Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.

The ghost gun debate has been a boogeyman of firearm reform discussions since at least 2013, when Defense Distributed's now-infamous 3D-printed "Liberator" pistol first burst onto the scene. The brain child of self-described crypto-anarchist Cody Wilson, who recently agreed to register as a sex offender as part of a plea bargain to get out of some even worse charges, the Liberator occupies a complicated legal and ethical grey area. — Read the rest

Earth's Deadliest [Computer] Virus is a great overview of the 2017 Wannacry ransomware attack, and Marcus Hutchins' efforts to halt its progress.

The Disrupt video is based on the terrific Wired article by Andy Greenberg, which describes Hutchins' arrest and questioning about the Kronos banking malware he had written as a teen:

For those minutes, Hutchins allowed himself to believe that perhaps the agents wanted only to learn more about his work on WannaCry, that this was just a particularly aggressive way to get his cooperation into their investigation of that world-shaking cyberattack.

• U.S. State Department blames Russia for cyberattacks that hit neighboring Georgia in October 2019

• By identifying Russia's digital assaults on neighbors, US hopes to raise awareness of ongoing GRU attacks on US

Cliff Stoll (previously) is a computing legend: his 1989 book The Cuckoo's Egg tells the story of how he was drafted to help run Lawrence Berkeley Lab's computers (he was a physicist who knew a lot about Unix systems), and then discovered a $0.75 billing discrepancy that set him on the trail of East German hackers working for the Soviet Union, using his servers as a staging point to infiltrate US military networks.

For years, I've followed Andy Greenberg's excellent reporting on "Sandworm," a set of infrastructure-targeted cyberattacks against Ukraine widely presumed to be of Russian origin, some of which escaped their targeted zone and damaged systems around the world.

Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers.

A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise IT firms, and that when some of the victims discovered this fact, they quietly ripped out whole data-centers and replaced all their servers.

Machine learning systems are pretty good at finding hidden correlations in data and using them to infer potentially compromising information about the people who generate that data: for example, researchers fed an ML system a bunch of Google Play reviews by reviewers whose locations were explicitly given in their Google Plus reviews; based on this, the model was able to predict the locations of other Google Play reviewers with about 44% accuracy.

Andy Greenberg (previously) is Wired's senior security reporter; he did amazing work covering Russian cyberwarfare in Ukraine, which he has expanded into a forthcoming book: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers (I read it for a blurb and a review; it's excellent).

Spectre and Meltdown are a pair of chip-level security bugs that exploit something called "speculative execution," through which chips boost performance by making shrewd guesses about which computer operations are performed together.

Eva Galperin is one of my colleagues at the Electronic Frontier Foundation, running our Threat Lab project, where she has made it her personal mission to eradicate stalkerware: malicious software marketed to abusive spouses, overbearing parents, and creepy employers, which runs hidden on mobile devices and allows its owner to spy on everything his target is doing ("Full access to someone's phone is essentially full access to someone's mind" -Eva).

Andy Greenberg (previously) is a veteran Wired security reporter who has chronicled the frightening and chaotic world of cyberwar since its earliest days; in a forthcoming book called "Sandworm," Greenberg tells the fascinating and terrible tale of Notpetya (previously), a Russian cyberweapon (built on leaked NSA cyberweapons!) — Read the rest

At Defcon, Tencent's Wu HuiYu and Qian Wenxiang presented Breaking Smart Speakers: We are Listening to You, detailing their work in successfully exploiting an Amazon Alexa speaker, albeit in a very difficult-to-achieve fashion.

The Vingcard Vision locks are RFID-based hotel locks; at this week's Infiltrate conference in Miami, Tomi Tuominen and Timo Hirvonen from F-Secure will present a method for combining a $300 Proxmark RFID tool with any discarded key from a given hotel to derive the master keys that allow them to unlock every room in the hotel, a process that takes less than 60 seconds.

The U.S. Senate today confirmed President Donald Trump's selection to lead the National Security Agency and U.S. Cyber Command. Paul Nakasone will replace Mike Rogers, who is retiring. — Read the rest

It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier.

In An Empirical Analysis of Traceability in the Monero Blockchain, a group of eminent computer scientists analyze a longstanding privacy defect in the Monero cryptocurrency, and reveal a new, subtle flaw, both of which can be used to potentially reveal the details of transactions and identify their parties.

Computers that are isolated from the internet and local networks are said to be "airgapped," and it's considered a best practice for securing extremely sensitive systems.

A common misconception is that bitcoin transactions are anonymous. The truth is, unless you are very careful about covering your tracks, your bitcoin transactions can be connected to you. And the transaction records on bitcoin's public database (the blockchain) can never be changed or deleted, meaning they will forever be searchable by authorities or anyone else. — Read the rest