2980 matches found
Surveillance of the Internet Backbone
Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. Its useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It...
Friday Squid Blogging: On Squid Brains
Interesting National Geographic article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
More on Apple’s iPhone Backdoor
In this post, Ill collect links on Apples iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. Im not convinced that this secondary system was originally part of the design, since...
T-Mobile Data Breach
Its a big one: As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobiles servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and...
Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
Apples NeuralHash algorithm -- the one its using for client-side scanning on the iPhone -- has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the...
Tetris: Chinese Espionage Tool
Im starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: Im speaking via Internet at SHIFT Business Festival in Finland, August 25-26, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I...
Friday Squid Blogging: A Good Year for Squid?
Improved ocean conditions are leading to optimism about this years squid catch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Using AI to Scale Spear Phishing
The problem with spear phishing is that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAIs GPT-3 platform in conjunction with other AI-as-a-service products focused on personali...
Cobalt Strike Vulnerability Affects Botnet Servers
Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But its also used by attackers -- from criminals to governments -- to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the...
Apple Adds a Backdoor to iMessage and iCloud Storage
Apples announcement that its going to start scanning photos for child abuse material is a big deal. Here are five news stories. I have been following the details, and discussing it in several different email lists. I dont have time right now to delve into the details, but wanted to post something...
Defeating Microsoft’s Trusted Platform Module
This is a really interesting story explaining how to defeat Microsofts TPM in 30 minutes -- without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one clients network, received a new Lenovo computer preconfigured to...
Friday Squid Blogging: Squid Dog Toy
Its sold out, but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Using “Master Faces” to Bypass Face-Recognition Authenticating Systems
Fascinating research: "Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution." Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high...
Zoom Lied about End-to-End Encryption
The facts arent news, but Zoom will pay $85M -- to the class-action attorneys, and to users -- for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed...
Paragon: Yet Another Cyberweapons Arms Manufacturer
Forbes has the story: Paragons product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether thats WhatsApp, Signal, Facebook Messenger or Gmail, the industry...
The European Space Agency Launches Hackable Satellite
Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. … Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. … The satellite can detect and characterise any rog...
Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial
Often it feels like squid just evolved better than us mammals. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
I Am Parting With My Crypto Library
The time has come for me to find a new home for my paper cryptography library. Its about 150 linear feet of books, conference proceedings, journals, and monographs -- mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporat...
Storing Encrypted Photos in Google’s Cloud
New paper: "Encrypted Cloud Photo Storage Using Google Photos": Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns...
AirDropped Gun Photo Causes Terrorist Scare
A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane -- still at the gate -- was evacuated and searched. The teen was not allowed to reboard. I ca...
De-anonymization Story
This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops USCCB, effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work,...
Hiding Malware in ML Models
Interesting research: "EvilModel: Hiding Malware Inside of Neural Network Models". Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural...
Disrupting Ransomware by Disrupting Bitcoin
Ransomware isnt new; the idea dates back to 1986 with the "Brain" computer virus. Now, its become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than its original owner, and it makes more sense to ransom it back to them --...
Friday Squid Blogging: The Evolution of Squid
Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Commercial Location Data Used to Out Priest
A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially a...
Nasty Windows Printer Driver Vulnerability
From SentinelLabs, a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers also used by Samsung and Xerox, which impacts hundreds of millions of Windows machines. If exploited, cyberattackers...
NSO Group Hacked
NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware -- used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others -- was hacked. Or, at least, an enormous trove of documents was leaked to journalists. Theres a lo...
Candiru: Another Cyberweapons Arms Manufacturer
Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report: Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones,...
Friday Squid Blogging: Giant Squid Model
Pretty wooden model. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
REvil is Off-Line
This is an interesting development: Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. … Gone was the publicly available "happy blog" th...
Colorado Passes Consumer Privacy Law
First California. Then Virginia. Now Colorado. Heres a good comparison of the three states laws...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at Norbert Wiener in the 21st Century, a virtual conference hosted by The IEEE Society on Social Implications of Technology SSIT, July 23-25, 2021. I’m speaking at DEFCON 29, August 5-8, 2021. Im speaking via Internet ...
China Taking Control of Zero-Day Exploits
China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to "overseas organizations or individuals"...
Iranian State-Sponsored Hacking Attempts
Interesting attack: Masquerading as UK scholars with the University of Londons School of Oriental and African Studies SOAS, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with hi...
Analysis of the FBI’s Anom Phone
Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting...
Friday Squid Blogging: Squid-Related Game
Its called "Squid Fishering." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Details of the REvil Ransomware Attack
ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekends attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the...
Vulnerability in the Kaspersky Password Manager
A vulnerability just patched in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic...
Stealing Xbox Codes
Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the companys internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught...
Friday Squid Blogging: Best Squid-Related Headline
From the New York Times: "When an Eel Climbs a Ramp to Eat Squid From a Clamp, Thats a Moray." The article is about the eel; the squid is just eel food. But still…. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posti...
More Russian Hacking
Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our...
Insurance and Ransomware
As ransomware becomes more common, Im seeing more discussions about the ethics of paying the ransom. Heres one more contribution to that issue: a research paper that the insurance industry is hurting more than its helping. However, the most pressing challenge currently facing the industry is...
Risks of Evidentiary Software
Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence a Breathalyzer is probably the most obvious example. Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examin...
NFC Flaws in POS Devices and ATMs
Its a series of vulnerabilities: Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC syste...
Friday Squid Blogging: Colossal Squid Photographed off the Coast of Antarctica
Wow. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
AI-Piloted Fighter Jets
News from Georgetowns Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report, the system had shot down...
Banning Surveillance-Based Advertising
The Norwegian Consumer Council just published a fantastic new report: "Time to Ban Surveillance-Based Advertising." From the Introduction: The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements opaque...
Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer
Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiams interception products, dubbed "Invisible Man" and "Night Crawler," are capable of remotely accessing a targets files, location, and covertly turning on a devices...
Apple Will Offer Onion Routing for iCloud/Safari Users
At this years Apple Worldwide Developer Conference, Apple announced something called "iCloud Private Relay." Thats basically its private version of onion routing, which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if youre an...