"andy greenberg"

An interview with Andy Greenberg about his book Sandworm, on the Russian state hackers who attack power grids

Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world. Read the rest

Attribution is hard: the incredible skullduggery used to try to blame the 2018 Olympic cyberattack on North Korea

Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers. Read the rest

Proof-of-concept supply-chain poisoning: tiny, undetectable hardware alterations could compromise corporate IT

A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise IT firms, and that when some of the victims discovered this fact, they quietly ripped out whole data-centers and replaced all their servers. Read the rest

Researchers think that adversarial examples could help us maintain privacy from machine learning systems

Machine learning systems are pretty good at finding hidden correlations in data and using them to infer potentially compromising information about the people who generate that data: for example, researchers fed an ML system a bunch of Google Play reviews by reviewers whose locations were explicitly given in their Google Plus reviews; based on this, the model was able to predict the locations of other Google Play reviewers with about 44% accuracy. Read the rest

Notpetya: the incredible story of an escaped US cyberweapon, Russian state hackers, and Ukraine's cyberwar

Andy Greenberg (previously) is Wired's senior security reporter; he did amazing work covering Russian cyberwarfare in Ukraine, which he has expanded into a forthcoming book: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers (I read it for a blurb and a review; it's excellent). Read the rest

A year after Meltdown and Spectre, security researchers are still announcing new serious risks from low-level chip operations

Spectre and Meltdown are a pair of chip-level security bugs that exploit something called "speculative execution," through which chips boost performance by making shrewd guesses about which computer operations are performed together. Read the rest

How EFF's Eva Galperin plans to destroy the stalkerware industry

Eva Galperin is one of my colleagues at the Electronic Frontier Foundation, running our Threat Lab project, where she has made it her personal mission to eradicate stalkerware: malicious software marketed to abusive spouses, overbearing parents, and creepy employers, which runs hidden on mobile devices and allows its owner to spy on everything his target is doing ("Full access to someone’s phone is essentially full access to someone’s mind" -Eva). Read the rest

The true story of Notpetya: a Russian cyberweapon that escaped and did $10B in worldwide damage

Andy Greenberg (previously) is a veteran Wired security reporter who has chronicled the frightening and chaotic world of cyberwar since its earliest days; in a forthcoming book called "Sandworm," Greenberg tells the fascinating and terrible tale of Notpetya (previously), a Russian cyberweapon (built on leaked NSA cyberweapons!) that disguised itself as criminal ransomware, but which was designed to identify and destroy key Ukrainian computer systems and networks. Read the rest

In 60 seconds, security researchers can clone the master hotel-room keys for 140,000 hotels in 160 countries

The Vingcard Vision locks are RFID-based hotel locks; at this week's Infiltrate conference in Miami, Tomi Tuominen and Timo Hirvonen from F-Secure will present a method for combining a $300 Proxmark RFID tool with any discarded key from a given hotel to derive the master keys that allow them to unlock every room in the hotel, a process that takes less than 60 seconds. Read the rest

Senate confirms Paul Nakasone to head NSA and U.S. Cyber Command

The U.S. Senate today confirmed President Donald Trump’s selection to lead the National Security Agency and U.S. Cyber Command. Paul Nakasone will replace Mike Rogers, who is retiring. Read the rest

Cities' emergency sirens will play anything you send them over an unencrypted radio protocol

It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest

Attacks that unmask anonymous blockchain transactions can be used against everyone who ever relied on the defective technique

In An Empirical Analysis of Traceability in the Monero Blockchain, a group of eminent computer scientists analyze a longstanding privacy defect in the Monero cryptocurrency, and reveal a new, subtle flaw, both of which can be used to potentially reveal the details of transactions and identify their parties. Read the rest

Modechai Guri: the guy who gets data out of airgapped computers

Computers that are isolated from the internet and local networks are said to be "airgapped," and it's considered a best practice for securing extremely sensitive systems. Read the rest

If you bought something on Silk Road with bitcoin, the blockchain will remember it forever and possibly reveal your identity

A common misconception is that bitcoin transactions are anonymous. The truth is, unless you are very careful about covering your tracks, your bitcoin transactions can be connected to you. And the transaction records on bitcoin's public database (the blockchain) can never be changed or deleted, meaning they will forever be searchable by authorities or anyone else. Andy Greenberg of Wired reports that researchers were able to "connect someone's bitcoin payment on a dark web site to that person's public account."

[T]he Qatari researchers first collected dozens of bitcoin addresses used for donations and dealmaking by websites protected by the anonymity software Tor, run by everyone from WikiLeaks to the now-defunct Silk Road. Then they scraped thousands of more widely visible bitcoin addresses from the public accounts of users on Twitter and the popular bitcoin forum Bitcoin Talk.

By merely searching for direct links between those two sets of addresses in the blockchain, they found more than 125 transactions made to those dark web sites' accounts — very likely with the intention of preserving the senders' anonymity — that they could easily link to public accounts. Among those, 46 were donations to WikiLeaks. More disturbingly, 22 were payments to the Silk Road. Though they don't reveal many personal details of those 22 individuals, the researchers say that some had publicly revealed their locations, ages, genders, email addresses, or even full names. (One user who fully identified himself was only a teenager at the time of the transactions.) And the 18 people whose Silk Road transactions were linked to Bitcoin Talk may be particularly vulnerable, since that forum has previously responded to subpoeanas demanding that it unmask a user's registration details or private messages.

Read the rest

Your early darknet drug buys are preserved forever in the blockchain, waiting to be connected to your real identity

Blockchain transactions are recorded forever and indelibly, and that means that all the Bitcoin transactions on early Tor hidden service marketplaces like Silk Road are on permanent, public display; because many people who made these transactions later went on to link those Bitcoin wallets with their real identities, those early deals are now permanently associated with their public, identifiable selves. Read the rest

Using structured encryption to search protected photos in the cloud

In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos. Read the rest

Sonos and Bose speakers can be remotely taken over by hackers

Sonos and Bose speakers assume that any device on the same network segment can be trusted to send them audio without any further authentication; if these speakers are on a network whose owner has opened a hole in their firewalls (to run a game-server, say, or because another device on the network has been compromised), they can have data sent to them by anyone on the internet. Read the rest

Next page

:)