Friday Squid Blogging: Squid Lollipops
Two squid lollipops, handmade by Shinri Tezuka.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Evaluating the GCHQ Exceptional Access Proposal
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBIand some of their peer agencies in the U.K., Australia, and elsewhereargue that the pervasive use of civilian encryption is hampering their ability to solve...
Prices for Zero-Day Exploits Are Rising
Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications:
On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click...
El Chapo’s Encryption Defeated by Turning His IT Consultant
Impressive police work:
In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during...
Alex Stamos on Content Moderation and Security
Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off -- which would be more profitable for them and bad for...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019.
I'm speaking at the Munich Cyber Security Conference (MCSC) on February 14, 2019.The list...
Why Internet Security Is So Bad
I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue.
This is true, and is something I worry will change in a world...
Friday Squid Blogging: New Giant Squid Video
This is a fantastic video of a young giant squid named Heck swimming around Toyama Bay near Tokyo.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read...
Using a Fake Hand to Defeat Hand-Vein Biometrics
Nice work:
One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting...
Security Vulnerabilities in Cell Phone Systems
Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them.
So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron...
EU Offering Bug Bounties on Critical Open-Source Software
The EU is offering "bug bounties on Free Software projects that the EU institutions rely on."
Slashdot thread.
Machine Learning to Detect Software Vulnerabilities
No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don't know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders and the...
New Attack Against Electrum Bitcoin Wallets
This is clever:
How the attack works:
Attacker added tens of malicious servers to the Electrum wallet network.
Users of legitimate Electrum wallets initiate a Bitcoin transaction.
If the transaction reaches one of the malicious servers, these servers reply with an error message...
Friday Squid Blogging: The Future of the Squid Market
It's growing.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Podcast Interview with Eva Gaperon
Nice interview with the EFF's director of cybersecurity, Eva Gaperon.
Websites can steal browser data via extensions APIs
Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
6 Reasons We Need to Boost Cybersecurity Focus in 2019
Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency
Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information as well...
DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week
Trump dominated security headlines this week, but there's plenty of other news to catch up on.
Bulgaria Extradites Russian Hacker to US: Embassy
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.
read more
