2979 matches found
Water Utility Infected by Cryptocurrency Mining Software
A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I've seen it infect SCADA systems, though. It seems that this mining software is...
Cabinet of Secret Documents from Australia
This story of leaked Australian government secrets is unlike any other I've heard: It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the...
Poor Security at the UK National Health Service
The Guardian is reporting that "every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required." This is the same NHS that was debilitated by WannaCry. EDITED TO ADD 2/13: More news. And don't think that US hospitals are much better...
Sensitive Super Bowl Security Documents Left on an Airplane
A CNN reporter found some sensitive -- but, technically, not classified -- documents about Super Bowl security in the front pocket of an airplane seat...
Friday Squid Blogging: Kraken Pie
Pretty, but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Signed Malware
Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's...
Jackpotting Attacks Against US ATMs
Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside. The Secret Service alert explains that the...
Israeli Scientists Accidentally Reveal Classified Information
According to this story non-paywall English version here, Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the...
After Section 702 Reauthorization
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U...
Subway Elevators and Movie-Plot Threats
Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awf...
Locating Secret Military Bases via Fitness Data
In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. New...
Estimating the Cost of Internet Insecurity
It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples":...
Friday Squid Blogging: Squid that Mate, Die, and Then Sink
The mating and death characteristics of some squid are fascinating. Research paper. EDITED TO ADD 2/5: Additional info and photos. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
The Effects of the Spectre and Meltdown Vulnerabilities
On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched -- at least to...
WhatsApp Vulnerability
A new vulnerability in WhatsApp has been discovered: ...the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the...
Detecting Drone Surveillance with Traffic Analysis
This is clever: Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They fir...
New Malware Hijacks Cryptocurrency Mining
This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the...
Skygofree: New Government Malware for Android
Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was...
Dark Caracal: Global Espionage Malware from Lebanon
The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting...
Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated
The New Zealand home of the colossal squid exhibit is behind renovated. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Security Breaches Don't Affect Stock Price
Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to...
Student Cracks Inca Knot Code
Interesting...
Article from a Former Chinese PLA General on Cyber Sovereignty
Interesting article by Major General Hao Yeli, Chinese People's Liberation Army ret., a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the...
Jim Risen Writes about Reporting Government Secrets
Jim Risen writes a long and interesting article about his battles with the US government and the New York Times to report government secrets...
Fighting Ransomware
No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee...
Friday Squid Blogging: Japanese "Dude Food" Includes Squid
This seems to be a trend. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
XKCD's Smartphone Security System
Funny...
Facial Recognition Is Coming to Retail
Summary article...
Fingerprinting Digital Documents
In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files...
Yet Another FBI Proposal for Insecure Communications
Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private...
Susan Landau's New Book: Listening In
Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how la...
Cybersecurity and the 2017 US National Security Strategy
Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan...
Daniel Miessler on My Writings about IoT Security
Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything i...
NSA Morale
The Washington Post is reporting that poor morale at the NSA is causing a significant talent shortage. A November New York Times article said much the same thing. The articles point to many factors: the recent reorganization, low pay, and the various leaks. I have been saying for a while that the...
Tourist Scams
A comprehensive list. Most are old and obvious, but there are some clever variants...
Friday Squid Blogging: How the Optic Lobe Controls Squid Camouflage
Experiments on the oval squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Spectre and Meltdown Attacks Against Microprocessors
The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the...
New Book Coming in September: "Click Here to Kill Everybody"
My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE. The table of contents has changed since I last blogged about this, and ...
Detecting Adblocker Blockers
Interesting research on the prevalence of adblock blockers: "Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis": Abstract: Millions of people use adblockers to remove intrusive and malicious ads as well as protect themselves against tracking and pervasive surveillance...
Spectre and Meltdown Attacks
After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute cod...
Tamper-Detection App for Android
Edward Snowden and Nathan Freitas have created an Android app that detects when it's being tampered with. The basic idea is to put the app on a second phone and put the app on or near something important, like your laptop. The app can then text you -- and also record audio and video -- when...
Fake Santa Surveillance Camera
Reka makes a "decorative Santa cam," meaning that it's not a real camera. Instead, it just gets children used to being under constant surveillance. Our Santa Cam has a cute Father Christmas and mistletoe design, and a red, flashing LED light which will make the most logical kids suspend their...
Security Vulnerabilities in Star Wars
A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone...
Friday Squid Blogging: Squid Populations Are Exploding
New research: "Global proliferation of cephalopods" Summary: Human activities have substantially changed the world's oceans in recent decades, altering marine food webs, habitats and biogeochemical processes. Cephalopods squid, cuttlefish and octopuses have a unique set of biological traits,...
Profile of Reality Winner
New York Magazine published an excellent profile of the single-document leaker Reality Winner...
The "Extended Random" Feature in the BSAFE Crypto Library
Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUALECPRNG random number generator to weaken TLS...
Post-Quantum Algorithms
NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. Details of the NIST efforts are here. A timeline for the new algorithms is here...
Acoustical Attacks against Hard Drives
Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs": Abstract: Among storage components, hard disk drives HDDs have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and...
"Santa Claus is Coming to Town" Parody
Funny...
Friday Squid Blogging: Gonatus Squid Eating a Dragonfish
There's a video: Last July, Choy was on a ship off the shore of Monterey Bay, looking at the video footage transmitted by an ROV many feet below. A Gonatus squid was spotted sucking off the face of a "really huge dragonfish," she says. "It took a little while to figure out what's going on here,...