Ben Cartwright-Cox observed that he could modulate the bass frequencies in electronic dance music/dubstep in a way that was easy to detect with a signal processor and inaudible to his unaided ears, so he wrote some code to hide messages in the wubwubwub. Read the rest
It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest
Marketing companies frequently "anonymize" their dossiers on internet users using hashes of their email addresses -- rather than the email addresses themselves -- as identifiers in databases that are stored indefinitely, traded, sold, and leaked. Read the rest
In a paper published by the International Association for Cryptologic Research, a group of Harvard and MIT cryptographers demonstrate that even if the government were to backdoor encryption and lock up anyone who used non-backdoored systems, people could still hide undetectable, secure, private messages within the messages sent over the compromised systems. Read the rest
Cloudflare, a company with a history of resisting surveillance and censorship orders (albeit imperfectly and sometimes with undesirable consequences) has announced a new DNS service, hosted at the easy-to-remember address of 1.1.1.1, which accepts connections under the still-novel DNS-over-HTTPS protocol, and which has privacy designed in, with all logs written only to RAM (never to disk) and flushed every 24 hours. Read the rest
The Electronic Frontier Foundation is running an excellent series on the potential and pitfalls of secure messaging app -- this is very timely given the ramping up of state surveillance and identity theft, not to mention anyone looking to #DeleteFacebook and transition away from Facebook Messenger. Read the rest
Since 2016, when an FBI agent first used a dead suspect's finger to unlock his phone, police forces across the USA have made a routine practice of unlocking phones using suspects and victims' dead fingers, saving big on buying cyberwar tools like Cellebrite's $1500-$3000 unlocker, or Grayshift's $30k/year Graykey. Read the rest
In An Empirical Analysis of Traceability in the Monero Blockchain, a group of eminent computer scientists analyze a longstanding privacy defect in the Monero cryptocurrency, and reveal a new, subtle flaw, both of which can be used to potentially reveal the details of transactions and identify their parties. Read the rest
Saleem Rashid is a 15 year old self-taught British programmer who discovered a fatal defect in the Ledger Nano S, an offline cryptocurrency wallet that is marketed as being "tamper-proof." Read the rest
The epidemic of cryptojacking malware isn't merely an outgrowth of the incentive created by the cryptocurrency bubble -- that's just the motive, and the all-important the means and opportunity were provided by the same leaked NSA superweapon that powered last year's Wannacry ransomware epidemic. Read the rest
"Idea-instructions" bills itself as "An ongoing series of nonverbal algorithm assembly instructions", with a half-dozen illustrations of popular computer science concepts covered to date; the latest covers Public-Key Crypto, one of the most important and elusive concepts from modern crypto. Read the rest
The U.S. Securities and Exchange Commission today pledged to aggressively scrutinize publicly-traded companies that suddenly change their name or their business model to try to profit from the nutty hype surrounding cryptocurrency. SEC Chairman Jay Clayton threw this wet towel on the blockchain bubble Monday.
In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos. Read the rest
Working cryptography's pretty amazing: because of its fundamental theoretical soundness, we can trust it to secure the firmware updates to our pacemakers; the conversations we have with our loved ones, lawyers and business colleagues; the financial transactions the world depends on; and the integrity of all sorts of data, communications and transactions. Read the rest
Wall Street consultants Quinlan & Associates have published "Fool's Gold: Unearthing The World of Cryptocurrency," a $5000, 156-page report that predicts that Bitcoin will drop to $1800 by next December, and down to $810 by 2020 (it is currently trading in the $14,000 range). Read the rest
The latest launch from Japanese entertainment corporation Cinderella Academy is Kasotsuka Shojo "Virtual Currency Girls," who are billed as the first cryptopop band. Read the rest
