Trump's tiny sausage fingers too small to mask his "how to human" crib-sheet for mass shooting presser

On Wednesday, President Trump met with mass-shooting survivors to dismiss their pleas for basic gun safety laws that might negatively impact gun manufacturers' profits by instead proposing stupid shit like filling schools with armed veterans and giving guns to teachers. Read the rest

Australian government's worst-ever state-secrets leak: accidentally selling filing cabinets full of classified docs in a surplus store

Australian national broadcaster ABC has gotten hold of a massive trove of state secrets that were inadvertently sold off in a pair of cheap, locked filing cabinets purchased from a Canberra junk-shop that specialises in government surplus furniture. Read the rest

The in-depth tale of Bylock, the Turkish messenger app whose 1x1 tracking GIF was the basis for tens of thousands of treason accusations

A group of exiled Turkish human rights lawyers have published an in-depth history of how Recep Tayyip Erdogan's Turkish government has described Bylock, an encrypted messenging app, whose 1x1 analytics pixel was used as the basis for accusing tens -- if not hundreds -- of thousands of Turks of treason, with consequences ranging from loss of employment and ostracization to imprisonment, to torture, to suicide. Read the rest

Fitness app releases data-set that reveals the location of sensitive military bases, patrol routes, aircrew flightpaths, and individual soldiers' jogging routes

Strava is a popular fitness route-tracker focused on sharing the maps of your workouts with others; last November, the company released an "anonymized" data-set of over 3 trillion GPS points, and over the weekend, Institute for United Conflict Analysts co-founder Nathan Ruser started a Twitter thread pointing out the sensitive locations and details revealed by the release. Read the rest

NHS okays hospitals and doctors storing patient data on public cloud servers

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

Using structured encryption to search protected photos in the cloud

In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos. Read the rest

The FBI and the New York Times warn that smart toys are emissaries from the Internet of Shit

One by one, the New York Times warns of the dangers of every hot smart toy your kids are begging for this Xmas: Furbies, Cayla, kids' smart watches, the ubiquitous Vtech toys (they omit the catastrophic Cloudpets, presumably because that company is out of business now). Read the rest

Snowden helped design an app that turns your old phone into a surveillance device to help solve the "evil maid" problem

In cryptographic and security circles, the "evil maid" problem describes a class of attacks in which a piece of unguarded hardware, is tampered with by someone who gains physical access to it: for example, a hotel chambermaid who can access your laptop while you're out of the room. Read the rest

Security Planner: a peer-reviewed tool to help you figure out your personal digital security plan

The University of Toronto's Citizen Lab (previously) is one of the most effective, most trustworthy expert groups when it comes to investigating the abuse of computers to effect surveillance and sabotage, so the launch of Security Planner, the Lab's peer-reviewed tool that guides you through the creation of a personal security plan, is a game-changing event. Read the rest

Wired releases a surveillance self-defense guide

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

EFF's Security Education Companion: essential materials for people helping their communities practice good information security

EFF has just launched its new Announcing the Security Education Companion, a beautifully organized, clearly written set of materials to help "people who would like to help their communities learn about digital security but are new to the art of security training." Read the rest

Motherboard's excellent, accessible guide to internet security

The Motherboard Guide To Not Getting Hacked is an excellent adjunct to existing guides (I like EFF's Surveillance Self-Defense and The Cryptoparty Handbook) to defending yourself against criminals, stalkers, cops, and other potential intruders into your digital life. Read the rest

Teardown of a consumer voice/location cellular spying device that fits in the tip of a USB cable

Mich from ha.cking bought a $25 "S8 data line locator" device -- a cellular spying tool, disguised as a USB cable and marketed to the general public -- and did a teardown of the gadget, offering a glimpse into the world of "trickle down surveillance" where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25. Read the rest

Simple steps your small organization can take to defend itself against cyberattacks

Respected security researcher Dan Wallach from Rice University has published a short (18 page) guide to securing small organizations against three kinds of cyberattack: Untargeted, ​remote ​(spammers, ​phishers, ​ransomware ​griefers, ​etc.); Targeted, ​remote ​(spear ​phishers); and Targeted, ​in ​person ​(immigration ​agents, ​police, ​criminal ​trespass). Read the rest

In an engineering paper, bunnie Huang and Ed Snowden describe a malware-resistant hardware Iphone privacy overlay

In July 2016, Andrew "bunnie" Huang and Edward Snowden presented their research on journalist-friendly mobile surveillance resistance at the first MIT Media Lab Forbidden Research conference; a little over a year later, they have published an extensive scholarly paper laying out the problems of detecting and interdicting malware in a mobile device, and presenting a gorgeously engineered hardware overlay that can be installed in an Iphone to physically monitor the networking components and report on their activity via a screen on a slim external case. Read the rest

Securing the IoT: a tele-dildo controlled through the Tor network

Security researcher Sarah Jamie Lewis wanted to demonstrate that the horrific stories of insecure networked sex-toys (and other Internet of Things devices) was the result of manufacturers' negligence, not the intrinsic limitations of information security. Read the rest

What not to do when you're anonymous, if you want to stay that way

If you're using an anonymity tool -- Tor or something like it -- to be anonymous on the internet, it's really easy to screw it up and do something that would allow an adversary of varying degrees of power (up to and including powerful governments) to unmask you. Read the rest

More posts