Friday Squid Blogging: Squid Mural
Large squid mural in the Bushwick neighborhood of Brooklyn.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
John Paul Stevens Was a Cryptographer
I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy.
Identity Theft on the Job Market
Identity theft is getting more subtle: "My job application was withdrawn by someone pretending to be me":
When Mr Fearn applied for a job at the company he didn't hear back.
He said the recruitment team said they'd get back to...
Zoom Vulnerability
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera.
It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app:
This vulnerability allows any website...
Palantir’s Surveillance Service for Law Enforcement
Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people:
The Palantir user guide shows that police can start with almost no information about a person of interest and instantly...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thurdsay, August 8, 2019.
I'm speaking on "Information Security in the Public...
Friday Squid Blogging: When the Octopus and Squid Lost Their Shells
Cephalopod ancestors once had shells. When did they lose them?
With the molecular clock technique, which allowed him to use DNA to map out the evolutionary history of the cephalopods, he found that today's cuttlefish, squids and octopuses began to...
Clickable Endnotes to Click Here to Kill Everybody
In Click Here to Kill Everybody, I promised clickable endnotes. They're finally available.
Presidential Candidate Andrew Yang Has Quantum Encryption Policy
At least one presidential candidate has a policy about quantum computing and encryption.
It has two basic planks. One: fund quantum-resistant encryption standards. (Note: NIST is already doing this.) Two, fund quantum computing. (Unlike many far more pressing computer security...
Resetting Your GE Smart Light Bulb
If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions:
Start with your bulb off for at least 5 seconds.
Turn on for 8 seconds
Turn off...
Details of the Cloud Hopper Attacks
Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported.
The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two...
Cell Networks Hacked by (Probable) Nation-State Attackers
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users:
The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts...
Cardiac Biometric
MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance:
A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing...
Ransomware Recovery Firms Who Secretly Pay Hackers
ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.
Cisco Patches Critical Flaw in Vision Dynamic Signage Director
Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.
Tracked as CVE-2019-1917, the vulnerability was found in the REST...
The Great Hack: the film that goes behind the scenes of the Facebook data scandal
This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
Scotland Yard Twitter and Emails Hacked
London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages.
read more
Browser Extensions Scraped Data From Millions of People
Slack passwords, NSO spyware, and more of the week's top security news.
Hackers breach FSB contractor, expose Tor deanonymization project and more
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
