A proposal to stop 3D printers from making guns is a perfect parable of everything wrong with information security

Many people worry that 3D printers will usher in an epidemic of untraceable "ghost guns," particularly guns that might evade some notional future gun control regime that emerges out of the current movement to put sensible, minimal curbs on guns, particularly anti-personnel guns. Read the rest

Lobbyists release push-poll in an effort to tank Right to Repair bills and control independent security research

The Security Innovation Center is a lobbying group backed by CompTIA, CTIA, TechNet and the Consumer Technology Association for the express purpose of fighting laws that would legalize repairing your own property, or choosing to have it repaired by third parties. Read the rest

Online security is a disaster and the people who investigate it are being sued into silence

The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes -- and learning about them the hard way. Read the rest

Federal Appeals Court rules that violating a website's Terms of Service is not a crime

A Ninth Circuit Appellate Court has rejected Oracle's attempt to treat violating its website terms of service as a felony under the Computer Fraud and Abuse Act, Read the rest

You absolutely must secure your home router and you probably can't

Lucian Constantin's Motherboard guide to protecting your home router is full of excellent, nearly impossible-to-follow advice that you should follow, but probably won't. Read the rest

Mirai's creators plead guilty, reveal that they created a DDoS superweapon to get a competitive edge in the Minecraft server industry

Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business. Read the rest

Sony's new robot dog doubles down on DRM

It's been 15 years since Sony used the DMCA to shut down the community that had sprung up to extend the functionality of its Aibo robot dogs, threatening people with lawsuits and jailtime for modifying their dogs' operating systems. Read the rest

How to opt out of Equifax's rights-stripping arbitration clause

During the five weeks after hackers stole 143 million Americans' data from Equifax, and while its execs were selling off their stock by the millions, the company sprang into action, producing an insecure site for checking whether your own data was breached that produces the same output no matter what name and SSN you input. Read the rest

Tesla's demon-haunted cars in Irma's path get a temporary battery-life boost

Tesla sells both 60kWh and 75kWh versions of its Model S and Model X cars; but these cars have identical batteries -- the 60kWh version runs software that simply misreports the capacity of the battery to the charging apparatus and the car's owner. Read the rest

FTC settles with Lenovo over selling laptops deliberately infected with Superfish spyware

The Federal Trade Commission has announced a settlement with Lenovo over the 2015 revelation that the company pre-installed malware called "Superfish" on its low-end models, which allowed the company to spy on its customers, and also left those customers vulnerable to attacks from third parties, who could exploit Superfish's weakened security. Read the rest

How DRM and EULAs make us into "digital serfs"

Washington and Lee law professor Joshua Fairfield is the author of a recent book called Owned: Property, Privacy, and the New Digital Serfdom, which takes up the argument that DRM and license agreements mean that we have no real property rights anymore, just a kind of feudal tenancy in which distant aristocrats (corporations) dictate how we may and may not use the things we "buy," backed by the power of the state to fine or jail us if we fail to arrange our affairs to the company's shareholders. Read the rest

Security researchers repeatedly warned Kids Pass about bad security, only to be ignored and blocked

Kids Pass is a service that offers discounts on family activities in the UK; their website makes several common -- and serious -- security problems that could allow hackers to capture their users' passwords, which endangers those users' data on other services where they have (unwisely) recycled those same passwords. Read the rest

Security researchers: EFF's got your back at this summer's technical conferences

Are you a security researcher planning to present at Black Hat, Defcon, B-Sides or any of this summer's security events? Are you worried a big corporation or the government might attack you for revealing true facts about the defects in the security systems we entrust with our safety, privacy and health? Read the rest

Independent repair guy on the planned obsolescence of Apple products

Louis Rossmann is an independent service technician in New York City who has repaired Apple products for years. Read the rest

IoT vendor objects to "rude" review, renders complainer's device inoperable

R Martin bought a Garadget -- a device that lets you verify whether your garage door is closed using a mobile app -- and couldn't get it to work and left an intemperate 1-star Amazon review for the product. Read the rest

Testing products for data privacy and security

It’s an exciting and treacherous time to be a consumer. The benefits of new digital products and services are well documented, but the new risks they introduce are not. Basic security precautions are ignored to hasten time to market. Biased algorithms govern access to fair pricing. And four of the five most valuable companies in the world earn their revenue through products that mine vast quantities of consumer data, creating an unprecedented concentration of corporate power. A recent survey at Consumer Reports showed that 65% of Americans lack confidence their data is private or secure, with most consumers feeling powerless to do anything about it.

Healthcare facilities widely compromised by Medjack, malware that infects medical devices to steal your information

The healthcare industry is a well-known information security dumpster fire, from the entire hospitals hijacked by ransomware to the useless security on medical devices to the terrifying world of shitty state security for medical implants -- all made worse by the cack-handed security measures that hospital workers have to bypass to get on with saving our lives (and it's about to get worse, thanks to the Internet of Things). Read the rest

More posts