Theoretical "auto-brothel" attack on mechanics' computers could infect millions of cars


Companies like GM have engineered their cars so that it's a felony to make independent diagnostic tools for them, or to investigate the official diagnostic tools rented to mechanics in exchange for a promise to only buy GM's hyper-inflated replacement parts. Read the rest

Right to Encrypt is under fire in America. is fighting for your crypto rights.


The Intercept just published an amazing article by Jim Bamford yesterday talking about how the NSA exploited a backdoor in Vodafone to spy on Greek politicians and journalists during the 2004 Olympics.

Bamford is an American author and journalist best known for his writing about United States intelligence agencies, and in particular the National Security Agency.

In a meticulous investigation, Bamford reports at the Intercept that the NSA was behind the notorious, legendary “Athens Affair”. After the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s method of wiretapping voice calls. The attacker spied on phone calls of the president and other Greek politicians and journalists before the hack was found out.

Freedom of the Press Foundation director Trevor Timm wrote for the Guardian about why this is exactly why encryption backdoors are so dangerous.

What are encryption backdoors? For non-techie readers, basically these are ways the government can unencrypt your "locked" communications if they decide they want to see your private material for any secret reason.

And in related news, rumor has it the White House is nearing a decision on whether to embrace the right to encryption for American citizens, or join the FBI in calling for backdoors.

Dozens of civil liberties groups, including Freedom of the Press Foundation, launched this site and petition today that feeds into the White House petition system:

If you care about this issue, right now is the time to take action. Read the rest

In online censorship arms race, Thailand vows a China-style “Great Firewall”


“Thai authorities are planning to tighten control over the Internet, creating a single international access point so they can better monitor content,” reports Voice Of America Correspondent Steve Herman in Bangkok.

The plan is being called Thailand’s own "Great Firewall," after the colloquial term used to describe the Chinese government's extensive and effective internet censorship system. Read the rest

How to break into a Brinks lockbox in seconds


We already know that Brinks' computerized safes can be hacked within a minute, but did you know their traditional lockboxes are even easier to get into?

YouTuber jcazes provides instructions, complete with all the exhaustive details required to understand Brinks' intricate mechanism.

Step 1: Insert a paperclip, applying vertical tension Step 2: turn the paperclip Step 3: laugh

Read the rest

The FBI has no trouble spying on encrypted communications


Every time the Bureau wants to spy on someone whose communications are encrypted, they just hack them. Read the rest

Obama and China's Xi Jinping make a deal on commercial cyber espionage

The Financial Times reports that U.S. President Barack Obama has negotiated a commitment from Chinese counterpart Xi Jinping that China will not conduct commercial cyber espionage. In what were reportedly tense, prolonged talks, Obama communicated to the Chinese leader that the United States was ready to impose sanctions on Chinese companies accused of profiting from stolen industrial secrets. Read the rest

Why biometrics suck, the Office of Personnel Management edition


The nation-state hackers who stole 5.6 million+ records of US government employees (cough China cough) also took 5.6 million+ fingerprints. But it's no problem: those people can just get new fingerprints and revoke their old ones right? Read the rest

Sparrows practice locks: a great starting place for locksport


Canadian locksport supplier Sparrows makes some of the best advanced picks in the world, but they're also the rank beginner's best friend. Read the rest

Symantec caught issuing rogue certificates


Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or a government to act as a man-in-the-middle between you and your bank, email provider, or employer, undetectably intercepting communications that you believed to be secure. Read the rest

Poker malware infects your computers and peeks at your cards


Odlanor is Windows malware that targets users of Pokerstars and Full Tilt Poker, and exfiltrates information about their cards to their competitors. Read the rest

3D print your own TSA Travel Sentry keys and open anyone's luggage


Watch this video on The Scene.

The TSA mandates that all checked luggage must be locked with a deliberately flawed lock that can be opened with one of a handful of skeleton keys that are supposed to be kept secret. It's been more than a year since the TSA allowed a newspaper photographer to print a high-rez photo of its universal luggage-lock keys, allowing any moderately skilled locksmith to create her own set. Ars Technica downloaded a set of key STL files from Github, printed them on a consumer 3D printer, and showed that they could gain entry to any luggage.

It's a model for what happens with any kind of law-enforcement/public safety back door: the universal keys leak and there's no way to re-key all those locks out there in the field. The FBI and UK security services are calling for backdoors in all crypto -- the code we use to protect everything from pacemakers to bank accounts. This is as neat an illustration of why that's a bad idea as you could ask for. Read the rest

Jeb Bush: Leave NSA Alone

Jeb Bush Campaign 2016 photo
“We must stop demonizing these quiet intelligence professionals and start giving them the tools they need.”

Ashley Madison users chose passwords like "whyareyoudoingthis"

Now that 11.7 million Ashley Madison users' passwords been shown to be crackable, we're learning that password security has not improved since the last giant dump of user passwords. Read the rest

Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

A flaw in the fraudulent dating site's password hashing means that at least 15 million of its users' passwords are liable to decryption. Read the rest

NYC to-do: "Art, Design, and The Future of Privacy," Sept 17

A night of talks and conversations about privacy and tech, centered on humane design and user-experience -- I'm speaking there! Read the rest

Your baby monitor is an Internet-connected spycam vulnerable to voyeurs and crooks

Researchers revealed ten major vulnerabilities in Internet-of-Things babycams from a variety of vendors ranging from spunky startups like Ibaby Labs to rock-ribbed (and deep-pocketed -- attention, class actioneers!) giants like Philips. Read the rest

Russian software security firm Kaspersky threatened to 'rub out' rival, email reveals

Eugene Kaspersky, chairman and CEO of Kaspersky Lab, listens to a question during an interview in New York March 10, 2015. REUTERS
A hot tech intrigue story from Joe Menn at Reuters on alleged dirty-doings between Kaspersky and its rivals.

More posts