How DRM would kill the next Netflix (and how the W3C could save it)

netflix1

The World Wide Web Consortium's decision to make DRM part of HTML5 doesn't just endanger security researchers, it also endangers the next version of all the video products and services we rely on today: from cable TV to iTunes to Netflix. Read the rest

Security researchers: help EFF keep the Web safe for browser research!

fight_for_the_user_by_nostrildarmus-d385u9h

With the Electronic Frontier Foundation, I've been lobbying the World Wide Web Consortium (W3C), which sets the open standards that the Web runs on, to take measures to protect security researchers (and the users they help) from their own bad decision to standarize Digital Rights Management as part of HTML5. Read the rest

Ransomware hackers steal a hospital. Again.

methodhop

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. Read the rest

Vulnerability in recorders used by 70+ manufacturers' CCTV systems has been known since 2014

retailer

Back in 2014, RSA published a report documenting a new tactic by criminal gangs: they were hacking into the digital video recorders that stored the feeds from security cameras to gather intelligence on their targets prior to committing their robberies. Read the rest

Dozens of car models can be unlocked and started with a cheap radio amp

animation (1)

A group of German researchers from ADAC have published their work on extending last year's amplification attack that let thieves steal Priuses with a $17 gadget that detected your key's unlock signal and amplified it so it would reach the car. Read the rest

Anti-DRM demonstrators picket W3C meeting

OLYMPUS DIGITAL CAMERA

The World Wide Web Consortium, the decades old champion of the open Web, let down many of its biggest supporters when it decided to cater to Hollywood by standardizing DRM as part of the spec for HTML5. Read the rest

FBI issues car-hacking warning, tells drivers to keep their cars' patch-levels current

giphy

More proof that all devices in the modern world are just computers in fancy cases: the FBI's joint warning issued with the DoT and the National Highway Traffic and Safety Administration tells drivers that they're at risk of local and remote hack-attacks against their cars, and tells them they have to keep their cars' patch-levels current or they'll be in serious danger. Read the rest

The Car Hacker's Handbook: a Guide for Penetration Testers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x980

The 2016 Car Hacker's Handbook expands on the hugely successful 2014 edition, in which the Open Garages movement boiled down all they'd learned running makerspaces for people interested in understanding, improving, penetration testing and security-hardening modern cars, which are computers encrusted in tons of metal that you strap your body into.

No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.

Author Craig Smith founded Open Garages and now has years of experience with community development of tools and practices for investigating how manufacturers are adding computers to cars, the mistakes they're making, and the opportunities they're creating.

The Handbook is an excellent mix of general background on how to do threat-modelling, penetration testing, reverse engineering, etc, and highly specific code examples, model numbers, recipes and advice on how to put a car up on a bench, figure out how it works, figure out how to make it do cool things the manufacturer never intended, and figure out how to understand the risks you face from people doing the same thing without your best interests at heart.

A lot of the advice is theoretical, but there are a bunch of highly practical projects, from improving and customizing your in-car satnav and entertainment system to tuning your engine performance. Read the rest

Hotel's Android-based lightswitches are predictably, horribly insecure

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x982

Matthew Garrett checked into a London hotel and discovered that the proprietors had decided that "light switches are unfashionable and replaced them with a series of Android tablets." Read the rest

If the FBI can force decryption backdoors, why not backdoors to turn on your phone's camera?

HAL9000.svg

Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest

Open Source Initiative says standards aren't open unless they protect security researchers and interoperability

osi_standard_logo.png

The Open Source Initiative, a nonprofit that certifies open source licenses, has made an important policy statement about open standards. Read the rest

Less than a year on, America has all but forgotten the epic Jeep hack

IMG_0724-1024x7681

Last summer, security researchers Charlie Miller and Chris Valasek were so alarmed at the terrible state of information security in cars that they demo'ed a hack that let them take over Chrysler Jeep Cherokees over the public Internet, controlling the steering and the brakes and the acceleration. Read the rest

Why the First Amendment means that the FBI can't force Apple to write and sign code

giphy

Code is speech: critical court rulings from the early history of the Electronic Frontier Foundation held that code was a form of expressive speech, protected by the First Amendment. Read the rest

Apple v FBI isn't about security vs privacy; it's about America's security vs FBI surveillance

5044281763_bae2fc4023_b

Dan Kaminsky, one of the Internet's essential squad of "volunteer fire fighters" who oversaw the largest-ever synchronized vulnerability patching in Internet history, has written a stirring editorial for Wired explaining what the FBI puts at risk when it demands weaker encryption: it's not our privacy, it's the security of finance, health care, roads, and every other piece of tech-enabled infrastructure in the land. Read the rest

Federal judge rules US government can't force Apple to make a security-breaking tool

2659619029_d09a3bb557_b

We've all heard that there's a federal judge in California who ordered Apple to make a tool to help the FBI decrypt a phone belonging to one of the San Bernardino shooters -- but despite the FBI's insistence that this is a special circumstance, San Bernardino is just one of a dozen-odd cases where the FBI is making similar demands on Apple. Read the rest

Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network

FI9286P.png

Cheap Internet of Things devices like Foscam's home CCTVs are designed to covertly tunnel out of your home network, bypassing your firewall, so they can join a huge P2P network of 7 million other devices that is maintained and surveilled by their Chinese manufacturer. Read the rest

Nine key legal cases about robots, and the messy legal future of robotic devices

Judge723

Robot legal theorist Ryan Calo writes, "I thought you might enjoy my new paper, canvassing decades of American case law involving robots. Courts have had to decide, for instance, whether a robot represents something 'animate,' whether the robot band at Chuckie Cheese 'performs,' and whether a salvage crew 'possesses' a ship wreck by visiting it with a robot sub." Read the rest

More posts