The FDA is finally doing something about the medical device security dumpster-fire

Medical device security very, very, very, very, very, very, very bad. Read the rest

Russia blocks Google & Amazon IP addresses, saying they're used by Telegram app Putin just banned

Russia's communications regulator says it has blocked IP addresses owned by Google and Amazon because Moscow claims the internet addresses are used by the Telegram messaging service that was banned by Putin's regime this week.

Read the rest

People with implanted neurostimulators are vulnerable to wireless attacks

A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions. Read the rest

FBI, DHS, and UK cyber agency warn of Russia internet attack that targets routers

The United States and Britain today accused Russia of launching a new wave of internet-based attacks targeting routers, firewalls and other computer networking equipment used by government agencies, businesses and critical infrastructure operators around the globe.

Read the rest

Facebook CEO Mark Zuckerberg's security costs $7.3 million a year

It's expensive to be one of the most well-recognized billionaires on the planet. Facebook's regulatory filing for the Securities and Exchange Commission revealed that CEO Mark Zuckerberg's security expenses for 2017 were $7.3 million. In 2016 they were $4.9 million.

From Quartz:

Among the expenses are the purchase, installation, and maintenance for Zuckerberg’s personal residences, which include properties in San Francisco and Palo Alto. It also includes his personal usage of private aircraft. Security expenses accounted for 83% of Zuckerberg’s overall compensation package in 2017, which rose by over 50%. However, his base salary still remains at $1.

Zuckerberg's net worth is $66 billion, so $7.3 million represents 0.01% of his net worth. If a person worth $1 million had a proportional security package, it would amount to $111.

Image: Anthony Quintano/Flickr, Attribution 2.0 Generic (CC BY 2.0) Read the rest

Stealing data from airgapped computers by using power fluctuations as a covert channel

Ben Gurion university's Mordechai Guri is a master exfiltrator, a computer scientist who's devised a bewildering array of innovative techniques for getting data off of "airgapped" computers that have been fully disconnected from any kind of network. Read the rest

Cities' emergency sirens will play anything you send them over an unencrypted radio protocol

It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest

In an attempt to quantify stupendous risk, cyberinsurers ratchet up premiums, deploy gimmicks

In some ways, there's never been a better time to be an insurer: every business wants cybersecurity insurance, and the market is willing to tolerate crazy annual premium hikes -- 30% a year for the past five years! Read the rest

The .cm typosquatters accidentally exposed their logs, revealing the incredible scale of typojacking

.cm is the top-level domain for Cameroon, and the major use-case for .cm domains is typosquatting -- registering common .com domains as .cm domains (like microsoft.cm or apple.cm), in the hopes of nabbing traffic from users who fatfinger while typing a domain, and sometimes serving them malware or directing them to scams. Read the rest

Eight months ago, Panera Bread was warned that they were leaking up to 7 million customers' data. They fixed it yesterday. Kinda.

On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers. Read the rest

Internet of Battle Things: a militarized IoT where "cognitive bandwidth constraints" require "autonomous cyber agents"

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Under Armour: hackers stole the data of 150,000,000 Myfitnesspal users because of course they did

Myfitnesspal was a startup that offered Internet of Shit-based fitness and diet tracking; they were purchased by Under Armour for $475,000,000 in 2015; three years later, Under Armour has admitted that hackers stole the personal data of 150,000,000 Myfitnesspal users. Read the rest

Georgia criminalizes routine security research

Georgia is a hub for cybersecurity research, with leading university computer science and security programs and a new $35m state cybersecurity research center underway; but the Georgia state legislature just passed SB315, the most onerous prohibition on computer security research ever passed in the USA. Read the rest

Help crowdfund the Harlem Cryptoparty and 100 unlimited, privacy-protecting wifi hotspots for Puerto Rico

Calyx is an amazing nonprofit, privacy-oriented activist ISP (they were the first ISP to successfully resist a secret Patriot Act warrant); they are notable for offering an unlimited, unfiltered, unthrottled 4G/wifi hotspot for a tax-deductible $400 year (mine has repeatedly saved my bacon). Read the rest

How to evaluate secure messengers and decide which one is for you

The Electronic Frontier Foundation is running an excellent series on the potential and pitfalls of secure messaging app -- this is very timely given the ramping up of state surveillance and identity theft, not to mention anyone looking to #DeleteFacebook and transition away from Facebook Messenger. Read the rest

Cops routinely unlock phones with corpses' fingers

Since 2016, when an FBI agent first used a dead suspect's finger to unlock his phone, police forces across the USA have made a routine practice of unlocking phones using suspects and victims' dead fingers, saving big on buying cyberwar tools like Cellebrite's $1500-$3000 unlocker, or Grayshift's $30k/year Graykey. Read the rest

A detailed, cross-disciplinary syllabus for a "Cybersecurity Law and Policy" graduate course

University of Texas law professor Bobby Chesney has developed a detailed syllabus for a course in "Cybersecurity Foundations: Law, Policy, and Institutions" that is aimed at grad students from law, business, engineering, and computer science. Read the rest

More posts