Michael C Ford has been sentenced to four years and nine months in prison, having pleaded guilty to running a sextortion/phishing operation from his work computer at the US embassy in London for two years. Read the rest
More proof that all devices in the modern world are just computers in fancy cases: the FBI's joint warning issued with the DoT and the National Highway Traffic and Safety Administration tells drivers that they're at risk of local and remote hack-attacks against their cars, and tells them they have to keep their cars' patch-levels current or they'll be in serious danger. Read the rest
Researchers at Duo Labs bought a "stack" of OEM laptops and audited the preinstalled shovelware they came with, looking specifically at the security implications of the default settings. Read the rest
The government of Iran claims to have obtained “thousands of pages of information” from devices used by the U.S. Navy sailors briefly detained in January.
Since 2014, Suckfly, a hacker group apparently based in Chengdu, China, has used at least 9 signing certs to make their malware indistinguishable from official updates from the vendor. Read the rest
The 2016 Car Hacker's Handbook expands on the hugely successful 2014 edition, in which the Open Garages movement boiled down all they'd learned running makerspaces for people interested in understanding, improving, penetration testing and security-hardening modern cars, which are computers encrusted in tons of metal that you strap your body into.
No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.
Author Craig Smith founded Open Garages and now has years of experience with community development of tools and practices for investigating how manufacturers are adding computers to cars, the mistakes they're making, and the opportunities they're creating.
The Handbook is an excellent mix of general background on how to do threat-modelling, penetration testing, reverse engineering, etc, and highly specific code examples, model numbers, recipes and advice on how to put a car up on a bench, figure out how it works, figure out how to make it do cool things the manufacturer never intended, and figure out how to understand the risks you face from people doing the same thing without your best interests at heart.
A lot of the advice is theoretical, but there are a bunch of highly practical projects, from improving and customizing your in-car satnav and entertainment system to tuning your engine performance. Read the rest
Matthew Garrett checked into a London hotel and discovered that the proprietors had decided that "light switches are unfashionable and replaced them with a series of Android tablets." Read the rest
Newport Beach based Staminus Communications offered DDoS protection and other security services to its clients; early this morning, their systems went down and a dump of their internal files were dumped to the Internet. Read the rest
Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest
Cothority is a new software project that uses "multi-party cryptographic signatures" to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their products as innocuous-looking software updates. Read the rest
In 2014, Home Depot disclosed a security breach of 53 million customer credit cards and 56 million email addresses. This week the company settled a class action lawsuit and agreed to pay as much as $19.5 million in damages and compensation. Read the rest
Last summer, security researchers Charlie Miller and Chris Valasek were so alarmed at the terrible state of information security in cars that they demo'ed a hack that let them take over Chrysler Jeep Cherokees over the public Internet, controlling the steering and the brakes and the acceleration. Read the rest
Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. Read the rest
MSU Computer Science researchers Kai Cao and Anil K Jain published a new paper describing a Read the rest
Amazon's Kindle devices run a custom version of Android that, until today, supported full-disk encryption. Now they don't. Read the rest
An unnamed shipping company had its unpatched content management system hacked by sea-pirates, who then sorted the ships at sea by the value of their cargo to help prioritize attacks to maximize the take. Read the rest
The US government is attempting to force Apple to backdoor its Iphone security, congress is considering mandatory backdoors for all secure technology, and FBI director James Comey insists that this will work, because there's no way that America's enemies might just switch over to using technology produced in other countries without such mandates. Read the rest