2981 matches found
New Malware Hijacks Cryptocurrency Mining
This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the...
"Santa Claus is Coming to Town" Parody
Funny...
Hacking Back
Hacking back is a terrible idea that just will not die. Josephine Wolff takes apart the new hacking back bill that was introduced in the House recently...
Insurance and Ransomware
As ransomware becomes more common, Im seeing more discussions about the ethics of paying the ransom. Heres one more contribution to that issue: a research paper that the insurance industry is hurting more than its helping. However, the most pressing challenge currently facing the industry is...
Is 85% of US Critical Infrastructure in Private Hands?
Most US critical infrastructure is run by private corporations. This has major security implications, because its putting a random power company in -- say -- Ohio -- up against the Russian cybercommand, which isnt a fair fight. When this problem is discussed, people regularly quote the statistic...
Tesla Remotely Hacked from a Drone
This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component ConnMan used in Tesla automobiles that allowed them to compromise parked ca...
Four Microsoft Exchange Zero-Days Exploited by China
Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. EDITED TO ADD 3/12: Exchange Online is not affected...
More SolarWinds News
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds...
Impressive iPhone Exploit
This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device -- over Wi-Fi, with no user interaction required at all. Oh, and...
On That Dusseldorf Hospital Ransomware Attack and the Resultant Death
Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more...
Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters
Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Ann Mitchell, Bletchley Park Cryptanalyst, Dies
Obituary...
Vulnerability Finding Using Machine Learning
Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply mo...
Emotet Malware Causes Physical Damage
Microsoft is reporting that an Emotet malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user...
Google Receives Geofence Warrants
Sometimes it's hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants, where the police go to...
Half a Million IoT Device Passwords Published
It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT Internet of...
Identifying and Arresting Ransomware Criminals
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's vid...
A Feminist Take on Information Privacy
Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us...
International Spy Museum Reopens
The International Spy Museum has reopened in Washington, DC...
Privacy for Tigers
Ross Anderson has some new work: As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow...
Numbers Stations
On numbers stations...
Daphne Caruana Galizia's Murder and the Security of WhatsApp
Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app...
Attack on Old ANSI Random Number Generator
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here's the research paper, the website -- complete with cute logo -- for the attack, and Matthew...
Reaper Botnet
It's based on the Mirai code, but much more virulent: While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using...
Snowden Ten Years Later
In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to...
China Taking Control of Zero-Day Exploits
China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to "overseas organizations or individuals"...
NFC Flaws in POS Devices and ATMs
Its a series of vulnerabilities: Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC syste...
Peloton Vulnerability Found and Fixed
Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires physical access to the Peloton, so its not really a practical attack. President Bidens Peloton was not in danger...
Friday Squid Blogging: Squid Cartoon
Squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Cloning Google Titan 2FA keys
This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take...
New Bluetooth Vulnerability
Theres a new unpatched Bluetooth vulnerability: The issue is with a protocol called Cross-Transport Key Derivation or CTKD, for short. When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKDs role is to set up two separate authentication keys for that phone: one for a...
Friday Squid Blogging: Squid Proteins for a Better Face Mask
Researchers are synthesizing squid proteins to create a face mask that better survives cleaning. And you thought there was no connection between squid and COVID-19. The military thinks this might have applications for self-healing robots. As usual, you can also use this squid post to talk about t...
EncroChat Hacked by Police
French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents...
New iPhone Zero-Day Discovered
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was...
RSA-250 Factored
RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference 2.1GHz: RSA-250 sieving: 2450 physical core-years RSA-25...
Facial Recognition for People Wearing Masks
The Chinese facial recognition company Hanwang claims it can recognize people wearing masks: The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a...
Emergency Surveillance During COVID-19 Crisis
Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With th...
The NSA Warns of TLS Inspection
The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection TLSI, also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the...
Resources for Measuring Cybersecurity
Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity...
Ineffective Package Tracking Facilitates Fraud
This article discusses an e-commerce fraud technique in the UK. Because the Royal Mail only tracks packages to the postcode -- and not to the address - it's possible to commit a variety of different frauds. Tracking systems that rely on signature are not similarly vulnerable...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm speaking at the Code for America Summit in Oakland, California on May 30, 2019. I'm speaking on "Securing a World of Physically Capable Computers" at Oxford University on Monday, June 17, 2019. The list is maintained on this pa...
Protecting Yourself from Identity Theft
I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections,...
Identifying People by Metadata
Interesting research: "You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and...
Reasonably Clever Extortion E-mail Based on Password Theft
Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail that ties the password to a porn site. The...
Critical PGP Vulnerability
EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of...
Oblivious DNS
Interesting idea: ...we present Oblivious DNS ODNS, which is a new design of the DNS ecosystem that allows current DNS servers to remain unchanged and increases privacy for data in motion and at rest. In the ODNS system, both the client is modified with a local resolver, and there is a new...
Subway Elevators and Movie-Plot Threats
Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awf...
Fake Santa Surveillance Camera
Reka makes a "decorative Santa cam," meaning that it's not a real camera. Instead, it just gets children used to being under constant surveillance. Our Santa Cam has a cute Father Christmas and mistletoe design, and a red, flashing LED light which will make the most logical kids suspend their...
Friday Squid Blogging: Squid Populations Are Exploding
New research: "Global proliferation of cephalopods" Summary: Human activities have substantially changed the world's oceans in recent decades, altering marine food webs, habitats and biogeochemical processes. Cephalopods squid, cuttlefish and octopuses have a unique set of biological traits,...
Profile of Reality Winner
New York Magazine published an excellent profile of the single-document leaker Reality Winner...