Paul Moreno, an Ecuadoran blogger, discovered a flaw in the country's national online identity database, which he demonstrated by hijacking the identity of President Rafael Correa. He was briefly arrested, but was released after a vociferous Twitter campaign that prompted action from the president, who personally ordered Moreno's release. Moreno triumphantly announced his victory on Twitter.
Citing a Wired story on password security, Moreno set out on Nov. 26 to demonstrate a security flaw in DatoSeguro with an attention-getting proof of concept scheme: accessing President Correa’s account. He began by doxing the president, and once equipped with Correa’s date of birth and a national identification number — obtained via online searches — he had two of the three pieces of information he needed. The third was a set of two numbers from an identity card, which he simply guessed. With that, he had access to Correa’s account.
“Out of curiosity, I noticed one time that the fingertip digits in the IDS are all very similar,” he wrote on his blog. “There’s a V or an E or an A followed by various numbers: V23444 – E5444 and so on…combinations that are very simplistic, apparently. The system asked me for the third and fourth numbers of the fingertip digits. With the first combination, I got the numbers right and my account was created. After verifying the email the system sends, I had access to all Rafael Vicente Correa Delgado’s so-called secure data. It took me about half an hour, maybe less.”
Blogger Jailed After Password-Hacking Ecuador’s President [Wired/Mat Honan]
I'm delivering the annual Kilgour lecture tomorrow morning at 10AM at UNC, and I'll be speaking at Flyleaf Books at 7PM -- be there or be oblong!
Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker.
It's been ten years since the publication of my bestselling novel Little Brother; though the novel was written more than a decade ago, and though it deals with networked computers and mobile devices, it remains relevant, widely read, and widely cited even today.
Our computers are home to a myriad of files and documents, many of which contain sensitive information. While storing this data on your computer is convenient, it’s not exactly safe, and with news headlines highlighting data leaks and ransomware attacks on what seems like a daily basis, moving them to a safer location is a […]
Total versatility isn’t something you’d typically find in a telescope. While magnification tech has come a long way, most telescopes are designed to either gaze upon the stars or view the landscapes beneath them. The Omegon Maksutov Telescope MightyMak 60 lets you do both, and thanks to its compact design, you can easily incorporate some sightseeing into […]
The web is an invaluable tool for connecting small businesses with their target audiences. However, when it comes to building a website and marketing online, the learning curve can be steep if you’re doing it on your own. The WordPress Essentials Lifetime Bundle can help you out by getting you up to speed with the platform […]
