Security flaws found in 3 state health insurance websites

Reuters / Phil McCarten

Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people.

Read the rest

The price of stealing an identity is crashing, with no bottom in sight

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1030

The sharp increase in known, unpatched vulnerabilities in the tools we use to access the Internet has caused the price of exploits is falling through the floor. Read the rest

A perfect storm of broken business and busted FLOSS backdoors everything, so who needs the NSA?

animation

In 2014, Poul-Henning Kamp, a prolific and respected contributor to many core free/open projects gave the closing keynote at the Free and Open Source Developers' European Meeting (FOSDEM) in Belgium, and he did something incredibly clever: he presented a status report on a fictional NSA project (ORCHESTRA) whose mission was to make it cheaper to spy on the Internet without breaking any laws or getting any warrants. Read the rest

The TSA spent $1.4M on an app to tell it who gets a random search

4021669114_d9e12f2a1d_b

"TSA Randomizer" is an Ipad app that tells TSA official swhich search-lane to send fliers down, randomly directing some of them to secondary screening. Read the rest

FBI signals it has new iPhone-unlocking powers, and plans to use them: Xeni on KCRW's 'Press Play'

REUTERS/Lucy Nicholson
On today's edition of the KCRW daily news program Press Play, I speak with host Madeleine Brand about what we know, as of today, about any new capabilities the FBI may have acquired in its quest to bypass the security features on Apple iOS devices in various investigations.

Read the rest

Ransomware creeps steal two more hospitals. Again. Again.

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1016

Unlike the Hollywood hospital shutdown in Feb and the Kentucky shutdown in March which got in by phishing attacks on employees, the two hospitals in Baltimore that were taken offline by ransomware were targeted by server-based attacks that got in through vulnerabilities in public-facing hospital services. Read the rest

Automated drug cabinets have 1400+ critical vulns that will never be patched

pyxis-supplystation-system_1_SU_0609_0124

The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities. Read the rest

CNBC's secure password tutorial sent your password in the clear to 30 advertisers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1012

CNBC's Big Crunch blog put up a well-intentioned, but disastrously designed tutorial on secure password creation, which invited users to paste their passwords into a field to have them graded on how difficult it would be to guess them. Read the rest

Security researchers: help EFF keep the Web safe for browser research!

fight_for_the_user_by_nostrildarmus-d385u9h

With the Electronic Frontier Foundation, I've been lobbying the World Wide Web Consortium (W3C), which sets the open standards that the Web runs on, to take measures to protect security researchers (and the users they help) from their own bad decision to standarize Digital Rights Management as part of HTML5. Read the rest

Justice Department to drop 'FBI vs. Apple' case, because they've unlocked the iPhone

Tashfeen Malik, left, and Syed Farook died on Dec. 2, 2015, in a gun battle with authorities several hours after their assault on a gathering of Farook's colleagues in San Bernardino, Calif., that left 14 people dead.

The #FBIvsApple legal case may be over, but the fight over security, privacy, and the right to live free of surveillance has just begun. The Justice Department is expected to drop its legal action against Apple, possibly as soon as today, because an 'outside method' to bypass security on the San Bernardino gunman's iPhone has proven successful, a federal law enforcement official said Monday.

Read the rest

Ransomware gets a lot faster by encrypting the master file table instead of the filesystem

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1005

In just a few short years, ransomware -- malware that encrypts all the files on the computer and then charges you for a key to restore them -- has gone from a clever literary device for technothrillers to a cottage industry to an epidemic to a public menace. Read the rest

Security-conscious darkweb crime marketplaces institute world-leading authentication practices

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1002

If you are a seller on Alphabay -- a darkweb site that sells "drugs, stolen data and hacking tools," you'll have to use two-factor authentication (based on PGP/GPG) for all your logins. Read the rest

Names that break databases

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x998

Jennifer Null is impossible: her name can't be entered into most modern databases (plane reservations, wedding registries) because "null" is used to separate fields in databases themselves. Read the rest

Ransomware hackers steal a hospital. Again.

methodhop

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. Read the rest

Security nerds: 25% discount to for the ISSA-LA Summit, May 19-20

AAEAAQAAAAAAAAKpAAAAJDliZWMyOGNhLTI1YzItNGQ3Yi05MTBiLWJkNDhkMTJmNzhhZg

I'm giving the closing keynote at this year's Information Security Summit, which is being held at the Universal City Hilton in Los Angeles. Read the rest

Vulnerability in recorders used by 70+ manufacturers' CCTV systems has been known since 2014

retailer

Back in 2014, RSA published a report documenting a new tactic by criminal gangs: they were hacking into the digital video recorders that stored the feeds from security cameras to gather intelligence on their targets prior to committing their robberies. Read the rest

Dozens of car models can be unlocked and started with a cheap radio amp

animation (1)

A group of German researchers from ADAC have published their work on extending last year's amplification attack that let thieves steal Priuses with a $17 gadget that detected your key's unlock signal and amplified it so it would reach the car. Read the rest

More posts