Wednesday, August 31, 2016
Dropbox employee’s password reuse led to theft of 60M+ user credentials Kate Conger, reporting at TechCrunch: Dropbox disclosed in 2012 that an employee’s password was acquired and used to access a document with email addresses, but did not disclose that passwords were also acquired in the theft. …Monday, March 7, 2016
Apple users targeted in first known Mac ransomware campaign Jim Finkle reports for Reuters: Hackers infected Macs through a tainted copy of a popular program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog …Monday, October 19, 2015
China hack attacks on US continue despite commercial spying pact If this surprises you, I’ve got a real-life, fully functional totally Back to the Future hoverboard to sell you…Wednesday, October 14, 2015
Hackers Can Silently Control Siri From 16 Feet Away Well this is concerning: A pair of researchers at ANSSI, a French government agency devoted to information security, have shown that they can use radio waves to silently trigger voice commands on any Android phone or iPhone that has Google Now or …Tuesday, April 8, 2014
Heartbleed: When no encryption is better than bad encryptionAlex Hern reports for The Guardian this disturbing fact about the recently disclosed OpenSSL bug, now two years old and pervasive: servers vulnerable to Heartbleed are less secure than they would be if they simply had no encryption at all. …Wednesday, May 8, 2013
Obama May Back F.B.I. Plan to Wiretap Web UsersCharlie Savage of The New York Times: the new proposal focuses on strengthening wiretap orders issued by judges. Currently, such orders instruct recipients to provide technical assistance to law enforcement agencies, leaving wiggle room for companies …Monday, April 1, 2013
China is very serious about cyberespionageGoogle apologists like myself often answer concerns that the search-and-advertising giant can scan your email with something like “yes, but they’re doing it with robots and scrubbing it clean of all identifying information.” China, however, is not so …Saturday, February 23, 2013
Facebook is buying your loyalty card historyCotton Delo of Ad Age: The targeting would hypothetically enable Coca-Cola to target to teenagers who’ve bought soda in the last month, or Pampers to show ads to North Carolina residents who’ve recently bought baby products, since Facebook’s own array of …Thursday, January 10, 2013
US suspects Iran behind DDoS attacks on banksThese look a lot like “feeler” operations, meant to gauge the reaction attackers can expect from victim institutions and nations. The United States (read: Congress) must act immediately to ensure that we’re ready when attackers stop slowing down or …Monday, January 7, 2013
Keycard: A neat little Mac app that secures your computer by detecting the proximity of your mobile device - The Next WebMatt Brian writing at The Next Web: In our tests, I had mixed results. Initially, my iPhone continued to remain in range, meaning that if I was to walk around the office or …Wednesday, December 19, 2012
Tor: An Anonymous, And Controversial, Way to Web-SurfTor gets a headline at WSJ.com.Sunday, December 9, 2012
96.36 billion cyberattacks against the US Navy each yearThe Next Web's Emil Protalinski, quoting HP's head of enterprise services Mikle Nefkens: “This means the attacks average out at about 1,833 per minute or 30 every second.” Those figures are simply astonishing. Extrapolating the other way, it …Thursday, November 8, 2012
Twitter and Two-Factor AuthenticationTwo-factor authentication is a pain in the ass. Just ask my Google account or my Dropbox account. But it’s a no-brainer. Savvy users will flock to it, seeing the value in the headache. Less-than-savvy users don’t need to be forced into it, but Twitter is as good …Monday, October 22, 2012
Sloppy SSL implementation begets Android app vulnerabilitiesDan Goodin at Ars Technica explains how researchers found that 8% of apps in a 13,500-app sample were susceptible to man-in-the-middle attacks. Hopefully developers will revisit their SSL implementations or, better yet, Google will update …Thursday, October 18, 2012
Wireless attack could fatally turn pacemakers against patientsPatrick Gray, writing at The Register: Jack also warned of a worst-case scenario in which a worm could infect multiple devices, spreading from patient to patient, re-flashing the devices with malicious code as it foes. This code could be …Thursday, October 18, 2012
White House review: no active spying by HuaweiJoseph Menn, quoting an anonymous source for Reuters: We knew certain parts of government really wanted” evidence of active spying, said one of the people, who requested anonymity. “We would have found it if it were there. I don’t know enough about …Wednesday, September 19, 2012
Virgin Mobile USA’s inadequate response to a good-faith vulnerability disclosureDeveloper Kevin Burke describes in damning detail how easy it is to brute force Virgin Mobile USA account PINs, as well as the company’s incompetent and opaque handling of the situation.