Medical device security very, very, very, very, very, very, very bad. Read the rest

Russia's communications regulator says it has blocked IP addresses owned by Google and Amazon because Moscow claims the internet addresses are used by the Telegram messaging service that was banned by Putin's regime this week.

Read the rest

A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions. Read the rest

The United States and Britain today accused Russia of launching a new wave of internet-based attacks targeting routers, firewalls and other computer networking equipment used by government agencies, businesses and critical infrastructure operators around the globe.

Read the rest

It's expensive to be one of the most well-recognized billionaires on the planet. Facebook's regulatory filing for the Securities and Exchange Commission revealed that CEO Mark Zuckerberg's security expenses for 2017 were $7.3 million. In 2016 they were $4.9 million.

From Quartz:

Among the expenses are the purchase, installation, and maintenance for Zuckerberg’s personal residences, which include properties in San Francisco and Palo Alto. It also includes his personal usage of private aircraft. Security expenses accounted for 83% of Zuckerberg’s overall compensation package in 2017, which rose by over 50%. However, his base salary still remains at $1.

Zuckerberg's net worth is $66 billion, so $7.3 million represents 0.01% of his net worth. If a person worth $1 million had a proportional security package, it would amount to $111.

Image: Anthony Quintano/Flickr, Attribution 2.0 Generic (CC BY 2.0) Read the rest

Ben Gurion university's Mordechai Guri is a master exfiltrator, a computer scientist who's devised a bewildering array of innovative techniques for getting data off of "airgapped" computers that have been fully disconnected from any kind of network. Read the rest

It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest

In some ways, there's never been a better time to be an insurer: every business wants cybersecurity insurance, and the market is willing to tolerate crazy annual premium hikes -- 30% a year for the past five years! Read the rest

.cm is the top-level domain for Cameroon, and the major use-case for .cm domains is typosquatting -- registering common .com domains as .cm domains (like microsoft.cm or apple.cm), in the hopes of nabbing traffic from users who fatfinger while typing a domain, and sometimes serving them malware or directing them to scams. Read the rest

On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers. Read the rest

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Myfitnesspal was a startup that offered Internet of Shit-based fitness and diet tracking; they were purchased by Under Armour for $475,000,000 in 2015; three years later, Under Armour has admitted that hackers stole the personal data of 150,000,000 Myfitnesspal users. Read the rest

Georgia is a hub for cybersecurity research, with leading university computer science and security programs and a new $35m state cybersecurity research center underway; but the Georgia state legislature just passed SB315, the most onerous prohibition on computer security research ever passed in the USA. Read the rest

Calyx is an amazing nonprofit, privacy-oriented activist ISP (they were the first ISP to successfully resist a secret Patriot Act warrant); they are notable for offering an unlimited, unfiltered, unthrottled 4G/wifi hotspot for a tax-deductible $400 year (mine has repeatedly saved my bacon). Read the rest

The Electronic Frontier Foundation is running an excellent series on the potential and pitfalls of secure messaging app -- this is very timely given the ramping up of state surveillance and identity theft, not to mention anyone looking to #DeleteFacebook and transition away from Facebook Messenger. Read the rest

Since 2016, when an FBI agent first used a dead suspect's finger to unlock his phone, police forces across the USA have made a routine practice of unlocking phones using suspects and victims' dead fingers, saving big on buying cyberwar tools like Cellebrite's $1500-$3000 unlocker, or Grayshift's $30k/year Graykey. Read the rest

University of Texas law professor Bobby Chesney has developed a detailed syllabus for a course in "Cybersecurity Foundations: Law, Policy, and Institutions" that is aimed at grad students from law, business, engineering, and computer science. Read the rest