The World Wide Web Consortium wants to give companies a veto over warnings about browser defects

Since 2013, when the W3C decided to standardize DRM for web videos, activists, security researchers and disabled rights advocates have been asking the organization what it plans on doing about the laws that make it illegal to bypass DRM, even to add features to help blind people, or to improve on browsers, or just to point out the defects in browsers that put billions of web users at risk. Read the rest

Enterprise firewalls are man-in-the-middling HTTPS sessions like crazy, and weakening security

A group of security researchers from academe and industry (including perennial Boing Boing favorite J Alex Halderman) have published an important paper documenting the prevalence and problems of firewalls that break secure web sessions in order to scan their contents for undesirable and malicious content. Read the rest

Son of Stuxnet: "invisible," memory-resident malware stalks the world's banks

Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives. Read the rest

This dump of Iphone-cracking tools shows how keeping software defects secret makes everyone less secure

Last month, a hacker took 900GB of data from Cellebrite, an Israeli cyber-arms dealer that was revealed to be selling surveillance and hacking tools to Russia, the UAE, and Turkey. Read the rest

Trump to sign yet another trash executive order, this time on 'the cyber'

'President' Donald Trump is expected to sign an executive order addressing cybersecurity today, Reuters reports in an item that cites "two sources familiar with the situation.” The EO is expected to be Trump's first action to address what he called a top priority of his administration during the Presidential campaign.

Read the rest

Google quietly makes "optional" web DRM mandatory in Chrome

The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Read the rest

With Windows 10, Microsoft doubles down on forced updates and reboots (save your work!)

Windows 10 takes one of the most hated aspects of Microsoft operating systems -- forced, sudden software updates and reboots -- and elevates them to a sadistic art, with Win 10 machines suddenly announcing that it's update time and rendering themselves inoperable for up to an hour, wiping out unsaved work and locking users out of their computers while they're onstage, or in the middle of large file uploads, or livecasting, or completing a live test for college admission, taking notes during an interview, etc. Read the rest

A lively history of DRM and gaming

17 minutes of funny and informative notes from the history of DRM from Lazy Game Reviews, starting with Bill Gates's infamous Open Letter to Hobbyists and moving through to the modern era with its activation codes, rootkits and scandals. (Thanks, Fipi Lele!) Read the rest

Sex club for bi women, some closeted, put all their risqué full-body "audition" photos in a publicly accessible folder

Skirt Club, a sex club "for girls who play with girls," required prospective members to upload "full body" photos with their applications; these photos were stored in world-readable folders with easily guessable names. When the site's owners were contacted about this, they promised action but did nothing for three weeks, and then made an incomplete job of it. They have not notified their users about the breach. Read the rest

You can install ransomware on a Samsung Galaxy by sending it an SMS

Researchers from Context Security have identified a vulnerability in Samsung Galaxy phones: by embedding commands in the obsolete, 17-year-old WAP proptocol in an SMS message, attackers can put them into endless reboot loops, or encrypt their storage and charge the phone's owners for a decryption key. Read the rest

UPDATED: Ransomware creeps steal the entire St Louis library system

Update: The library system has recovered access to its computers.

The libraries of St Louis, MO have been crippled by a ransomware attack that has shut down the public terminals the library provides to the poor and vulnerable of St Louis, as well as the systems used to process book and material lending (the catalog is on a separate, uninfected system). Read the rest

Facebook CSO Alex Stamos is a human warrant-canary for the Trump era

Even before he took the job of Chief Security Officer of Yahoo, Alex Stamos had a reputation for being a badass: a thoughtful security ethicist who served as an expert witness in defense of Aaron Swartz, Stamos cemented his reputation by publicly humiliating the director of the NSA over mass surveillance. Read the rest

Political leaks disrupt Ecuadoran election

Opponents of Ecuadoran president Rafael Correa -- himself a prolific and shrewd social media campaigner -- have had their social media accounts hacked and used to dump embarrassing transcripts purporting to show their party in disarray and romantic scandals in their personal lives. Read the rest

Coded: new documentary series on hackers

Seth Godin sends us this trailer for Coded, a new documentary series on hackers: "There’s an invisible war being waged. And we’re all part of it. Foreign governments are hacking major corporations. Major corporations are collecting massive amounts of consumer data. And the NSA is listening…to everything. But a new generation of programmers armed with powerful technology is rising up and fighting back. Freethink presents a new original series: Coded." Read the rest

Squirrels are vastly more harmful to the world's power grids than "the cyber" is

Of 1700+ known acts of global power-grid sabotages, affecting some 5,000,000 people, 879 were caused by squirrels; between 0 and 1 were caused by Russia, and another 1 was caused by the USA (Stuxnet). Read the rest

Houseguests, technological literacy, and the goddamned wifi: a single chart

Randal Munroe nails it again in an XKCD installment that expresses the likelihood that your houseguests will be able to connect to your wifi (I confess to having been the "firmware" guide -- but also, having been reminded to do something about my own firmware when other difficult houseguests came to stay). Read the rest

Whatsapp: Facebook's ability to decrypt messages is a "limitation," not a "defect"

Facebook spokespeople and cryptographers say that Facebook's decision to implement Open Whisper Systems' end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user's knowledge reflects a "limitation" -- a compromise that allows users to continue conversations as they move from device to device -- and not a "defect." Read the rest

More posts