China Closing Its Squid Spawning Grounds
China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce.
This is the first time China has voluntarily imposed a closed season on the high...
EFF’s 30th Anniversary Livestream
It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT.
There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to...
Business Email Compromise (BEC) Criminal Ring
A criminal group called Cosmic Lynx seems to be based in Russia:
Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior...
Traffic Analysis of Home Security Cameras
Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home.
News article.
Slashdot thread.
Half a Million IoT Passwords Leaked
It is amazing that this sort of thing can still happen:
...the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or...
IoT Security Principles
The BSA -- also known as the Software Alliance, formerly the Business Software Alliance -- is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things."
They call for:Distinguishing between consumer and...
ThiefQuest Ransomware for the Mac
There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected:
For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in...
Friday Squid Blogging: Strawberry Squid
Pretty.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Hacked by Police
French police hacked EncroChat secure phones, which are widely used by criminals:
Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to...
The Security Value of Inefficiency
For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient....
Securing the International IoT Supply Chain
Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security...
Android Apps Stealing Facebook Credentials
Google has removed 25 Android apps from its store because they steal Facebook credentials:
Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times.
The malicious apps were developed by the same threat group and despite...
iPhone Apps Stealing Clipboard Data
iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information.
While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS...
Friday Squid Blogging: Fishing for Jumbo Squid
Interesting article on the rise of the jumbo squid industry as a result of climate change.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog...
The Unintended Harms of Cybersecurity
Interesting research: "Identifying Unintended Harms of Cybersecurity Countermeasures":
Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be...
Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection
Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.
15 Billion Stolen Logins Are Circulating on the Dark Web
Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily
Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...
Is TikTok Seriously Dangerous—Do You Need To Delete It?
Here's the reality behind all the headlines...
iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations
The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.
