In less than one second, a malicious web-page can uniquely fingerprint an Iphone, Pixel 2 or Pixel 3 without any explicit user interaction

In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one from private industry) identify a de-anonymizing attack on Iphones that exploits minute differences in sensor calibration: an Iphone user who visits a webpage running the attack code can have their phone uniquely identified in less than a second, through queries to the sensors made through automated background processes running on the page. Read the rest

The world's preeminent cryptographers can't get visas to speak at US conferences

Ross Anderson (previously) is one of the world's top cryptographers; the British academic and practitioner was honored by having his classic, Security Engineering, inducted into The Cybersecurity Canon; however, he was not able to attend the awards gala himself because the US government sat on his visa application for months, and ultimately did not grant it in time. Read the rest will send debullshitifying security researchers to Right to Repair hearings to fight industry FUD

Dozens of Right to Repair bills were introduced across the USA last year, only to be defeated by hardcore lobbying led by Apple and backed by a rogue's gallery of giant manufacturers of every description; one of the most effective anti-repair tactics is to spread FUD about the supposed security risks of independent repairs. Read the rest

A 40cm-square patch that renders you invisible to person-detecting AIs

Researchers from KU Leuven have published a paper showing how they can create a 40cm x 40cm "patch" that fools a convoluted neural network classifier that is otherwise a good tool for identifying humans into thinking that a person is not a person -- something that could be used to defeat AI-based security camera systems. They theorize that the could just print the patch on a t-shirt and get the same result. Read the rest

Front-line programmers default to insecure practices unless they are instructed to do otherwise

It's always sort of baffling when security breaches reveal that a company has stored millions of users' passwords in unencrypted form, or put their data on an insecure cloud drive, or transmitted it between the users' devices and the company's servers without encryption, or left an API wide open, or some other elementary error: how does anyone in this day and age deploy something so insecure? Read the rest

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption. Read the rest

Letterlocking: the long-lost art of using paper-folding to foil snoops

"Letterlocking" is a term coined by MIT Libraries conservator Jana Dambrogio after she discovered a trove of letters while spelunking in the conservation lab of the Vatican Secret Archives; the letters had been ingeniously folded and sealed so that they couldn't be opened and re-closed without revealing that they had been read. Some even contained "booby traps" to catch the unwary. Read the rest

Using information security to explain why disinformation makes autocracies stronger and democracies weaker

The same disinformation campaigns that epitomize the divisions in US society -- beliefs in voter fraud, vaccine conspiracies, and racist conspiracies about migrants, George Soros and Black Lives Matter, to name a few -- are a source of strength for autocracies like Russia, where the lack of a consensus on which groups and views are real and which are manufactured by the state strengthens the hand of Putin and his clutch of oligarchs. Read the rest

"The End of Trust" - EFF/McSweeney's collaboration on privacy and surveillance - is in stores and free to download now!

The End of Trust (previously) is a special issue of McSweeney's, produced in collaboration with the Electronic Frontier Foundation, on the themes of technology, privacy and surveillance: it's in stores today, and free to download under a Creative Commons license. Read the rest

If you're an American of European descent, your stupid cousins have probably put you in vast commercial genomic databases

Remember when they caught the Golden State Killer by comparing DNA crime-scene evidence to big commercial genomic databases (like those maintained by, 23 and Me, etc) to find his family members and then track him down? Read the rest

EFF and McSweeney's collaborated on a publication: "The End of Trust"

The End of Trust will be McSweeney's issue 54, the first-ever all-nonfiction issue of McSweeney's, with more than 30 contributions on "surveillance in the digital age." Read the rest

Schneier's "Click Here To Kill Everybody pervasive connected devices mean we REALLY can't afford shitty internet policy

Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.

70+ internet pioneers to the EU: you are transforming the internet into a "tool for automated surveillance and control" SHARE THIS!

In one week, an EU committee will vote on a pair of extreme copyright proposals that will ban linking to news articles without permission, and force internet platforms to spy on all the pictures, text, video, audio and code their users post, sending it to AIs designed to catch copyright infringement and automatically censor anything that might violate copyright. Read the rest

Even if governments backdoor crypto, they still won't be able to spy on terrorists

In a paper published by the International Association for Cryptologic Research, a group of Harvard and MIT cryptographers demonstrate that even if the government were to backdoor encryption and lock up anyone who used non-backdoored systems, people could still hide undetectable, secure, private messages within the messages sent over the compromised systems. Read the rest

Online copyright infringement is up, and water is still wet

During the Napster wars, Bruce Schneier famously quipped, "Making bits harder to copy is like making water less wet." Read the rest

Playing low frequency noise to disrupt hard-drives: denial of service for CCTVs, data-centers, and other computing environments

A group of Princeton and Purdue researchers have demonstrated a successful acoustic attack against mechanical hard-drives where low-frequency noise keyed to the resonant frequency of the drive components is played nearby, causing the drive to vibrate so that the drive can neither be read nor written to. Read the rest

For 40 years, American Conservatives have filed down the definition of "corruption," turning the Framers' spear into a blunt stub

Zephyr Teachout's (previously) 2014 book Corruption in America is an incredibly important, timely book about the way that American policy and politics have been distorted by money, something that's gotten steadily worse as it is supercharged by (and supercharges) wealth inequality. Read the rest

Next page