2976 matches found
Report on the Stalkerware Industry
Citizen Lab just published an excellent report on the stalkerware industry. Boing Boing post...
Critical Flaw in Swiss Internet Voting System
Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted -- and that this system in particular should never be deployed, even if the found flaw is fixed...
Friday Squid Blogging: Economic Fallout from Falklands Halting Squid Fishing
Details. Blog moderation policy...
Friday Squid Blogging: New Giant Squid Video
This is a fantastic video of a young giant squid named Heck swimming around Toyama Bay near Tokyo. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Security Vulnerabilities in Cell Phone Systems
Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about...
Friday Squid Blogging: Sinuous Asperoteuthis Mangoldae Squid
Great video of the Sinuous Asperoteuthis Mangoldae Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: How Scientists Captured the Giant Squid Video
In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: Prehistoric Dolphins that Ate Squid
Paleontologists have discovered a prehistoric toothless dolphin that fed by vacuuming up squid: There actually are modern odontocetes that don't really use their teeth either. Male beaked whales, for example, usually have one pair of teeth that is only used to fight for females, whose teeth stay...
Friday Squid Blogging: Squid Proteins Can Be an Alternative to Plastic
Is there anything squids aren't good for? Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thursday, August 8, 2019. I'm speaking on "Information Security in the Public Interest" at DefCon 27 in Las Vegas on Saturday, August 10, 2019. The list is...
Friday Squid Blogging: Chinese Squid-Processing Facility
China is building the largest squid processing center in the world. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: Cephalopod Appreciation Society Event
Last Wednesday was a Cephalopod Appreciation Society event in Seattle. I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Clever — and Exploitable — Windows Zero-Day
Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Heres the advisory, which includes a work-around until a patch is available...
Friday Squid Blogging: Hawaiian Bobtail Squid Squirts Researcher
Cute video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: A Tracking Device for Squid
Really: After years of "making do" with the available technology for his squid studies, Mooney created a versatile tag that allows him to research squid behavior. With the help of Kakani Katija, an engineer adapting the tag for jellyfish at California's Monterey Bay Aquarium Research Institute...
US Journalist Detained When Returning to US
Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted...
Friday Squid Blogging: Baby Ichthyosaurus Fed on Squid
New discovery: paper and article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: Vulnerabilities in Squid Server
It's always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service DoS attacks triggered by the exploitation of a heap buffer overflow security flaw...
LC4: Another Pen-and-Paper Cipher
Interesting symmetric cipher: LC4: Abstract: ElsieFour LC4 is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts...
Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago
Earlier this month, I made fun of a company called Crown Sterling, for...for...for being a company that deserves being made fun of. This morning, the company announced that they "decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer." Really. The...
US Schools Are Buying Cell Phone Unlocking Systems
Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial...
Russia Is Testing Online Voting
This is a bad idea: A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital's city counci...
Defeating the iPhone Restricted Mode
Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson...
Friday Squid Blogging: Hundred-Million-Year-Old Squid Relative Found in Amber
This is a really interesting find. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Fingerprinting iPhones
This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the...
Videos and Links from the Public-Interest Technology Track at the RSA Conference
Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. Video here. I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologist...
Friday Squid Blogging: Illegal North Korean Squid Fishing
North Korea is engaged in even more illegal squid fishing than previously. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
More on My LinkedIn Account
I have successfully gotten the fake LinkedIn account in my name deleted. To prevent someone from doing this again, I signed up for LinkedIn. This is my first -- and only -- post on that account: My Only LinkedIn Post Yes, Really Welcome to my LinkedIn page. It looks empty because I'm never here. ...
Friday Squid Blogging: Squid Eyeballs
Details on how a squid's eye corrects for underwater distortion: Spherical lenses, like the squids', usually can't focus the incoming light to one point as it passes through the curved surface, which causes an unclear image. The only way to correct this is by bending each ray of light differently...
Risks of Password Managers
Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security an...
Video Surveillance by Computer
The ACLU's Jay Stanley has just published a fantastic report: "The Dawn of Robot Surveillance" blog post here Basically, it lays out a future of ubiquitous video cameras watched by increasingly sophisticated video analytics software, and discusses the potential harms to society. I'm not going to...
Detecting Lies through Mouse Movements
Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they...
Real-Time Attacks Against Two-Factor Authentication
Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with...
Friday Squid Blogging: Brittle Star Catches a Squid
Watch a brittle star catch a squid, and then lose it to another brittle star. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: On Squid Intelligence
Two links. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Friday Squid Blogging: Possible New Squid Species
NOAA video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Recovering Smartphone Typing from Microphone Sounds
Yet another side-channel attack on smartphones: "Hearing your touch: A new acoustic side channel on smartphones," by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of the...
Security Breaches Don't Affect Stock Price
Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to...
Maciej Cegłowski on Privacy in the Information Age
Maciej Cegłowski has a really good essay explaining how to think about privacy today: For the purposes of this essay, I'll call it "ambient privacy" -- the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the...
Security Flaw in Estonian National ID Card
We have no idea how bad this really is: On 30 August, an international team of researchers informed the Estonian Information System Authority RIA of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards...
Friday Squid Blogging: Bioluminescent Squid
There's a beautiful picture of a tiny squid in this New York Times article on bioluminescence -- and a dramatic one of a vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Wi-Fi Chip Vulnerability
There's a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices,...
Cryptanalyzing a Pair of Russian Encryption Algorithms
A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014...
Security and Privacy Implications of Zoom
Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom. Over that same period, the company has been exposed for...
Person in Latex Mask Impersonated French Minister
Forget deep fakes. Someone wearing a latex mask fooled people on video calls for a period of two years, successfully scamming 80 million euros from rich French citizens...
Chinese Military Wants to Develop Custom OS
Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system: Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers...
Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery
Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Troy Hunt on Passwords
Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why insert thing here isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have...
Friday Squid Blogging: The Symbiotic Relationship Between the Bobtail Squid and a Particular Microbe
This is the story of the Hawaiian bobtail squid and Vibrio fischeri. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Digital License Plates
They're a thing: Developers say digital plates utilize "advanced telematics" -- to collect tolls, pay for parking and send out Amber Alerts when a child is abducted. They also help recover stolen vehicles by changing the display to read "Stolen," thereby alerting everyone within eyeshot. This mak...