USB Condom: charge your devices without allowing sneaky data-transfers


Those public USB charging points are tempting, but could be used to propagate all kind of grotesque malware (imagine what happens when your phone's camera, mic, storage, keyboard and GPS start leaking your data to voyeurs and identity thieves) -- sure, you can always buy a charge-only cable, but these crowdfunded adapters turn any cable into a power-only source.

Read the rest

Cybersecurity czar is proud of his technical illiteracy

Michael Daniel thinks "being too down in the weeds at the technical level could actually be a little bit of a distraction"; Ed Felten counters, "Imagine reaction if White House economic advisor bragged about lack of economics knowledge, or Attorney General bragged about lack of legal expertise."

Read the rest

Save the net, break up the NSA

Bruce Schneier nails it: "efficiency is not the most important goal here; security and liberty are."

Read the rest

A video about cybersecurity that you should really watch

Dan Geer's Black Hat 2014 talk Cybersecurity as Realpolitik (also available as text) is thoughtful, smart, vital, and cuts through -- then ties together -- strands of security, liability, governance, privacy, and fairness, and is a veritable manifesto for a better world.

Read the rest

Uber-like service for private security

94bd8a8bd3e856a5b2ddc43862f56a0f

The task routing craze continues with Bannerman, an on-demand private security force that promises to send muscle your way in around 30 minutes. The booking process is similar to Uber and the company says the guards "have passed background checks by the FBI & the department of Justice" and have "physical presence for visual deterrence." Now available in the SF Bay Area with other cities coming soon. (Thanks, Adam Shandobil!)

Journalist believes his phone was hacked by spooks at HOPE X, will upload image for forensics


Douglas writes, "My rooted CyanogenMod phone got hacked at HOPE X. I'm planning to get it write-blocked and imaged to crowdsource forensics."

Read the rest

Back doors in Apple's mobile platform for law enforcement, bosses, spies (possibly)

Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.

Read the rest

EFF unveils secure, sharing-friendly, privacy-minded router OS

As promised, the Open Wireless Movement's new sharing-friendly, privacy-minded router operating system was unveiled at HOPE X in New York last weekend.

Read the rest

Fake TSA screener infiltrates SFO checkpoint, gropes women


He was allegedly drunk, and had at least two victims before SFO's crackerjack private aviation security outfit, Covenant, noticed (they're the same ones who smashed my brand new camera some years ago and refused to take responsibility for it).

Read the rest

Digital First Aid Kit: where to turn when you're DoSed or have your accounts hijacked

A group of NGOs, including the Electronic Frontier Foundation, offer a suite of tools for diagnosing and mitigating the kinds of attacks faced by dissidents and independent media all over the world, especially when they threaten the powerful.

Read the rest

Google's badass "Security Princess" profiled


Parisa Tabriz 's title at Google is "Security Princess" -- meaning that she runs the adversarial internal team tasked with continuously testing and probing Google's security to find flaws before the enemy does.

Read the rest

Fake Google subdomain certificates found in the wild

An Indian certificate authority in the Microsoft root of trust has been caught issuing fake Google subdomain certificates that would allow nearly undetectable eavesdropping on "secure" connections to services like Google Docs.

Read the rest

Google Maps' enduring security holes put businesses at risk


It's been more than a year since a series of high-profile articles demonstrated that Google Maps' crowdsourcing function can be used create new listings, alter existing business listings, and even create fake Secret Service offices that real-life cops end up calling.

Read the rest

"Personal Internet security" is a team sport


My latest column in Locus magazine, Security in Numbers, looks at the impossibility of being secure on your own -- if you use the Internet to talk to other people, they have to care about security, too.

Read the rest

ISPs sue UK spies over hack-attacks


ISPs in US, UK, Netherlands and South Korea are suing the UK spy agency GCHQ over its illegal attacks on their networks in the course of conducting surveillance.

Read the rest