2979 matches found
Alex Stamos on Content Moderation and Security
Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching...
First American Financial Corp. Data Records Leak
Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and eve...
Friday Squid Blogging: More Materials Science from Squid Skin
Article: "How a Squid's Color-Changing Skin Inspired a New Material That Can Trap or Release Heat." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
NSA Hawaii
Recently I've heard Edward Snowden talk about his working at the NSA in Hawaii as being "under a pineapple field." CBS News recently ran a segment on that NSA listening post on Oahu. Not a whole lot of actual information. "We're in office building, in a pineapple field, on Oahu...." And part of i...
Germany Talking about Banning End-to-End Encryption
Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. Cory...
German SG-41 Encryption Machine Up for Auction
A German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros...
Thangrycat: A Serious Cisco Vulnerability
Summary: Thangrycat is caused by a series of hardware design flaws within Cisco's Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module TAm is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and...
Visiting the NSA
Yesterday, I visited the NSA. It was Cyber Command's birthday, but that's not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. BERKman hewLETT -- get it? We have a web page, but it's badly out of...
Fingerprinting iPhones
This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the...
How Technology and Politics Are Changing Spycraft
Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this...
The Concept of "Return on Data"
This law review article by Noam Kolt, titled "Return on Data," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility U consumers gain and the data D...
Friday Squid Blogging: On Squid Intelligence
Two links. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Why Are Cryptographers Being Denied Entry into the US?
In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. You can listen to his recorded acceptance speech. I've heard of two other...
More Attacks against Computer Automatic Update Systems
Last month, Kaspersky discovered that Asus's live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation. As we mentioned before, ASUS was not the only company used by the attackers. Studyin...
Another Intel Chip Flaw
Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whol...
WhatsApp Vulnerability Fixed
WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn't even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive...
International Spy Museum Reopens
The International Spy Museum has reopened in Washington, DC...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm speaking at the Code for America Summit in Oakland, California on May 30, 2019. I'm speaking on "Securing a World of Physically Capable Computers" at Oxford University on Monday, June 17, 2019. The list is maintained on this pa...
Cryptanalysis of SIMON-32/64
A weird paper was posted on the Cryptology ePrint Archive working link is via the Wayback Machine, claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a...
Reverse Engineering a Chinese Surveillance App
Human Rights Watch has reverse engineered an app used by the Chinese police to conduct mass surveillance on Turkic Muslims in Xinjiang. The details are fascinating, and chilling. Boing Boing post...
Friday Squid Blogging: Cephalopod Appreciation Society Event
Last Wednesday was a Cephalopod Appreciation Society event in Seattle. I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Cryptanalyzing a Pair of Russian Encryption Algorithms
A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014...
Another NSA Leaker Identified and Charged
In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified...
Amazon Is Losing the War on Fraudulent Sellers
Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. Sometimes, these black hat companies brib...
Leaked NSA Hacking Tools
In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's...
Malicious MS Office Macro Creator
Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code via p-code and confuse...
Locked Computers
This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn't talk about is RAM theft. When RAM was expensive, stealing it was a problem...
First Physical Retaliation for a Cyberattack
Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter: CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a buildi...
Protecting Yourself from Identity Theft
I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections,...
Friday Squid Blogging: Squid Skin "Inspires" New Thermal Sheeting
Researchers are making space blankets using technology based on squid skin. Honestly, it's hard to tell how much squid is actually involved in this invention. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...
Cybersecurity for the Public Interest
The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly...
Why Isn't GDPR Being Enforced?
Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of caterin...
On Security Tokens
Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the user needing to verify the site, the site has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of th...
Defending Democracies Against Information Attacks
To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security an...
Stealing Ethereum by Guessing Weak Private Keys
Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here...
Friday Squid Blogging: Toraiz SQUID Digital Sequencer
Pioneer DJ has a new sequencer: the Toraiz SQUID: Sequencer Inspirational Device. The 16-track sequencer is designed around jamming and performance with a host of features to create "happy accidents" and trigger random sequences, modulations and chords. There are 16 RGB pads for playing in your...
Interview of Me in Taiwan
Business Weekly in Taiwan interviewed me. Here's a translation courtesy of Google. It was a surprisingly intimate interview. I hope the Chinese reads better than the translation...
Towards an Information Operations Kill Chain
Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to something called the "cybersecurity kill chain": a way of thinking about cyber defense in terms of disrupting the...
Fooling Automated Surveillance Cameras with Patchwork Color Printout
Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper...
Vulnerability in French Government Tchap Chat App
A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ i...
G7 Comes Out in Favor of Encryption Backdoors
From a G7 meeting of interior ministers in Paris this month, an "outcome document": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when i...
Excellent Analysis of the Boeing 737 Max Software Problems
This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical...
Friday Squid Blogging: New Squid Species off the New Zealand Coast
There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Iranian Cyberespionage Tools Leaked Online
The source code of a set of Iranian cyberespionage tools was leaked online...
New DNS Hijacking Attacks
DNS hijacking isn't new, but this seems to be an attack of unprecedented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the...
A "Department of Cybersecurity"
Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wron...
More on the Triton Malware
FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good -- but older -- article on Triton. We don't know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both...
Vulnerabilities in the WPA3 Wi-Fi Security Protocol
Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...
China Spying on Undersea Internet Cables
Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables: But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony...
Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery
Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...