Michèle B. Nuijten and co's statcheck program re-examines the datasets in peer-reviewed science and flags anomalies that are associated with fakery, from duplication of data to internal inconsistencies. Read the rest
Adultfriendfinder, "the world's largest sex & swinger community," has suffered a major breach, leaking 300,000,000 accounts' worth of personal information, namely email addresses, passwords, usernames, IP addresses and browser information. Read the rest
KGW Portland surveyed 86 Oregon inmates serving time for burglary to see what they looked for when casing a house that is safe to break into and likely to contain valuables. One important lesson: "NRA sticker on car bumper = Lots of guns to steal." Read the rest
Nadia Eghbal's Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure is a long, detailed report on the structural impediments to maintaining key pieces of free/open software that underpin the internet -- it reveals the startling fragility of tools that protect the integrity, safety, privacy and finances of billions of people, which are often maintained by tiny numbers of people (sometimes just one person). Read the rest
Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. Read the rest
An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end -- at some unspecified date -- by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites. Read the rest
The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services. Read the rest
Last week, artist Michelle Pred celebrated the anniversary of the Patriot Act by dressing up as an old-timey Pan Am flight attendant (she wore her mother's old Pan Am hat!) and handing out "Official Air Travel Replacement Knives" to people waiting for their bags at SFO (she had 50 knives, but it took more than 50 tries to give them away, as more than half of the people she approached refused to engage with her). Read the rest
3 NHS hospitals under the Northern Lincolnshire and Goole NHS Foundation Trust have been infected by "a virus" that administrators detected on Sunday; the hospitals are on limited operations and turning away patients until the hospitals can "isolate and destroy" the malware. Read the rest
In Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition, researchers from Carnegie-Mellon and UNC showed how they could fool industrial-strength facial recognition systems (including Alibaba's "smile to pay" transaction system) by printing wide, flat glasses frames with elements of other peoples' faces with "up to 100% success." Read the rest
After the DNC hack, security experts began playing close attention to the security of servers associated with the Trump campaign, on the assumption that if the Democrats had been targeted, the Republicans would be, too. Read the rest
The Atlantic's Andrew McGill set up a virtual server on Amazon's cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the "toaster" had been hacked more than 300 times. Read the rest
Earlier this year, companies like Silverpush were outed for sneaking ultrasonic communications channels into peoples' devices, so that advertisers could covertly link different devices to a single user in order to build deeper, more complete surveillance profiles of them. Read the rest
Andrew McGill's internet-connected toaster isn't really a toaster: it's a "honeypot" designed to resemble the insecure "internet of things" gadgets— cameras, LED lightbulbs, fridges, etc—that make up the vast botnets behind recent internet attacks. The honeypot was hacked within an hour.
I switched on the server at 1:12 p.m. Wednesday, fully expecting to wait days—or weeks—to see a hack attempt.
Wrong! The first one came at 1:53 p.m.
Lots of the hacking attempts use the password xc3511, the factory default of many old webcams. Amazing. I love the little bot's eye view of the toaster! Read the rest
It's free for anyone to take, and Finns can get credit at the Open University of University of Helsinki (yes, that's what it's called). Read the rest
The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest