Mobile ad technique allows stalkers to follow you around a city for less than $1000

This month, University of Washington researchers will present Exploring ADINT: Using Ad Targeting for Surveillance on a
Budget — or — How Alice Can Buy Ads to Track Bob
at the Workshop on Privacy in the Electronic Society in Dallas; the paper details a novel way that stalkers and other low-level criminals can accomplish state-grade surveillance on the cheap with targeted ad-purchases.

Your early darknet drug buys are preserved forever in the blockchain, waiting to be connected to your real identity

Blockchain transactions are recorded forever and indelibly, and that means that all the Bitcoin transactions on early Tor hidden service marketplaces like Silk Road are on permanent, public display; because many people who made these transactions later went on to link those Bitcoin wallets with their real identities, those early deals are now permanently associated with their public, identifiable selves.

Researchers can take over domestic and industrial robots to spy and maim

This week at Singapore's Hack in the Box conference, researchers Lucas Apa and Cesar Cerrudo from the Argentinian security research company IOActive will present their findings on the defects in humanoid domestic robots from UBTech and Softbank and industrial robot arms from Universal Robots; they're building on research published in March in which they released incomplete findings in order to give vendors a chance to patch the vulnerabilities they discovered.

Hackers can freeze the camera that lets you know whether your "Amazon Key" equipped door is locked and who is using it

Security researchers from Rhino Security Labs have shown that it is trivial to disable the Amazon Cloud Cam that is a crucial component of the Amazon Key product — a connected home door-lock that allows delivery personnel to open your locked front door and leave your purchases inside — and have demonstrated attacks that would allow thieves to exploit this weakness to rob your home.

How the "tech support" scam works

Security researchers at Stony Brook deliberately visited websites that try to trick visitors into thinking that their computers are broken, urging them to call a toll-free "tech support" number run by con artists that infect the victim's computer with malware, lie to them about their computer's security, and con them out of an average of $291 for "cleanup services."

An IoT botnet is trying to nuke Wcry's killswitch

Whoever created the Wcry ransomware worm — which uses a leaked NSA cyberweapon to spread like wildfire — included a killswitch: newly infected systems check to see if a non-existent domain is active, and if it is, they fall dormant, ceasing their relentless propagation.

Anarchist bitcoin hacker flies to Syria to join a 4-million person anarchist collective the size of Massachusetts

Amir Taaki is a well-known anarchist bitcoin hacker whose project, Dark Wallet, is meant to create strong anonymity for cryptocurrency transactions; when he discovered that anarchists around the world had gone to Rojava, a district in Kurdish Syria on the Turkish border, to found an anarchist collective with 4,000,000 members "based on principles of local direct democracy, collectivist anarchy, and equality for women," he left his home in the UK to defend it.

How to legally cross a US (or other) border without surrendering your data and passwords

The combination of 2014's Supreme Court decision not to hear Cotterman (where the 9th Circuit held that the data on your devices was subject to suspicionless border-searches, and suggested that you simply not bring any data you don't want stored and shared by US government agencies with you when you cross the border) and Trump's announcement that people entering the USA will be required to give border officers their social media passwords means that a wealth of sensitive data on our devices and in the cloud is now liable to search and retention when we cross into the USA.

Airport lounges will let anyone in, provided you can fake a QR code

When computer security expert and hardcore traveller Przemek Jaroszewski found that he couldn't enter an airline lounge in Warsaw because the automated reader mistakenly rejected his boarding card, he wrote a 600-line Javascript program that generated a QR code for "Batholemew Simpson," a business-class traveller on a flight departing that day.