Amazon's Ring doorbells are surveillance devices that conduct round-the-clock video surveillance of your neighborhood, automatically flagging "suspicious" faces and bombarding you and your neighbors with alerts using an app called "Neighbors"; it's a marriage of Amazon's Internet of Things platform with its "Rekognition" facial recognition tool, which it has marketed aggressively to cities, law enforcement, ICE, businesses and everyday customers as a security measure that can help ID bad guys, despite the absence of a database identifying which faces belong to good people and which faces belong to bad people.
Read the rest
It's been ten years since the financial crisis, when barely regulated banks destroyed the world's economy, kicked off wars, and directly and indirectly killed millions.
Read the rest
In his first television interview since assuming power last Friday, Donald Trump compares himself to Peyton Manning. Everything else was even weirder. Construction of a wall along the US-Mexico border may begin within a few months.
Read the rest
Cheap Internet of Things devices like Foscam's home CCTVs are designed to covertly tunnel out of your home network, bypassing your firewall, so they can join a huge P2P network of 7 million other devices that is maintained and surveilled by their Chinese manufacturer. Read the rest
The idea that global politics are a terrifying blend of natural disasters, belligerence, and deadly military potential isn't unique to this decade, but holy fuck, did it ever just get weird. Read the rest
Twice now, Londoners have gone to the polls and, for a laugh, voted in "a supposed politician with comedy hair and the manners of a rapey clown." Read the rest
Samy Kamkar has a proof-of-concept attack through which he plugs a small USB stick into an unlocked Mac OS X machine and then quickly and thoroughly compromises the machine, giving him total, stealthy control over the system in seconds, even reprogramming the built-in firewall to blind it to its actions. Read the rest
It's the safest night of the year for your kids: no kid has ever been poisoned by a stranger, and the 31st usually has fewer assaults on children than other days of the year (but more kids do get hit by cars!).
Lenore Prepares for Halloween — Heh, Heh, Heh Read the rest
In a virulently anti-Western and uncharacteristically blunt speech, Russian spy-turned-president Vladimir Putin set out his agenda for Russia and its relationship to "western elites." The speech wasn't widely reported in the west, but Dmitry Orlov has helpfully translated, transcribed and summarized it. Read the rest
A TSA supervisor confiscated Sean Malone's toy ray gun belt buckle at the airport. Malone described the encounter:
"You understand that this is a belt buckle, right? It is not a danger to the safety of anyone nor is it against the law to carry. I have also traveled with this belt buckle all over the country and it's never been a problem. So please explain to me how exactly you would justify taking it."
Her response was to suggest a hypothetical scenario. "What if", she postulated, "you take this object out of your bag and point it - like a gun - at a police officer? He would have no choice to assume that it was a gun, and take action against you."
Now... Let's leave aside for a second that the entire premise behind this argument is that police officers are too dumb and hopped up on their own power that they can't recognize a dangerous weapon from a belt buckle in the shape of a 1950's toy ray gun. I'm glad she recognized this reality, but I don't think she really processed what it says about law enforcement in America. But leaving that aside... Why in the hell would I ever take my belt buckle and point it at a police officer?
To this, she had no answer.
Malone stood his ground, and after insisting that the supervisor talk to *her* supervisor, his belt buckle was returned. Read the rest
When a dark-skinned man sneezed on a plane then joked about having ebola, the flight crew took no chances and called a team in hazardous material suits to escort him off the plane.
The passenger had never been in Africa. He did not have Ebola. Read the rest
Last summer's Black Hat presentation on "Badusb" by Karsten Nohl alerted the world to the possibility that malware could be spread undetectably by exploiting the reprogrammable firmware in USB devices -- now, a second set of researchers have released the code to let anyone try it out for themselves. Read the rest
The Organization for Economic Cooperation and Development -- a pro-establishment, rock-ribbed bastion of pro-market thinking -- has released a report predicting a collapse in global economic growth rates, a rise in feudal wealth disparity, collapsing tax revenue and huge, migrating bands of migrant laborers roaming from country to country, seeking crumbs of work. They prescribe "flexible" workforces, austerity, and mass privatization. Read the rest
My ZOMGTERRISTSGONNAKILLUSALLRUNHIDE TSA tee-shirt (of Poop Strong fame) is available in tote-bag form, a fact I had somehow missed! Read the rest
Alex sez, "Spacegambit is a hackerspace space program that funds cool space projects around the world. We're now working with NASA on the Asteroid Grand Challenge, with the aim of getting more makers involved in detecting asteroid threats to human populations and figuring out what to do about them.
We're running our open call at the moment (closing on 20 May) and looking to fund open-source projects linked with hackerspaces/makerspaces/fablabs/etc." Read the rest
Florida state senator Dwight Bullard thought that a proposed bill to legalize carrying concealed firearms during disaster evacuations was an incredibly stupid idea. So he proposed an amendment to rename the bill "An act relating to the zombie apocalypse." Both the bill and the amendment failed to pass the state legislature.
If you're serious about killing zombies, you don't want a gun, anyway. You want one of these. Read the rest
Scott Erven is head of information security for a healthcare provider called Essentia Health, and his Friday presentation at Chicago's Thotcon, "Just What The Doctor Ordered?" is a terrifying tour through the disastrous state of medical device security.
Wired's Kim Zetter summarizes Erven's research, which ranges from the security of implanted insulin pumps and defibrillators to surgical robots and MRIs. Erven and his team discovered that hospitals are full of fundamentally insecure devices, and that these insecurities are not the result of obscure bugs buried deep in their codebase (as was the case with the disastrous Heartbleed vulnerability), but rather these are incredibly stupid, incredibly easy to discover mistakes, such as hardcoded easy default passwords. For example: surgical robots have their own internal firewall. If you run a vulnerability scanner against that firewall, it just crashes, and leaves the robot wide open.
The backups for image repositories for X-rays and other scanning equipment have no passwords. Drug-pumps can be reprogrammed over the Internet with ease. Defibrillators can be made to deliver shocks -- or to withhold them when needed. Doctors' instructions to administer therapies can be intercepted and replayed, adding them to other patients' records. You can turn off the blood fridge, crash life-support equipment and reset it to factory defaults. The devices themselves are all available on the whole hospital network, so once you compromise an employee's laptop with a trojan, you can roam free. You can change CT scanner parameters and cause them to over-irradiate patients.
The one bright spot is that anaesthesia and ventilators are not generally networked and are more secure. Read the rest