Friday Squid Blogging: Squid Sculptures
Pretty.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Mailing Tech Support a Bomb
I understand his frustration, but this is extreme:
When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb or, rather, two pipe bombs, which is what investigators found when they picked apart the...
Hidden Cameras in Streetlights
Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.
According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since...
Chip Cards Fail to Reduce Credit Card Fraud in the US
A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals.
The reasons seem to be twofold. One, the US...
More Spectre/Meltdown-Like Attacks
Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start:
It shouldn't be surprising that microprocessor designers...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018.
I'm appearing on IBM Resilient's End of Year Review webinar on "The Top Cyber Security...
Oracle and "Responsible Disclosure"
I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software vendors. Researchers agree to withhold their work until software companies fix the vulnerabilities, and software...
New IoT Security Regulations
Due to ever-evolving technological advances, manufacturers are connecting consumer goods -- from toys to lightbulbs to major appliances -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.
The Internet of Things...
Hiding Secret Messages in Fingerprints
This is a fun steganographic application: hiding a message in a fingerprint image.
Can't see any real use for it, but that's okay.
Friday Squid Blogging: Australian Fisherman Gets Inked
Pretty good video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
The Pentagon is Publishing Foreign Nation-State Malware
This is a new thing:
The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain...
Privacy and Security of Data at Universities
Interesting paper: "Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier," by Christine Borgman:
Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways...
iOS 12.1 Vulnerability
This is really just to point out that computer security is really hard:
Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to...
Consumer Reports Reviews Wireless Home-Security Cameras
Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras.
It found significant security vulnerabilities in D-Link cameras:
In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead,...
Security of Solid-State-Drive Encryption
Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)":
Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar...
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week
Safer browsing, more bitcoin scams, and the rest of the week's top security news.
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
Machine Learning Can Create Fake ‘Master Key’ Fingerprints
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
