Google Maps is still overrun with scammers pretending to be local businesses, and Google's profiting from them

We bought a house in 2018 and have been renovating it pretty much constantly ever since: I've had to call out movers, emergency plumbers and electricians, find HVAC repairpeople, hire locksmiths, contract with a roofer, etc etc. Despite the longstanding and serious problems with fraud on Google Maps, I often start my search there, because I am an idiot, because 100% of the time, Google Maps sends me to a scammer. One hundred percent. Read the rest

DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes

The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes. Read the rest

A leaky database of SMS messages is a reminder that SMS is really, really insecure

Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service. Read the rest

Wannacry ransomware cost the British National Health Service £92m ($121m)

The Wannacry ransomware epidemic was especially virulent, thanks to its core: a weaponized vulnerability in Windows that the NSA had discovered and deliberately kept a secret so that they could use it to attack their adversaries. Read the rest

Fraudsters offers thousands to low-waged telco employees for help with SIM Swap scams

SIM Swapping is a powerful form of fraud in which criminals convince the phone company to switch your phone number to a SIM they control; once they have your phone number, they can bypass the SMS-based two-factor authentication protecting your cryptocurrency wallets, social media accounts, and other valuable systems. Read the rest

Your phone company's shitty security is all that's standing between you and total digital destruction

Online services increasingly rely on SMS messages for two-factor authentication, which means on the one hand that it's really hard to rip you off without first somehow stealing your phone number, but on the other hand, once someone diverts your SMS messages, they can plunder everything Read the rest

Kindle Unlimited is being flooded with 3,000-page garbage books that suck money out of the system

Amazon's Kindle Unlimited service allows subscribers to download as many books as they want, and then pays writers based on the number of their pages that readers have read. Read the rest

Why the rise of ransomware attacks should worry you

Sean Gallagher does an excellent job of running down the economics and technology behind the rise and rise of ransomware attacks: ransomware has become a surefire way to turn a buck on virtually any network intrusion, and network intrusions themselves are trivial if you don't especially care whose networks you break into. Read the rest

Using distributed code-signatures to make it much harder to order secret backdoors

Cothority is a new software project that uses "multi-party cryptographic signatures" to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their products as innocuous-looking software updates. Read the rest