Runa Sandvik (previously) is a legendary security researcher who spent many years as a lead on the Tor Project; in 2016, the New York Times hired her as "senior director of information security" where she was charged with protecting the information security of the Times's newsroom, sources and reporters. Yesterday, the Times fired her, eliminating her role altogether, because "there is no need for a dedicated focus on newsroom and journalistic security." Read the rest

Tsunami Democràtic is a radical, decentralized wing of the resurgent Catalan independence movement, centered around an anonymously authored app designed to coordinate revolutionary uprisings. Read the rest

One important detail from this week's admission from Doordash that they'd suffered (and remained silent about) a breach of 4.9 million records: Doordash, by its nature, includes the home addresses of people who otherwise avoid disclosing where they live. Read the rest

I will never forget the moment on June 9, 2013, when I watched a video of a skinny, serious, unshaven man named Edward Snowden introduce himself to the world as the source of a series of blockbuster revelations about US spy agencies' illegal surveillance of the global internet. Please, I thought, be safe. And Please, don't turn out to be an asshole. Read the rest

Adversarial Fashions have a line of clothes (jackets, tees, hoodies, dresses, skirts, etc) designed to confound automated license-plate readers; one line is tiled with fake license plates that spell out the Fourth Amendment (!); the designers presented at Defcon this year. (via JWZ) Read the rest

The millions of Hong Kong people participating in the #612strike uprising are justifiably worried about state retaliation, given the violent crackdowns on earlier uprisings like the Umbrella Revolution and Occupy Central; they're also justifiably worried that they will be punished after the fact. Read the rest

Google has published the results of a study of the efficacy of standard anti-account-hijacking techniques like two-factor authentication (2FA), secret questions, and passwords: the good news is that when these are used, they are incredibly effective at stopping both automated and targeted attacks, including "advanced" attacks of the sort that are often characterized as unstoppable. Read the rest

After collaring a woman who got past security at Mar-a-Lago (described by Chris Hayes as President Donald Trump's "bribery palace") the Secret Service found a USB drive in her possession. So they stuck it in a computer to see what was on it.

From the Miami Herald:

Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a “very out-of-the-ordinary” event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said. The analysis is ongoing but still inconclusive, he testified.

Experts say don't do that.

Jake Williams, founder of Rendition Infosec and former NSA hacker, criticized the agent’s actions “threatened his own computing system and possibly the rest of the Secret Service network." ...

Williams said the best way to forensically examine a suspect USB drive is by plugging the device into an isolated Linux-based computer that doesn’t automatically mount the drive to the operating system.

“We would then create a forensic image of the USB and extract any malware for analysis in the lab,” he said. “While there is still a very small risk that the malware targets Linux, that’s not the normal case.”

A few years ago, a friend of mine, Nico Sell (who runs the Defcon kids' programming track r00tz) asked me to join the advisory board for her startup, Wickr, which does "ephemeral messaging," a subject that is greatly in the news with Facebook's recent announcement of a new kind of "ephemeral messaging" option. Read the rest

As EFF's Eva Galperin notes, Nicole Kobie's story about resisting surveillance by taping over your webcam "proves that once more, the best and most straightforward tech reporting is being done by Teen Vogue." Read the rest

When top German officials had their emails and social media hacked and dumped, people wondered whether the attack was some kind of well-financed act of political extremism, given that the targets were so high-profile (even Chancellor Angela Merkel wasn't spared) and that politicians from the neofascist Alternative for Germany were passed over by the hacker. Read the rest

Haisam Elsharkawi is a US citizen of Egyptian descent who was travelling to Mecca in 2017 when he was pulled out the boarding line for his flight from LAX by CBP agents who demanded that he unlock his phones; when he refused and asked for a lawyer, he was handcuffed and taken to an interrogation room where he was questioned and bullied until he unlocked his phones; the CBP officers spent 15 minutes paging through his emails, making snarky remarks about his Amazon purchase history and how many unread emails he had, and then let him go. Read the rest

Facebook's walled garden/roach motel strategy made it progressively harder and harder for charities to reach supporters on the web, driving them within Facebook's confines, where they devoted thousands of hours to making their Facebook presence attractive and pleasing to Facebook's algorithm. Read the rest

In Towards Construction Based Data Hiding: From Secrets to Fingerprint Images , published in IEEE Transactions on Image Processing (Sci-Hub Mirror), two Fudan University computer scientists propose a fascinating method for hiding encrypted messages in fake fingerprints that are both visually and computationally difficult to distinguish from real ones, which could theoretically allow the use of fingerprint databases to convey secret messages. Read the rest

It's getting more difficult with every passing day to keep from being spied upon by nefarious tools interested in getting their hands on your personal information, creeping on what you're browsing with on your laptop or phone and, if you've not bothered to cover up that webcam, keep tabs on your life as they stream images of your day-to-day doings across the Internet. Thanks to a group of computer-savvy scientists, it looks like there may soon be one more monitoring method that we'll have to watch out for.

From Ars Technica:

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

Synesthesia, at its core, is pretty much just Van Eck phreaking with a twist. Where Van Eck phreaking typically uses radio signals leaking from display hardware to snoop on what a computer user's perusing, Synesthesia listens for aural emissions from the bits and pieces that are required to power a display. Depending on what you're looking at on your computer's screen, the power being sent out to drive each pixel ramps up or down. This changes the pitch of power running through the display's guts. By capturing this audio for review, using the microphone built into the device or a nearby device like an Amazon Echo or other digital assistant-enabled device (never let one in your house,) it's very possible that a hacker could sort out what you were looking at with a bit of skill and a whole lot of machine learning. Read the rest

Techdirt is in the throes of a two-part revelation: 1. the US government's works are public domain and can be freely commercialized, and; 2. many of the weird things that spy agencies make can be turned into ironic, cool, and sometimes fun and/or beautiful objects of commerce. Read the rest

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest