/ SUBMIT / SEARCH / STORE / MENU
Cory Doctorow / 12:05 pm Tue, May 14, 2019

DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes

The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes. Read the rest

Cory Doctorow / 5:24 am Fri, Nov 16, 2018

A leaky database of SMS messages is a reminder that SMS is really, really insecure

Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service. Read the rest

Cory Doctorow / 10:20 am Mon, Oct 15, 2018

Wannacry ransomware cost the British National Health Service £92m ($121m)

The Wannacry ransomware epidemic was especially virulent, thanks to its core: a weaponized vulnerability in Windows that the NSA had discovered and deliberately kept a secret so that they could use it to attack their adversaries. Read the rest

Cory Doctorow / 12:03 pm Fri, Aug 3, 2018

Fraudsters offers thousands to low-waged telco employees for help with SIM Swap scams

SIM Swapping is a powerful form of fraud in which criminals convince the phone company to switch your phone number to a SIM they control; once they have your phone number, they can bypass the SMS-based two-factor authentication protecting your cryptocurrency wallets, social media accounts, and other valuable systems. Read the rest

Cory Doctorow / 10:04 am Fri, Jul 20, 2018

Your phone company's shitty security is all that's standing between you and total digital destruction

Online services increasingly rely on SMS messages for two-factor authentication, which means on the one hand that it's really hard to rip you off without first somehow stealing your phone number, but on the other hand, once someone diverts your SMS messages, they can plunder everything Read the rest

Cory Doctorow / 5:45 am Thu, Apr 21, 2016

Kindle Unlimited is being flooded with 3,000-page garbage books that suck money out of the system

Amazon's Kindle Unlimited service allows subscribers to download as many books as they want, and then pays writers based on the number of their pages that readers have read. Read the rest

Cory Doctorow / 7:21 am Fri, Apr 8, 2016

Why the rise of ransomware attacks should worry you

Sean Gallagher does an excellent job of running down the economics and technology behind the rise and rise of ransomware attacks: ransomware has become a surefire way to turn a buck on virtually any network intrusion, and network intrusions themselves are trivial if you don't especially care whose networks you break into. Read the rest

Cory Doctorow / 7:43 am Thu, Mar 10, 2016

Using distributed code-signatures to make it much harder to order secret backdoors

Cothority is a new software project that uses "multi-party cryptographic signatures" to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their products as innocuous-looking software updates. Read the rest