Nacho Analytics sells browsing data from more than 4m users (they advertise "See Anyone’s Analytics Account"), a service it calls "God mode for the internet." The data is harvested by embedding Nacho's spyware (dubbed "Dataspii") in a variety of browser extensions, mostly for Chrome, but also some for Firefox. Read the rest
Once upon a time, companies were able to insist -- with a straight face -- that the real problem with the security defects in their products was the researchers who went public with them, warning customers and users that the products they were trusting were not trustworthy. Read the rest
Last October, Bloomberg published what seemed to be the tech story of the year: a claim that Supermicro, the leading supplier of servers to clients from the Pentagon and Congress to Amazon, Apple and NASA, had been targeted by Chinese spies who'd inserted devastating, virtually undetectable hardware backdoors into their motherboards by subverting a small subcontractor in China. Read the rest
Matt "Metafilter" Haughey got a postcard from his home state of Oregon informing him that he'd been purged from his voter roll because his signature has drifted too much since he first signed up to vote, 15 years ago. He has to go through a bureaucratic process to re-register to vote. Read the rest
A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions. Read the rest
It's been a year since someone hacked all 156 of Dallas's emergency tornado sirens, setting them off in the middle of the night, and the security picture for cities' emergency PA systems keeps getting uglier. Read the rest
The Security Innovation Center is a lobbying group backed by CompTIA, CTIA, TechNet and the Consumer Technology Association for the express purpose of fighting laws that would legalize repairing your own property, or choosing to have it repaired by third parties. Read the rest
Tim Harford points out that Dieselgate -- when VW designed cars that tried to guess when they were undergoing emissions test and dial back their pollution -- wasn't the first time an industry designed its products to cheat when regulators were looking; the big banks did the same thing to beat the "stress tests" that finance regulators used to check whether they would collapse during economic downturns (the banks "made very specific, narrow bets designed to pay off gloriously in specific stress-test scenarios" so that they looked like they'd do better than they actually would). Read the rest
Tim O'Reilly writes about the reality that more and more of our lives -- including whether you end up seeing this very sentence! -- is in the hands of "black boxes": algorithmic decision-makers whose inner workings are a secret from the people they affect. Read the rest
With the leak of exploits developed by The Equation Group, the long-secret, NSA-adjacent super-elite hacking squad -- published by The Shadow Brokers, who have some extremely heterodox theories about auction design -- it's now possible to audit the source code of some of the NSA's crown-jewel cyberweapons. Read the rest
Earlier this week, I wrote about the legal threats from Landis and Gyr against the Freedom of Information service Muckrock, which had received documents from the City of Seattle detailing the workings of Landis and Gyr's smart-meter system, which Seattle has purchased from them at public expense. Read the rest
Phil Mocek filed a public records request to find out how Seattle's new smart meters -- supplied by Landis and Gyr -- will work. As Mocek writes, these meters are based on "unspecified and unverifiable sensors that monitor activity inside of private property and can communicate collected information in real-time to unspecified machines in remote locations, the workings of which are obscured from ratepayers, with interfaces used by [the city] that require specialized equipment and are thus completely unavailable to ratepayers for personal use or monitoring and verification of information communicated, is already shrouded in secrecy and seemingly proceeding despite repeated voicing of public concern and complete lack of public justification of expense." Read the rest
The BBC's Social Affairs Correspondent, Michael Buchanan, wanted to know how often the UK government's new "red tape-busting cabinet panel, the Reducing Regulation Committee" was meeting, because he thought that it was probably "all froth and no action." Read the rest
Six years ago, I wrote a column comparing IT managers' prohibitions on using your own devices and applications to abstinence-only sex ed: a high-handed approach that leaves its audience ignorant and resentful, and dedicated to undermining you behind your back. Read the rest
Yesterday, I wrote about Jon Corbett's video, in which he demonstrates a method that appears to make it easy to smuggle metal objects (including weapons) through a TSA full-body scanner. The TSA has responded by saying that they still trust the machines, but they won't say why, "for obvious security reasons."
As Wired's David Kravets points out, Corbett is only the most recent critic to take a skeptical look at the efficacy of the expensive, invasive machinery. Other critics include the Government Accountability Office ("the devices might be ineffective") and the Journal of Transportation Security ("terrorists might fool the Rapiscan machines by taping explosive devices to their stomachs").
Corbett responded to the TSA's we-can't-tell-you-or-we'd-have-to-kill-you rebuttal with "You don't believe it? Try it."
“These machines are safe,” Lorie Dankers, a TSA spokeswoman, said in a telephone interview.
In a blog post, the government’s response was that, “For obvious security reasons, we can’t discuss our technology’s detection capability in detail, however TSA conducts extensive testing of all screening technologies in the laboratory and at airports prior to rolling them out to the entire field.”
TSA Pooh-Poohs Video Purporting to Defeat Airport Body Scanners Read the rest
