Boing Boing 

Brute-force iPhone password guesser can bypass Apple's 10-guess lockout

The IP Box costs less than £200 and can guess all possible four-digit passwords in 111 hours.

Read the rest

Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

No one explains security, privacy, crypto and safety better.Read the rest

Companies should never try to intercept their users' encrypted traffic

Lenovo's disgraceful use of Superfish to compromise its users' security is just the tip of the iceberg: everywhere we look, companies have decided that it's a good idea to sneakily subvert their users' encryption.

Read the rest

Revenge porn shitweasel pleads guilty, admits he hacked victims' accounts


Michael from Muckrock writes, "After months of legal wrangling, Hunter Moore, who ran 'revenge porn' website Isanyoneup, has agreed to a plea deal that will see him serve a minimum of two years and up to seven years in jail, as well as up to $500,000 in fines."

Read the rest

An Internet of Things that do what they're told


California's phone bricking bill seems to have reduced thefts in the short run, but at the cost of giving dirty cops and wily criminals the power to wipe-and-brick your phone at will.

Read the rest

Shining light on the shadowy, "superhuman" state-level Equation Group hackers


For more than decade, a shadowy, heavily resourced, sophisticated hacker group that Kaspersky Labs calls the Equation Group has committed a string of daring, cutting-edge information attacks, likely at the behest of the NSA.

Read the rest

Security researcher releases 10 million username and password combinations


Security researcher Mark Burnett has released 10,000,000 username/password combos he's downloaded from well-publicized hacks, citing the prosecution of Barrett Brown and the looming Obama administration crackdown on security researchers as impetus to do this before it became legally impossible.

Read the rest

Security presentations from Shmoocon

The amazing, always-sold out security conference Shmooocon has posted the videos from its latest event, held earlier this month.

Read the rest

Life inside a DDOS "booter site"

The internal records of Lizardsquad's Lizardstresser -- a service that would, for money, flood sites with traffic intended to knock them off the Internet -- were dumped to Mega by Doxbin's former operator, providing an unprecedented public look at the internal workings of booter.

Read the rest

FBI targets companies that hire hackers to protect them against hackers

US businesses are frustrated by the federal government's weak response to hacker attacks. They are hiring cybersecurity firms to launch counterstrikes against foreign-based hackers. Now, that's something the FBI is eager to investigate.

Read the rest

New NSA leaks: does crypto still work?


Matthew Green's got an excellent postmortem on the huge dump of NSA docs Der Spiegel last weekend.

Read the rest

Fingerprints can be reproduced from photos of your hands

A presentation by Starbug at the 31st Chaos Communications Congress (previously) demonstrated a technique for deriving fingerprints from a couple of photographs of your hands. Starbug's proof of concept was a copy of the fingerprints of German Defense Minister Ursula von der Leyen.

Read the rest

Livestreams from the Chaos Communications Congress

The 31st Chaos Communications Congress is underway in Hamburg, where some of the most important, entertaining, mind-blowing, and earth-shaking information about computer security and politics will be revealed. Here's the livestream. (via Hacker News)

Telcos' anti-Net Neutrality argument may let the MPAA destroy DNS


The telcos' ongoing battle against Net Neutrality have led them to make a lot of silly legalistic arguments, but one in particular has opened the whole Internet to grave danger from a legal attack from the entertainment industry, which may finally realize its longstanding goal of subverting DNS to help it censor sites it dislikes, even if it makes life much easier for thieves and spies who use DNS tricks to rob and surveil.

Read the rest

Usbdriveby: horrifying proof-of-concept USB attack

Samy Kamkar has a proof-of-concept attack through which he plugs a small USB stick into an unlocked Mac OS X machine and then quickly and thoroughly compromises the machine, giving him total, stealthy control over the system in seconds, even reprogramming the built-in firewall to blind it to its actions.

Read the rest

Over 700 million people have taken steps to improve privacy since Snowden


As Schneier points out, the way this is spun ("only 39% of people did something because of Snowden") is bullshit: the headline number is that more than 700 million people are in the market for a product that barely exists, and that could make more money than Facebook if you get it right.

Read the rest

Crowdfunding a USB-stick-sized, GNU/Linux-ready computer

A reader writes, "The USB Armory is full-blown computer (800MHz ARM® processor, 512MB RAM) in a tiny form factor (65mm x 19mm x 6mm USB stick) designed from the ground up with information security applications in mind."

Read the rest