According to an explosive report in Bloomberg, US spies and large corporate IT departments have had an open secret for years: the servers supplied by US hardware giant Supermicro for Elemental, Inc were sometimes infected with tiny hardware backdoors by Chinese spies during their manufacture; these superminiature chips were wired into the systems' baseboard management system and were able to accept covert software patches that would allow Chinese spies to utterly compromise both the servers and the networks they were connected to. Read the rest

Yesterday, at least 90,000,000 Facebook users were forced to log back into the service without any explanation; later, the company revealed that at least 50,000,000 of them had been hacked, but wouldn't say how. Read the rest

Facebook says an attack on its network left the personal information of some 50 million users—perhaps you?—exposed to hackers. Who were the hackers, and what did they want? Facebook doesn't know, or won't say. But the company has confirmed that execs Mark Zuckerberg and Sheryl Sanders were among the users affected.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg said about Facebook's Cambridge Analytica scandal earlier this year.

Well. You heard the man. Read the rest

Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security. Read the rest

In All You Need is “Love”: Evading Hate Speech Detection, a Finnish-Italian computer science research team describe their research on evading hate-speech detection algorithms; their work will be presented next month in Toronto at the ACM Workshop on Artificial Intelligence and Security. Read the rest

Executives from Google, Twitter, AT&T, Amazon, Apple, and other big tech companies told a U.S. Senate panel today they support updating federal law to protect data privacy, but they want Congress to block California's tough new privacy rules. Read the rest

Firefox Monitor is a new service from Mozilla that draws on data from Have I Been Pwned? (previously) to keep you informed when your data is breached and shows up online. The service also includes important advice, including "Treat security questions like extra passwords" by creating "long, random answers." It's good advice: certainly, it's easier to put into practice than convincing your mother to travel back in time and change her "maiden name." Read the rest

Nuuo is a leading vendor of "trusted video management" tools used in conjunction with CCTVs deployed in sensitive applications like surveillance of "transport, banking, government, and residential areas." Read the rest

“Hiding behind fake profiles, a group linked to Pyongyang solicited technology work to send hard currency back home.” Read the rest

In Deposition of respiratory virus pathogens on frequently touched surfaces at airports, published in BMC Infectious Diseases, a University of Nottingham team reveal that the airport security trays they swabbed in the Helsinki airport contained more infectious agents than the airport's toilets. Read the rest

Shelan Faith has an internet-enabled home "security" system from Vivint Home Security; it includes cameras that spy on the interior and exterior of her home, as well as sensors that report on things like when her doors and garage are open or closed. Read the rest

A team from the University of Florida won a 2018 Usenix Security Distinguished Paper Award for Fear the Reaper: Characterization and Fast Detection of Card Skimmers, which presents their work on the "Skim Reaper," a fast, easy-to-use, reliable credit-card skimmer-detector. Read the rest

I've been fighting with voting machine vendors since Bush v Gore, when companies like Diebold brazenly sought to subvert the Supreme Court's order to standardize a secure design for US voting machines, going so far as to send out thousands of fraudulent copyright notices in a failed attempt to silence whistleblowers who'd reported defects in their systems. Read the rest

Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.

A new facial recognition technology screening system will soon be used on some travelers who pass through Los Angeles International Airport (LAX). Read the rest

I enjoy flying with Air Canada. I did not, however, enjoy the email I received from them this morning warning me they'd been hacked. Read the rest

Former Air Force language specialist and intelligence contractor Reality Winner has been sentenced to 63 months in prison. Read the rest