The CBC asked me to write an editorial for their package about Canadian identity and politics, timed with the 150th anniversary of the founding of the settler state on indigenous lands. They've assigned several writers to expand on themes in the Canadian national anthem, and my line was "We stand on guard for thee." Read the rest
In a paper for IEEE Security, researchers from Cyberpion and Israel's College of Management Academic Studies describe a "Password Reset Man-in-the-Middle Attack" that leverages a bunch of clever insights into how password resets work to steal your email account (and other kinds of accounts), even when it's protected by two-factor authentication. Read the rest
U.S. Girl Scouts as young as 5 years old will soon be able to earn their first-ever cybersecurity badges. 18 of these merit patches will be launched by the Girl Scouts of the USA starting in September, 2018.
Ever since the Ukrainian "Maidan" revolution, the country has been subjected to waves of punishing cyberwar attacks, targeting its power grids, finance ministry, TV networks, election officials, and other critical systems. Read the rest
Mozilla has extended and improved its Firefox Focus browser, heretofore an Ios product, bringing it to Android, with auto-blocking of trackers and ads and making it easy to erase your browser history. Read the rest
Chinese state media reports on a $28/RMB188 app that browses webcams whose default passwords haven't been changed, allowing subscribers to watch the goings-on in stores, living rooms, bedrooms, children's rooms, and anywhere a CCTV might be installed. Read the rest
Princeton computer scientist and former White House Deputy CTO Ed Felten (previously) writes about the security lessons of the 2016 election: first, that other nation-states are more aggressive than generally supposed, and second, that you don't need to hack the vote-totals to effect devastation on an adversary -- it's sufficient to undermine the election's legitimacy by messing with voter rolls, "so there is uncertainty about whether the correct people were allowed to vote." Read the rest
The NSO Group is an Israeli firm that describes itself as a "cyber warfare" company, dealing exclusively to governments, including the famously corrupt and dysfunctional government of Mexico. The NSO Group is presently for sale, with a $1 billion pricetag. Read the rest
Want to be really sure that your Internet of Things gadgets and laptops aren't being remotely controlled by malware? Read the rest
The news of attempts by Russian hackers to compromise US voting systems will forever throw into question the results of close US elections -- but that's not just because voting machines are security tire-fires, it's because they're security tire-fires whose vote-counts cannot be audited. Read the rest
Germany's interior ministry has announced sweeping new surveillance powers ahead of the coming national election, which would include the right to infect residents' computers with malware in order to spy on their encrypted communications (shades of the illegal Bundestrojaner program), ordering tech companies to deliberately introduce defects into their cryptography, and fingerprinting children as young as 6. Read the rest
Journalism After Snowden: The Future of the Free Press in the Surveillance State is a new essay collection from Columbia Journalism Review Books with contributions from Ed Snowden, Alan Rusbridger (former editor-in-chief of The Guardian); Jill Abramson (former New York Times executive editor; Glenn Greenwald, Steve Coll (Dean of Columbia Graduate School of Journalism), Clay Shirky, Cass Sunstein, and Julia Angwin. Read the rest
Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware's author and handing you the power-bill. Read the rest
Pity poor Turla, the advanced persistent threat hacking group closely associated with the Russian government who were outed yesterday for their extremely clever gimmick of using Britney Spears's Instagram account as a covert channel for controlling compromised computers in the field while protecting their "command and control" servers; today, Turla faces another devastating disclosure, a report that Turla exploited gaps in the security model of satellite TV and internet systems to make it possible for compromised computers to contact the C&C servers without revealing their locations. Read the rest
The independent, Congressionally mandated Health Care Industry Cybersecurity Task Force released its report last week, setting out their findings about the state of security in America's health technology (very, very, very bad) and their recommendations (basic commonsense cybersecurity 101). Read the rest
A key weakness in malicious software is the "Command and Control" (C&C) system: a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server's address, and then shut it down or blacklist it from corporate routers.
