Detecting Deep Fakes with a Heartbeat
Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face:
In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...
Negotiating with Ransomware Gangs
Really interesting conversation with someone who negotiates with ransomware gangs:
For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy...
Hacking a Coffee Maker
As expected, IoT devices are filled with vulnerabilities:
As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After...
On Executive Order 12333
Mark Jaycox has written a long article on the US Executive Order 12333: “No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333“:
Abstract: Executive Order 12,333 (“EO 12333”) is a 1980s Executive Order signed...
Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging
I thought the virus doesn’t survive well on food packaging:
Authorities in China’s northeastern Jilin province have found the novel coronavirus on the packaging of imported squid, health authorities in the city of Fuyu said on Sunday, urging anyone who...
CEO of NS8 Charged with Securities Fraud
The founder and CEO of the Internet security company NS8 has been arrested and “charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud.”
I admit that I’ve...
Iranian Government Hacking Android
The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group:
The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought...
Documented Death from a Ransomware Attack
A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city.
I think this is the first documented case of a cyberattack causing a fatality. UK hospitals had...
Interview with the Author of the 2000 Love Bug Virus
No real surprises, but we finally have the story.
The story he went on to tell is strikingly straightforward. De Guzman was poor, and internet access was expensive. He felt that getting online was almost akin to a human right...
Amazon Delivery Drivers Hacking Scheduling System
Amazon drivers — all gig workers who don’t work for the company — are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are:
The phones in trees...
Former NSA Director Keith Alexander Joins Amazon’s Board of Directors
This sounds like a bad idea.
Friday Squid Blogging: Nano-Sized SQUIDS
SQUID news:
Physicists have developed a small, compact superconducting quantum interference device (SQUID) that can detect magnetic fields. The team l focused on the instrument’s core, which contains two parallel layers of graphene.
As usual, you can also use this squid...
Nihilistic Password Security Questions
Posted three years ago, but definitely appropriate for the times.
Matt Blaze on OTP Radio Stations
Matt Blaze discusses an interesting mystery about a Cuban one-time-pad radio station, and a random number generator error that probably helped arrest a pair of Russian spies in the US.
New Bluetooth Vulnerability
There’s a new unpatched Bluetooth vulnerability:
The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two...
#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams
#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams
IT and security teams must learn how to navigate to uncertain environments in order to build lasting resilience, according to Jordan Schroeder, deputy MD & managing CISO at Hefestis, speaking...
InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices
IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...
Huawei’s UK code reviewers say the company is still crap at basic software security
Last year telcos scrambled to plug 'critical user-facing vuln' in Chinese network kit UK.gov security researchers examining Huawei source code have so far verified just eight firmware binaries out of more than 60 used across Britain's mobile phone networks,...
With API attacks rising, Cloudflare launches a free API security tool
Claudflare launches API Shield, a new service to protect web APIs against attacks.
Integrating Security Awareness Training Into Employee Onboarding
Training your team on security awareness is an essential part of a successful security program. And, new employee onboarding is an optimal time to introduce your staff to your security best practices.
This is in large part due to the...
