's been underway across the net for more than a month, and involved a rare zero-day (previously unknown) Java exploit. Read the rest

Elaborate spear-phishing attempt against global Iranian and free speech activists, including an EFF staffer

Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication. Read the rest

EFF announces the 2015 Pioneer Award winners

Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra will be awarded the EFF's prestigious prize recognizing the leaders who are extending freedom and innovation on the electronic frontier. Read the rest

Samsung fridges can leak your Gmail logins

Researchers at Pen Test Partners took up the challenge to hack a smart fridge at Defcon's IoT Village, and discovered that they could man-in-the-middle your Google login credentials from Samsung fridges. Read the rest

Car information security is a complete wreck -- here's why

Sean Gallagher's long, comprehensive article on the state of automotive infosec is a must-read for people struggling to make sense of the summer's season of showstopper exploits for car automation, culminating in a share-price-shredding 1.4M unit recall from Chrysler, whose cars could be steered and braked by attackers over the Internet. Read the rest

Make your own TSA universal luggage keys

The image above, published in 2014 in this story and credited to The Washington Post, showed the keying patterns for all of the TSA-complaint "Travel Sentry" luggage locks. Read the rest

Ashley Madison leak 2.0: new dump is twice as large, and includes CEO's emails

Self-proclaimed Ashley Madison hackers the Impact Team today released what looks like another 20 gigabytes of ill-gotten data. The just-dropped “other shoe” includes emails from the cheater-dating website's CEO.

Read the rest

"I hope the Chinese aren't collating the Ashley Madison data with their handy federal list of every American with a security clearance." -Bruce Sterling

-Bruce Sterling Read the rest

Your Android unlock pattern sucks as much as your password did

In Tell Me Who You Are, and I Will Tell You Your Lock Pattern, Marte Løge presented some of her Master's Thesis research on the guessability of Android lock-patterns -- and guess what? Read the rest

Giant dump of data purports to be from

The dating site for people wanting to cheat on their spouses was breached last month. Read the rest

New pornoscanners are also useless, cost $160 million

The new generation of millimeter-wave body scanners from the convicted war-criminals at L-3 were supposed to replace the useless, expensive backscatter radiation machines from Rapiscan with a more robust, less privacy invasive alternative. Read the rest

More posts