Apple CEO Tim Cook demands Obama White House formally defend Americans' right to strong encryption

Jenna McLaughlin at The Intercept writes that Apple CEO Tim Cook “lashed out at the high-level delegation of Obama administration officials who came calling on tech leaders in San Jose last week.” 

Read the rest

Will the W3C strike a bargain to save the Web from DRM?

The World Wide Web Consortium, which makes the standards the Web runs on, continues to pursue work on DRM -- technology that you can't connect to without explicit permission, and whose bugs can't be reported without legal jeopardy lest you weaken it. Read the rest

Your smartwatch knows your ATM and phone PIN

Because a PIN-pad is so constrained and predictable, the accelerometer in your smartwatch is able to guess with a high degree of confidence (73%) what you enter into it -- it can also serve as a general-purpose keylogger, though with less accuracy (59%), thanks to the complexity of the keyboard. Read the rest

New documents shed light on secret DoJ rules for targeting journalists with National Security Letters

In July 2015, Freedom of the Press Foundation sued the Justice Department (DOJ) over the agency’s secret rules governing how the FBI can target members of the media with due process-free National Security Letters, and we have just received documents back in the ongoing lawsuit. Read the rest

Internal documents from breathalyzer company Lifesaver dumped online

The company makes ignition interlock breathalyzers that are mandated by courts as a condition of driving after DUI convictions. Read the rest

Juniper blinks: firewall will nuke the NSA's favorite random number generator

In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA. Read the rest

Vtech, having leaked 6.3m kids' data, now wants to run your home security

Remember the Hong Kong-based crapgadgeteer Vtech, who breached 6.3 million kids' data from a database whose security was jaw-droppingly poor (no salted hashes, no code-injection countermeasures, no SSL), who then lied and stalled after they were outed? They want to make home security devices that will know everything you say and do in your house. Read the rest

Juniper's products are still insecure; more evidence that the company was complicit

It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest

Payment system security is hilariously bad

In Shopshifting: The potential for payment system abuse, Karsten Nohl and Fabian Bräunlein showed attendees at Hamburg's Chaos Communications Congress just how poor the security in payment terminals is, and demonstrated several attacks that would let them harvest card numbers and PINs, make undetectable phantom charges and refunds to merchant accounts, and commit other mischief. Read the rest

The DMCA poisoned the Internet of Things in its cradle

Bruce Schneier explains the short, terrible history of the Internet of Things, in which companies were lured to create proprietary lock-ins for their products because the DMCA, a stupid 1998 copyright law, gave them the power to sue anyone who made a product that connected to theirs without permission. Read the rest

3.3 million Hello Kitty website accounts leaked

Last week, security researcher Chris Vickery discovered a database containing 3.3 million accounts from Sanriotown, a commercial Hello Kitty fansite operated by Sanrio, Hello Kitty's corporate owners. Read the rest

Israeli company's product can (allegedly) pwn any nearby mobile phone

The Interapp from Tel Aviv's Rayzone Group is an intrusion appliance that uses a cache of zero-day exploits against common mobile phone OSes and is marketed as having the capability to infect and take over any nearby phone whose wifi is turned on. Read the rest

Juniper Networks backdoor confirmed, password revealed, NSA suspected

Juniper Networks makes a popular line of enterprise firewalls whose operating system is called Screen OS. The company raised alarm bells with a late-day-on-a-Friday advisory announcing that they'd discovered "unauthorized code" in some versions of Screen OS, a strange occurrence that hinted at a security agency or criminal enterprise had managed to tamper with the product before it shipped. Read the rest

Security appliance lets hackers pwn whole nets with a never-opened email

The Fireeye "threat prevention device" is designed to scan all the emails, attachments, and other files coming in and out of your network, but a bug in the device allowed hackers to embed malware in an email that would take over the device -- and your whole network -- when the device checked it for viruses. Read the rest

Someone snuck skimmers into Safeway stores

Some Safeway customers in California and Colorado who used debit/credit cards have had their card numbers and PINs slurped up by criminals who then took the cards out for spending sprees. Read the rest

With security cam, guy catches housecleaners committing identity theft

A man in the Washington, DC area caught some housecleaners he'd hired through Handy.com photographing documents and rifling through his papers, presumably to commit identity theft.

Or, who knows, maybe they were also document archivists and wanted to be very very certain that along with the rest of the house, these papers were very very clean.

Read the rest

Pay what you want for the “White Hat Hacker” training bundle

​Practice the digital dark arts for the good guys, and make more than an honest living as a White Hat Hacker. Information Security and related I.T. career fields can pay upwards of six figures within the first few years of employment, and this bundle will teach you the techniques to get you there. ​Learn to think like a hacker in order to stop attacks before they hit--saving the day one penetration test at a time.

With this bundle, you can master penetration testing in 7 courses (60+ hrs) that dig into Hacking Node.js Apps, Windows OS, Wi-Fi devices, and more.

How this “pay what you want” deal works: Simply beat the average price to unlock over 60+ hours of content in the White Hat Hacker Bundle

Here's everything included in the bundle: 

 1

The Complete Hacking Course: Go from Beginner to Advanced!

 

 2Learn Wi-Fi Hacking/Penetration Testing From Scratch$199 Value 3Windows Exploit Development Megaprimer$99 Value 4Intensive Ethical Hacking Series$69 Value 5Ultimate Wi-Fi Hacking & Security Series$69 Value 6Node.js Security: Pentesting & Exploitation$65 Value 7Cross Site Scripting (XSS) Attacks for Pentesters$65 Value

Get it now in the Boing Boing Store: White Hat Hacker Bundle Read the rest

More posts