Security researchers at Stony Brook deliberately visited websites that try to trick visitors into thinking that their computers are broken, urging them to call a toll-free "tech support" number run by con artists that infect the victim's computer with malware, lie to them about their computer's security, and con them out of an average of $291 for "cleanup services."
The combination of 2014's Supreme Court decision not to hear Cotterman (where the 9th Circuit held that the data on your devices was subject to suspicionless border-searches, and suggested that you simply not bring any data you don't want stored and shared by US government agencies with you when you cross the border) and Trump's announcement that people entering the USA will be required to give border officers their social media passwords means that a wealth of sensitive data on our devices and in the cloud is now liable to search and retention when we cross into the USA.
Documentarians and news-gatherers who record sensitive material from confidential sources live in terror of having their cameras seized and their storage-cards plundered by law-enforcement; they struggle to remember to immediately transfer their files to encrypted laptop storage and wipe their cards while dodging bombs in conflict zones, or simply to remember to have robotically perfect operational security while they are trying to get a movie made.
Realtek's audio chips — found in Macs and many PCs — can repurpose your laptop's headphone jack to serve as a mic jack, and capture audio through your headphones.
Prolific and dramatic security researcher Samy Kamkar (previously) has unveiled a terrifying device that reveals the devastating vulnerabilities of computers, even when in sleep mode.
An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end — at some unspecified date — by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites.
Technologists have a dismal pattern: when it comes to engineering challenges ("build a global-scale comms platform") they rub their hands together with excitement; when it comes to the social challenges implied by the engineering ones ("do something about trolls") they throw their hands up and declare the problem to be too hard to solve.
The more we learn about the Shadow Brokers, who claim to be auctioning off "cyberweapons" that crafted for the NSA's use, the scarier the breach gets: some of the world's biggest security companies are tacitly admitting that the exploits in the Shadow Brokers' initial release can successfully penetrate their products, and they have no fix at hand.
In Lock It and Still Lose It—On the (In)Security
of Automotive Remote Keyless Entry Systems, a paper given at the current Usenix Security conference in Austin, researchers with a proven track record of uncovering serious defects in automotive keyless entry and ignition systems revealed a technique for unlocking over 100,000 million Volkswagen cars, using $40 worth of hardware; they also revealed a technique for hijacking the locking systems of millions of other vehicles from other manufacturers.
When computer security expert and hardcore traveller Przemek Jaroszewski found that he couldn't enter an airline lounge in Warsaw because the automated reader mistakenly rejected his boarding card, he wrote a 600-line Javascript program that generated a QR code for "Batholemew Simpson," a business-class traveller on a flight departing that day.
In a two-month-long class assignment, researchers from the University of Michigan found vulnerabilities in J1939, the standard for networking in big rigs and other large industrial vehicles, that allowed them to control the acceleration, braking, and instrument panels of their target vehicles.
Andy Greenberg's colorful and nuanced profile of Moxie Marlinspike offers some insight into the young, talented cryptographer whose tool, Signal, is now part of both Whatsapp and (shortly) Allo — an anarchist who walked away from $1M in Twitter payouts after a near-death experience and decided, instead, to build free and open tools to give the entire world the power to keep secrets from the police.
Exiled NSA whistleblower Edward Snowden and legendary hardware hacker Andrew bunnie" Huang have published a paper detailing their new "introspection engine" for the Iphone, an external hardware case that clips over the phone and probes its internal components with a miniature oscilloscope that reads all the radio traffic in and out of the device to see whether malicious software is secretly keeping the radio on after you put it in airplane mode.
Update: This dump turned out to primarily consist of public mailing list traffic; Wikileaks promotions of the dump included links to spreadsheets containing thousands of Turkish women's sensitive personal information, and the organization has largely ducked responsibility for its mistakes, attacking those who point out its mistakes. — Read the rest
Earlier this week Crowdstrike, a security company hired by the Democratic National Committee, announced that the party's servers had been deeply penetrated by hackers working for the Russian government, who had made off with many sensitive files, including the DNC's Trump oppo research spreadsheet.
The password breaches are getting stronger and worser, and hardly a week goes by without a dump that's a couple zeroes bigger than the biggest to date — but not all password breaches are created equal, and a lot depends on whether and how the passwords were hashed.
Appelbaum, whose work has put him in the crosshairs of his own government and foreign states, resigned from the Tor project on Friday, accompanied by a short note from Tor executive director Shari Steele.
Let's Encrypt (previously) a joint EFF-Mozilla-Linux Foundation project that lets anyone easily create an SSL certificate for free in minutes and install and configure it so that visitors to their Websites will be shielded from surveillance, came out of beta this week, and it's already making a huge difference.
Trevor Paglen and Jacob Appelbaum collaborate to create beautiful, acrylic-encased computers that are also Tor nodes, anonymizing data that passes through them, and install the in art galleries all over the world, so that patrons can communicate and browse anonymously, while learning about anonymity and Tor.