Leaked NSA docs: Russian military hacked US voting software company, spearphished 122 election officials

An anonymously leaked Top Secret NSA report on Russian state hackers interfering with the US elections has been published by The Intercept, which had the documents independently analyzed by a who's-who of America's leading security experts. Read the rest

Should police be able to access your cellphone location history without a warrant? Supreme Court to decide.

The U.S. Supreme Court today agreed to hear an important digital privacy rights case that will determine if police have to get a warrant to access your cellphone location data, which is archived by wireless carriers.

Read the rest

Wardriving for Stingrays with rideshare cars

Well, there's a second-decade-of-the-21st-century headline for you! Read the rest

Invent privacy & security adventures with Cryptomancer & Mozilla

Brett Gaylor writes, "As part of the Mozilla Privacy Arcade project in this year’s Global Sprint, Mozilla is inviting activists, artists, designers, educators, gamers, storytellers, and technologists of all backgrounds to invent new privacy-themed adventures for the role playing game Cryptomancer." Read the rest

Opsec for a world where the laptop ban goes global

If the Trump administration makes good on its promise to pack all potentially explosive laptops together in a blast-multiplying steel case in the plane's hold, it will be good news for would-be bombers -- and bad news for your data security. Read the rest

Why don't people use secure internet tools?

A group of scholars and practicioners from the US, Germany and the UK conducted a qualitative study on the "obstacles to adoption of secure communications tools," which was presented to the 38th IEEE Symposium on Security and Privacy. Read the rest

Medical implants and hospital systems are still infosec dumpster-fires

Medical devices have long been the locus of information security's scariest failures: from the testing and life-support equipment in hospitals to the implants that go in your body: these systems are often designed to harvest titanic amounts of data about you, data you're not allowed to see that's processed by code you're not allowed to audit, with potential felony prosecutions for security researchers who report defects in these systems (only partially mitigated by a limited exemption that expires next year). What's more, it can get much worse. Read the rest

Most Chipotle restaurants were hacked by credit-card stealing malware

Did you think you got away clean when you ate at Chipotle without dying of listeria? Not so fast! Read the rest

UK Tories say they'll exploit Manchester's dead to ban working crypto in the UK

One of UK Prime Minister Theresa May's government ministers told a reporter from The Sun that the government is planning on invoking the "Technical Capabilities Orders" section of the Snoopers Charter, a 2016 domestic spying bill; the "orders" allow the government to demand that companies cease using working cryptography in their products and services, substituting it with deliberately defective code that can be broken. Read the rest

TSA to require some electronics out of bags at 10 U.S. airports starting Memorial Day weekend

The TSA will be testing out expanded screening for carry-on electronics larger than a phone and certain food items at selected airports around the country. The new rules come just two days after a major terrorist attack in Manchester, UK, and stepped-up security in response.

The TSA says they're “testing security screening procedures for carry-on bags at 10 U.S. airports” only, and “There are no changes to nationwide procedures.”

Read the rest

1Password's new travel mode locks you out of your accounts while you're travelling and crossing borders

1Password has taken Maciej Cegłowski's demand for a "travel mode" for our technology to heart, introducing a new feature that locks you out of your own accounts when you're in situations where you might lose control of your devices or be compelled to log into your accounts without your consent.

Read the rest

An IoT botnet is trying to nuke Wcry's killswitch

Whoever created the Wcry ransomware worm -- which uses a leaked NSA cyberweapon to spread like wildfire -- included a killswitch: newly infected systems check to see if a non-existent domain is active, and if it is, they fall dormant, ceasing their relentless propagation. Read the rest

UK prison deploys active anti-drone countermeasures to fight contraband smuggling

A UK weapons company called Drone Defence has sold an anti-drone product to Les Nicolles prison on Guernsey that will use 20 nonspecific "disruptors" to do something to drones that will stop them from overflying the prison and smuggling in contraband. Read the rest

Oops! United flight attendant accidentally posted cockpit door codes

The Wall Street Journal reports that human error is still a factor in potential cockpit door breaches. Read the rest

New clues in WannaCry ransomware attack point to North Korea and Kim Jong Un

“The self-spreading ‘WannaCry’ internet worm, which ripped through 160,000 computers and crippled hospitals and other businesses, is now being linked to a North Korean cyber gang,” reports Kevin Poulsen at Daily Beast.

Read the rest

That time the TSA started screening all paper products separately

Akal Security Inc is the TSA contractor that screens passengers at Kansas City International Airport under a $108m/5 year contract; earlier this month they began abruptly scanning all paper products in carry on luggage, requiring passengers to pull out their books, papers, even post-it notes for secondary inspection. Read the rest

Yesterday's report of hardier Wcry retracted, but new versions found

Yesterday's report of a Wcry ransomware version that didn't have the killswitch that halted the worm's spread was retracted by Motherboard and Kaspersky Lab -- but today, France's Benkow computing document a new Wcry strain that has a different killswitch -- one that has already been registered, stopping the new strain. Read the rest

More posts