When online security is literally a roll of the dice, which dice do you use?

My search for an easy way to generate strong passwords and passphrases led me to the "Diceware" method Cory wrote about on Boing Boing. This was no game. I needed serious dice.

Typing patterns are the latest anonymity-shattering personal identifier

Long a theoretical threat, the observation of typing patterns has been refined into a "a highly practical attack" aimed at user anonymity over the internet. Read the rest

Self-aiming sniper rifle can be pwned over the Internet

The $13,000 Trackingpoint sniper rifle is vulnerable to wifi-based attacks that allow your adversary to redirect bullets to new targets of their choosing. Read the rest

Chrysler has to recall its cars due to security vulnerabilities

Chrysler, whose Jeep Cherokees were demonstrated to be vulnerable to Internet-based attacks on their steering and brakes (as well as radios, air conditioning and other systems) has recalled 1.4M cars due to software vulnerabilities. Read the rest

Once again: Crypto backdoors are an insane, dangerous idea

The Washington Post editorial board lost its mind and called on the National Academy of Sciences to examine "the conflict" over whether crypto backdoors can be made safe: the problem is, there's no conflict. Read the rest

Hackers can pwn a Jeep Cherokee from the brakes and steering to the AC and radio

A zero-day exploit for Jeep Cherokees allows hackers to control everything from the engine to the air-conditioning over the Internet, overriding the driver at the dashboard. Read the rest

How did an Ohio inmate get prison administrators' usernames and passwords?

Lebanon prison, Ohio

Ohio authorities are investigating how a prisoner obtained a list of the usernames and passwords for prison administrators.

Read the rest

With faked degrees, U.S. tech official ran law enforcement data systems for years. Then he resigned, got a new gov job.

“A key Interior technology official who had access to sensitive systems for over five years had lied about his education, submitting falsified college transcripts produced by an online service.”

UK schools' "anti-radicalisation" software lets hackers spy on kids

The spyware that Impero supplies to UK schools -- which searches kids' Internet use for "jihadi" terms -- uses "password" as its default password, and the company has threatened brutal legal reprisals against the researcher who repeatedly demonstrated their total security negligence. Read the rest

United rewards security researchers with air miles

The BBC reports that after two "hackers" spotted security holes in its website, United rewarded them with a million miles each.

One security expert said the scheme was a big step forward for online security.

"Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us," said security consultant Dr Jessica Barker.

"Bug bounties are common in tech companies as they tend to understand online security a bit more, but other industries are catching up," said Dr Barker.

Read the rest

US Army National Guard reveals they, too, recently suffered data breach

The compromised data includes Social Security Numbers, Dates of Birth, and Home Addresses.

Moxie Marlinspike profiled in WSJ. Obama thinks secure messaging apps like the one he built are “a problem.”

[Wall Street Journal]

The Wall Street Journal just discovered what some of us have known for a long time: Moxie Marlinspike is really cool, and the work he does is important. Read the rest

US says hackers stole Social Security numbers from 21.5 million people in OPM data breach

The new number is a lot higher than the 14 million figure investigators offered last month.

What horrible things did we learn about Hacking Team today?

The enormous dump of docs from cyber-arms-dealer Hacking Team continues to yield up details, like the time the company tried to sell spying tools to a death squad. Read the rest

What happened at yesterday's Congressional hearings on banning crypto?

Cryptographers and security experts gathered on the Hill yesterday to tell Congress how stupid it was to ban crypto in order to make it easier to spy on "bad guys." Read the rest

Report: Uber uses GPS to punish drivers in China who get close to protests

To appease the Chinese government, Uber is using GPS on drivers’ phones to ID and threaten any Uber drivers who get too close to the taxi drivers' protests.

Argentine police raid programmer who discovered fatal e-voting flaws

Joaquín Sorianello found the defects in MSA, manufacturer of the Vot.ar e-voting system, and the next he heard about it was when the police came to his house, seized every piece of electronic equipment. Read the rest

More posts