Boing Boing 

Moxie Marlinspike profiled in WSJ. Obama thinks secure messaging apps like the one he built are “a problem.”

[Wall Street Journal]


[Wall Street Journal]

The Wall Street Journal just discovered what some of us have known for a long time: Moxie Marlinspike is really cool, and the work he does is important.

Read the rest

US says hackers stole Social Security numbers from 21.5 million people in OPM data breach

shadowofthehacker

The U.S. Office of Personnel Management (OPM) said today that hackers stole sensitive data, including social security numbers, of about 21.5 million people from background investigation databases.

Read the rest

What horrible things did we learn about Hacking Team today?


The enormous dump of docs from cyber-arms-dealer Hacking Team continues to yield up details, like the time the company tried to sell spying tools to a death squad.

Read the rest

What happened at yesterday's Congressional hearings on banning crypto?


Cryptographers and security experts gathered on the Hill yesterday to tell Congress how stupid it was to ban crypto in order to make it easier to spy on "bad guys."

Read the rest

Report: Uber uses GPS to punish drivers in China who get close to protests

CHINA UBER

Uber is urging its drivers in China “not to get involved in conflicts with authorities and has threatened to punish those who disobey,” reports the Wall Street Journal.

Read the rest

Argentine police raid programmer who discovered fatal e-voting flaws


Joaquín Sorianello found the defects in MSA, manufacturer of the Vot.ar e-voting system, and the next he heard about it was when the police came to his house, seized every piece of electronic equipment.

Read the rest

Computer scientists on the excruciating stupidity of banning crypto

A paper from some of the most important names in crypto/security history scorchingly condemns plans by the US and UK governments to ban "strong" (e.g. "working") crypto.

Read the rest

New York nears settlement with local Muslim leaders over spying lawsuit

Muslim-Americans protesting NYPD surveillance. Image: Reuters


Muslim-Americans protesting NYPD surveillance. Image: Reuters

The NYC government has come to initial settlement terms with Muslims, represented by the American Civil Liberties Union, who challenged police surveillance as an unconstitutional and stigmatizing intrusion on their religious rights.

Read the rest

Navy openly solicits for 0-day bugs to weaponize


A solicitation on FedBizOpps from the Navy asks security researchers to sell them their "vulnerability intelligence, exploit reports and operational exploit binaries affecting widely used and relied upon commercial software."

Read the rest

US Government Office of Personnel Management has a second, much worse breach


The second attack is being blamed on Chinese state actors, and it netted the archives of Standard Form 86, which records applicants' mental illnesses, drug and alcohol use, past arrests and bankruptcies and lists of contacts and relatives.

Read the rest

Radio Shack bankruptcy update: most customer data will be destroyed, not sold to pay creditors

giphy (5)

When electronics retailer Radio Shack filed for bankruptcy, the chain proposed selling customers' personal data to raise cash and repay creditors. That's not gonna happen, and the news is seen as a win for the right to privacy.

Read the rest

US CIO defies the FBI, orders HTTPS for all government websites


Tony Scott, CIO of the US government, has spit in the eye of assistant FBI director Michael Steinbach, who called on companies "to build technological solutions to prevent encryption above all else."

Read the rest

If the FBI has a backdoor to Facebook or Apple encryption, we are less safe

Reuters


Reuters

Freedom of the Press Foundation director Trevor Timm tells Boing Boing,

Now that the USA Freedom Act is out of the way, it seems pretty clear the next battle in Congress will almost certainly be over encryption, as the FBI has not stopped its push to force tech companies to insert a backdoor into their communications tools, despite being ridiculed for it by security experts. The FBI seems to push it even farther in the past week, testifying before Congress that they need to stop encryption "above all else" and leaking a story to the LA Times about ISIS using encrypted text messaging apps. I wrote about what a dumb move it is on several levels for the Guardian.

Read the rest

Internet-connected hospital drug pumps vulnerable to remote lethal-dose attacks


Researcher Billy Rios (previously) has extended his work on vulnerabilities in hospital drug pumps, discovering a means by which their firmware can be remotely overwritten with new code that can result in lethal overdoses for patients.

Read the rest

Open garage-doors in less than a minute with a hacked kid's toy

Applied Hacking's Samy Kamkar (previously) has released Opensesame, an app for hacked IM-ME texting toys that can open millions of fixed-code garage doors in less than a minute.

Read the rest

Facebook rolls out new encryption features

Reuters


Reuters

An update rolled out today by Facebook allows users to post their public email encryption key on their Facebook profile, so others can encrypt future emails to that user. Here's the official blog post at Facebook.

More at CPJ:

Facebook profiles now have a field for PGP public keys--just like for phone numbers or email addresses. Uploaded keys can be shared as widely or narrowly as desired, just like other information on a Facebook profile. For journalists who use Facebook to connect with sources and disseminate, share, and comment on news, their profile will now indicate they are available for encrypted emails. The new feature will also make it easier to securely contact potential sources.

A sample display of the new encryption feature offered to users by Facebook.


A sample display of the new encryption feature offered to users by Facebook.

"Status update: Facebook users now have access to PGP encryption" and "CPJ welcomes Facebook move to add PGP encryption features" [Committee to Protect Journalists]

"Securing Email Communications from Facebook" [Facebook]

NSA can't legally surveil Americans' every phone call, for now. Thanks, Edward Snowden.

GARY CAMERON/REUTERS


GARY CAMERON/REUTERS

nsa-eagle_0

Today is a big day for privacy in the United States: each of us can now call our mom, our best friend, or a pizza delivery service without the NSA automatically keeping a record of who we called, when, and how long the conversation lasts.

Read the rest