Report: Chinese spies snuck tiny backdoor chips onto US corporate, government and military servers

According to an explosive report in Bloomberg, US spies and large corporate IT departments have had an open secret for years: the servers supplied by US hardware giant Supermicro for Elemental, Inc were sometimes infected with tiny hardware backdoors by Chinese spies during their manufacture; these superminiature chips were wired into the systems' baseboard management system and were able to accept covert software patches that would allow Chinese spies to utterly compromise both the servers and the networks they were connected to. Read the rest

A detailed anatomy of the hack that compromised Facebook's 50 million user breach

Yesterday, at least 90,000,000 Facebook users were forced to log back into the service without any explanation; later, the company revealed that at least 50,000,000 of them had been hacked, but wouldn't say how. Read the rest

Facebook: 50 million users’ personal information exposed in mega breach

Facebook says an attack on its network left the personal information of some 50 million users—perhaps you?—exposed to hackers. Who were the hackers, and what did they want? Facebook doesn't know, or won't say. But the company has confirmed that execs Mark Zuckerberg and Sheryl Sanders were among the users affected.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg said about Facebook's Cambridge Analytica scandal earlier this year.

Well. You heard the man. Read the rest

Defcon Voting Village report shows that hacking voting machines takes less time than voting

Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security. Read the rest

Hate-speech detection algorithms are trivial to fool

In All You Need is “Love”: Evading Hate Speech Detection, a Finnish-Italian computer science research team describe their research on evading hate-speech detection algorithms; their work will be presented next month in Toronto at the ACM Workshop on Artificial Intelligence and Security. Read the rest

Google, Amazon, Twitter, other Big Tech to Congress: New California data privacy rules too tough

Executives from Google, Twitter, AT&T, Amazon, Apple, and other big tech companies told a U.S. Senate panel today they support updating federal law to protect data privacy, but they want Congress to block California's tough new privacy rules. Read the rest

Firefox Monitor: get alerts if your data shows up in a breach

Firefox Monitor is a new service from Mozilla that draws on data from Have I Been Pwned? (previously) to keep you informed when your data is breached and shows up online. The service also includes important advice, including "Treat security questions like extra passwords" by creating "long, random answers." It's good advice: certainly, it's easier to put into practice than convincing your mother to travel back in time and change her "maiden name." Read the rest

Security researchers can access and modify security footage from Nuuo surveillance systems

Nuuo is a leading vendor of "trusted video management" tools used in conjunction with CCTVs deployed in sensitive applications like surveillance of "transport, banking, government, and residential areas." Read the rest

North Korea: Operatives exploited Facebook, LinkedIn, other social media sites to get money and dodge sanctions

“Hiding behind fake profiles, a group linked to Pyongyang solicited technology work to send hard currency back home.” Read the rest

Airport "security" trays are filthy reservoirs of infectious agents

In Deposition of respiratory virus pathogens on frequently touched surfaces at airports, published in BMC Infectious Diseases, a University of Nottingham team reveal that the airport security trays they swabbed in the Helsinki airport contained more infectious agents than the airport's toilets. Read the rest

Internet of Things security camera sends customers' video feed to someone else

Shelan Faith has an internet-enabled home "security" system from Vivint Home Security; it includes cameras that spy on the interior and exterior of her home, as well as sensors that report on things like when her doors and garage are open or closed. Read the rest

A reliable credit-card skimmer detector: a card that detects multiple read heads

A team from the University of Florida won a 2018 Usenix Security Distinguished Paper Award for Fear the Reaper: Characterization and Fast Detection of Card Skimmers, which presents their work on the "Skim Reaper," a fast, easy-to-use, reliable credit-card skimmer-detector. Read the rest

US voting machine vendors and officials insist that it's OK to build wireless networking into election systems

I've been fighting with voting machine vendors since Bush v Gore, when companies like Diebold brazenly sought to subvert the Supreme Court's order to standardize a secure design for US voting machines, going so far as to send out thousands of fraudulent copyright notices in a failed attempt to silence whistleblowers who'd reported defects in their systems. Read the rest

Schneier's "Click Here To Kill Everybody pervasive connected devices mean we REALLY can't afford shitty internet policy

Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.

TSA + CBP test new facial recognition tech & computed tomography scanners at LAX

A new facial recognition technology screening system will soon be used on some travelers who pass through Los Angeles International Airport (LAX). Read the rest

Air Canada hacked, user info stolen. If you're a user, change your password.

I enjoy flying with Air Canada. I did not, however, enjoy the email I received from them this morning warning me they'd been hacked. Read the rest

Former NSA contractor Reality Winner sentenced to 5+ years in prison for leaking secret report on Russian election hacking to The Intercept

Former Air Force language specialist and intelligence contractor Reality Winner has been sentenced to 63 months in prison. Read the rest

More posts