Ranking the most influential computer security papers ever published

Konrad Rieck has data-mined the nine top security conferences, compiling a decade-by-decade list of the papers most often cited in the presentations delivered at these events: top of the pile is Random Oracles are Practical: A Paradigm for Designing Efficient Protocols (Sci-Hub mirror), from the 1993 ACM Conference on Computer and Communications Security. Rieck has also produced a "normalised" ranking that tries to offset the seniority effect, whereby older papers collect more citations. (via Four Short Links) Read the rest

Cambridge Analytica: Director 'met Assange to discuss U.S. election', channelled $ to WikiLeaks

A former executive from the data-mining dark operator Cambridge Analytica 'visited Julian Assange in February last year and told friends it was to discuss what happened during the US election,' the Guardian reported today.

Brittany Kaiser worked as a director there until not long ago, and is reported “to have channelled cryptocurrency payments and donations to WikiLeaks.”

Excerpt:

Assange issued a statement saying that he had turned down the Cambridge Analytica offer. Alexander Nix, the company’s chief executive, told Westminster MPs the same in February, during an appearance at the Commons digital, culture, media and sport (DCMS) select committee. Nix said he found a contact for WikiLeaks’ speaking agency on the internet and sent Assange an email.

But visitor logs from the Ecuador embassy obtained by the Guardian and Focus Ecuador appear to show that Brittany Kaiser, a senior executive at Cambridge Analytica until earlier this year, visited Assange on 17 February 2017. Information passed to the DCMS committee in the UK and the Senate judiciary committee in the US states that the meeting was “a retrospective to discuss the US election”.

Kaiser is also alleged to have said that she had funnelled money to WikiLeaks in the form of cryptocurrency. She called the organisation her “favourite charity”. The reports passed to investigators say that money was given to her by third parties in the form of “gifts and payments”.

After the afore-quoted story was published, there was all-new news in London today.

Former Cambridge Analytica CEO Alexander Nix. Read the rest

Zip Slip: a sneaky way to install malware using zip and other packing utilities

Packing files into archives like zips, tars, jars, wars, cpios, apks, rars and 7zs is a common way to keep important files and filesystem structures together when sharing them; it's also a source of potentially dangerous malware attacks. Read the rest

New Vpnfilter analysis: modules attack router owners and target industrial control systems; reinfection still possible, more routers vulnerable

Vpnfilter is the malicious software that targets home routers, thought to be the work of Russian state-affiliated hacker group Fancy Bear, that raised alarm last month on the revelation that it had infected half a million home routers around the world. Read the rest

Fugitive wanted for attempted murder found at White House, where he worked for National Security Council

Pretty logical place to hide, if you ask me.

Secret Service agents grabbed Martese Maurice Edwards today when he showed up for work at the White House, where he worked as a private contractor for the WH National Security Council.

A man by that same name is wanted for attempted first-degree murder in Prince George’s County, Maryland. Read the rest

MyHeritage leaks data of 92 million who use the genealogy and family tree website

A security breach affected the MyHeritage website, and leaked the personal information of over 92 million users, the Israeli company said Tuesday. Read the rest

Facebook gave user data to 'at least 4 Chinese companies,' including tech giant ID'd as security threat by U.S. intel

Despite Mark Zuckerberg's internal war on transparency, the Facebook data abuse reveals just keep on coming. Read the rest

Redditor claims Chinese border guards installed malware on his phone

BigTyPB: "I saw the installation process, an icon appear on the home screen, the police ran the application and then the icon hid itself. Not sure if it rooted my phone or what. I know something was running on my phone because they used a handheld device to confirm our phones were communicating with their system before letting us go." Read the rest

How do we fix IoT security without blocking interoperability and creating monopolies?

Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT." Read the rest

Watch how easy it is to break into this $100 "smart" lock

Tapplock sells a fingerprint-enabled padlock for $100. Zack was able to defeat it quickly and quietly by twisting off the back plate and removing a couple of screws. Ouch. Read the rest

The most interesting thing about the "Thanksgiving Effect" study is what it tells us about the limits of data anonymization

Late last year, a pair of economists released an interesting paper that used mobile location data to estimate the likelihood that political polarization had shortened family Thanksgiving dinners in 2016. Read the rest

Governments all over the world buy spy products that let them track and eavesdrop on global cellphones, especially US phones

Senator Ron Wyden [D-OR] has sent a letter to the DHS with his view that "nefarious actors may have exploited" the cellular phone system "to target the communications of American citizens." Read the rest

Efail: instructions for using PGP again as safely as is possible for now

It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out. Read the rest

The TSA has a secret enemies list of people who've complained about screeners

We all know that the TSA maintains a secret watchlist of suspected terrorists who are somehow suspicious enough that they can be denied the right to fly or be subjected to humiliating screenings (but not suspicious enough to charge with any crime), but it turns out that that TSA has another watchlist of problem fliers -- people who've complained about TSA screeners, as well as people who are accused of having "assaulted" screeners (the definition of "assault" includes women who've removed screeners' hands from their breasts). Read the rest

FBI says to reboot your router ASAP to avoid Russia malware VPNFilter

Have you tried turning it off and on again?

The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest

FBI sinkholes a key domain used by the malware that infected 500,000 home routers, declares partial victory and Russian attribution

VPNFilter is a virulent, sophisticated, multistage worm that has successfully infected 500,000 home routers, leaving them vulnerable to both surveillance (the malware snoops network traffic for passwords) and region-wide internet shutdowns (VPNFilter can brick the routers it infects, and an attacker could shut down most or all of the home/small business internet access in a region by triggering this). Read the rest

500,000 home routers have been infected with VPNFilter, malware that steals data and bricks devices

VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers. Read the rest

More posts