Securus is the widely abused location-tracking tool that exploits a loophole in privacy law to allow police to extract realtime and historical cellphone location data without a warrant or any accountability. Read the rest
A group of researchers have published a paper and associated website describing a clever attack on encrypted email that potentially allows an attacker to read encrypted emails sent in the past as well as current and future emails; EFF has recommended switching off PGP-based email encryption for now, to prevent attackers from tricking your email client into decrypting old emails and sending them to adversaries. Read the rest
As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget. Read the rest
In the wake of the Nova Scotia police fully exonerating the 19 year old who accidentally discovered an open directory full of compromising personal information belonging to Nova Scotians, you'd think that Nova Scotia premier Stephen McNeil would apologise for having called the act "stealing." Read the rest
Last month, an unnamed 19-year-old Nova Scotian grew frustrated with the lack of a search interface for the province's public repository of responses to public records requests; he wanted to research the province's dispute with its public school teachers and didn't fancy manually clicking on thousands of links to documents to find the relevant ones, so he wrote a single line of code that downloaded all the public documents to his computer, from which he could search them with ease. Read the rest
When Georgia's legislature passed SB 315, a horribly misguided cybersecurity bill that criminalized routine security research, thus allowing bad guys to get much worse, everyone pinned their hopes on Governor Nathan Deal vetoing it. Read the rest
Ever since the news of the Equifax breach broke last September, we've been waiting for the company to publish an authoritative tally of what, exactly, got breached. Read the rest
Last month, Argentinian security researcher Ezequiel Fernandez published CVE-2018-9995, a vulnerability he discovered in dozens of brands of DVR that are all based on the same white-label devices, TBK's DVR4104 and DVR4216.
The New Years revelation that decades' worth of Intel's processors had deep, scary defects called "Spectre" and "Meltdown" still has security experts reeling as they contemplate the scale of patching billions of devices that are vulnerable to attack. Read the rest
Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest
The Vingcard Vision locks are RFID-based hotel locks; at this week's Infiltrate conference in Miami, Tomi Tuominen and Timo Hirvonen from F-Secure will present a method for combining a $300 Proxmark RFID tool with any discarded key from a given hotel to derive the master keys that allow them to unlock every room in the hotel, a process that takes less than 60 seconds. Read the rest
Linus F. Phillip was 30 years old when Largo, Florida cops shot him when he drove his car away from a gas-station where he had been stopped by police. Read the rest
For three years, International Standards Organization has been wrangling over which cryptographic algorithms will be incorporated into a standard for interoperability in "Internet of Things" gadgets; at issue has been the NSA's insistence that "Simon" and "Speck" would be the standard block cipher algorithms in these devices. Read the rest
IoT Inspector is a new tool from Princeton's computer science department; it snoops on the traffic from home IoT devices and performs analysis to determine who they phone home to, whether they use encryption, and what kinds of data they may be leaking. Read the rest
A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions. Read the rest
Ben Gurion university's Mordechai Guri is a master exfiltrator, a computer scientist who's devised a bewildering array of innovative techniques for getting data off of "airgapped" computers that have been fully disconnected from any kind of network. Read the rest
