Modern Mass Surveillance: Identify, Correlate, Discriminate
Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban...
Smartphone Election in Washington State
This year:
King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company...
Friday Squid Blogging: More on the Giant Squid’s DNA
Following on from last week's post, here's more information on sequencing the DNA of the giant squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my...
Technical Report of the Bezos Phone Hack
Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.
...investigators set up a secure lab to examine the phone and its...
Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained
This is new from Reuters:
More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one...
Half a Million IoT Device Passwords Published
It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network:
A hacker has published this week a massive list of Telnet credentials for...
Brazil Charges Glenn Greenwald with Cybercrimes
Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking:
Citing intercepted messages between Mr....
SIM Hijacking
SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security...
Clearview AI and Facial Recognition
The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos.
His tiny company,...
Friday Squid Blogging: Giant Squid Genome Analyzed
This is fantastic work:
In total, the researchers identified approximately 2.7 billion DNA base pairs, which is around 90 percent the size of the human genome. There's nothing particularly special about that size, especially considering that the axolotl genome is...
Securing Tiffany’s Move
Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.
Critical Windows Vulnerability Discovered by NSA
Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library.
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.
An attacker could exploit the vulnerability by using a...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I'm speaking at Indiana University Bloomington on January 30, 2020.
I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll...
5G Security
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to...
Artificial Personas and Public Discourse
Presidential-campaign season is officially, officially, upon us now, which means it's time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: Artificial personas are coming, and they're...
DEF CON China conference put on hold due to coronavirus outbreak
DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates
We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...
Average Ransomware Payments More Than Doubled in Q4 2019
Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable
Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...
One Small Fix Would Curb Stingray Surveillance
The technology needed to limit stingrays is clear—but good luck getting telecoms on board.
