2959 matches found
Security Breaches Don't Affect Stock Price
Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to...
Student Cracks Inca Knot Code
Interesting...
Article from a Former Chinese PLA General on Cyber Sovereignty
Interesting article by Major General Hao Yeli, Chinese People's Liberation Army ret., a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the...
Jim Risen Writes about Reporting Government Secrets
Jim Risen writes a long and interesting article about his battles with the US government and the New York Times to report government secrets...
Fighting Ransomware
No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee...
Friday Squid Blogging: Japanese "Dude Food" Includes Squid
This seems to be a trend. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
XKCD's Smartphone Security System
Funny...
Facial Recognition Is Coming to Retail
Summary article...
Fingerprinting Digital Documents
In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files...
Yet Another FBI Proposal for Insecure Communications
Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private...
Susan Landau's New Book: Listening In
Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how la...
Cybersecurity and the 2017 US National Security Strategy
Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan...
Daniel Miessler on My Writings about IoT Security
Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything i...
NSA Morale
The Washington Post is reporting that poor morale at the NSA is causing a significant talent shortage. A November New York Times article said much the same thing. The articles point to many factors: the recent reorganization, low pay, and the various leaks. I have been saying for a while that the...
Tourist Scams
A comprehensive list. Most are old and obvious, but there are some clever variants...
Friday Squid Blogging: How the Optic Lobe Controls Squid Camouflage
Experiments on the oval squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Spectre and Meltdown Attacks Against Microprocessors
The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the...
New Book Coming in September: "Click Here to Kill Everybody"
My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE. The table of contents has changed since I last blogged about this, and ...
Detecting Adblocker Blockers
Interesting research on the prevalence of adblock blockers: "Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis": Abstract: Millions of people use adblockers to remove intrusive and malicious ads as well as protect themselves against tracking and pervasive surveillance...
Spectre and Meltdown Attacks
After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute cod...
Tamper-Detection App for Android
Edward Snowden and Nathan Freitas have created an Android app that detects when it's being tampered with. The basic idea is to put the app on a second phone and put the app on or near something important, like your laptop. The app can then text you -- and also record audio and video -- when...
Fake Santa Surveillance Camera
Reka makes a "decorative Santa cam," meaning that it's not a real camera. Instead, it just gets children used to being under constant surveillance. Our Santa Cam has a cute Father Christmas and mistletoe design, and a red, flashing LED light which will make the most logical kids suspend their...
Security Vulnerabilities in Star Wars
A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone...
Friday Squid Blogging: Squid Populations Are Exploding
New research: "Global proliferation of cephalopods" Summary: Human activities have substantially changed the world's oceans in recent decades, altering marine food webs, habitats and biogeochemical processes. Cephalopods squid, cuttlefish and octopuses have a unique set of biological traits,...
Profile of Reality Winner
New York Magazine published an excellent profile of the single-document leaker Reality Winner...
The "Extended Random" Feature in the BSAFE Crypto Library
Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUALECPRNG random number generator to weaken TLS...
Post-Quantum Algorithms
NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. Details of the NIST efforts are here. A timeline for the new algorithms is here...
Acoustical Attacks against Hard Drives
Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs": Abstract: Among storage components, hard disk drives HDDs have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and...
"Santa Claus is Coming to Town" Parody
Funny...
Friday Squid Blogging: Gonatus Squid Eating a Dragonfish
There's a video: Last July, Choy was on a ship off the shore of Monterey Bay, looking at the video footage transmitted by an ROV many feet below. A Gonatus squid was spotted sucking off the face of a "really huge dragonfish," she says. "It took a little while to figure out what's going on here,...
Amazon's Door Lock Is Amazon's Bid to Control Your Home
Interesting essay about Amazon's smart lock: When you add Amazon Key to your door, something more sneaky also happens: Amazon takes over. You can leave your keys at home and unlock your door with the Amazon Key app -- but it's really built for Amazon deliveries. To share online access with family...
Security Vulnerability in Apple's HomeKit
The story of the recent vulnerability in Apple's HomeKit...
Details on the Mirai Botnet Authors
Brian Krebs has a long article on the Mirai botnet authors, who pled guilty...
GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability
Now this is good news. The UK's National Cyber Security Centre NCSC -- part of GCHQ -- found a serious vulnerability in Windows Defender their anti-virus component. Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too...
Lessons Learned from the Estonian National ID Security Flaw
Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be...
Friday Squid Blogging: Baby Sea Otters Prefer Shrimp to Squid
At least, this one does. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Tracking People Without GPS
Interesting research: The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can...
Security Planner
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I...
Friday Squid Blogging: Fake Squid Seized in Cambodia
Falsely labeled squid snacks were seized in Cambodia. I don't know what food product it really was. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Mozilla's Guide to Privacy-Aware Christmas Shopping
Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more...
Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement
The security researchers at Princeton are posting You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, an...
Amazon Creates Classified US Cloud
Amazon has a cloud for US classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it...
Vulnerability in Amazon Key
Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don't abuse their one-time access privilege. Cloud Cam has been hacked: But now security...
Friday Squid Blogging: Peru and Chile Address Squid Overfishing
Peru and Chile have a new plan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
New White House Announcement on the Vulnerability Equities Process
The White House has released a new version of the Vulnerabilities Equities Process VEP. This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You...
Motherboard Digital Security Guide
This digital security guide by Motherboard is very good. I put alongside EFF's "Surveillance Self-Defense" and John Scott-Railton's "Digital Security Low Hanging Fruit." There's also "Digital Security and Privacy for Human Rights Defenders." There are too many of these...
Apple FaceID Hacked
It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlockin...
Long Article on NSA and the Shadow Brokers
The New York Times just published a long article on the Shadow Brokers and their effects on NSA operations. Summary: it's been an operational disaster, the NSA still doesn't know who did it or how, and NSA morale has suffered considerably. This is me on the Shadow Brokers from last May...
Google's Data on Login Thefts
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers...
Friday Squid Blogging: Squid Season May Start Earlier Next Year
Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...