Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city’s systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs had departed in the previous four years either through firings or forced resignations.
Continue reading “After ransomware took Baltimore hostage, Maryland introduces legislation that bans disclosing the bugs ransomware exploits”
Tag: security
Forensics team accuses Prince Bone Saw of hacking Jeff Bezos’s phone to obtain kompromat and force Washington Post silence on Khashoggi
When Jeff Bezos accused the National Enquirer of blackmailing him over personal messages he sent to his lover while married to his then-wife, many pointed the finger at his lover’s brother, noted asshole Michael Sanchez, suggesting Sanchez received $200,000 from the Enquirer for stealing the data from his sister’s phone — but Bezos’s own investigative team said that they suspected an unspecified government actor had played a role in the leak.
Continue reading “Forensics team accuses Prince Bone Saw of hacking Jeff Bezos’s phone to obtain kompromat and force Washington Post silence on Khashoggi”
Carriers ignore studies that show they suck at preventing SIM-swap attacks
Now that many online services rely on sending SMSes to your phone to authenticate your identify, thieves and stalkers have created a whole “SIM swap” industry where they defraud your phone company or bribe employees to help them steal your phone account so they can break into all your other accounts.
Continue reading “Carriers ignore studies that show they suck at preventing SIM-swap attacks”
Schneier: “It’s really too late to secure 5G networks”
Bruce Schneier’s Foreign Policy essay in 5G security argues that we’re unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein “near-term corporate profits prevailed against broader social good.”
Continue reading “Schneier: “It’s really too late to secure 5G networks””
A profile of Cliff “Cuckoo’s Egg” Stoll, a pioneering “hacker hunter”
Cliff Stoll (previously) is a computing legend: his 1989 book The Cuckoo’s Egg tells the story of how he was drafted to help run Lawrence Berkeley Lab’s computers (he was a physicist who knew a lot about Unix systems), and then discovered a $0.75 billing discrepancy that set him on the trail of East German hackers working for the Soviet Union, using his servers as a staging point to infiltrate US military networks.
Continue reading “A profile of Cliff “Cuckoo’s Egg” Stoll, a pioneering “hacker hunter””
Idiotic security mistakes in smart conferencing gear allows hackers to spy on board rooms, steal presentations
Dten is a “certified hardware provider” for Zoom, making smart screens and whiteboards for videoconferencing; a Forescout Research report reveals that Dten committed a string of idiotic security blunders in designing its products, exposing its customers to video and audio surveillance, as well as theft of presentations and whiteboard data.
Continue reading “Idiotic security mistakes in smart conferencing gear allows hackers to spy on board rooms, steal presentations”
Happy 10th birthday, TAILS — the real Paranoid Linux!
In my 2008 novel Little Brother, the underground resistance uses a secure operating system called “Paranoid Linux” that is designed to prevent surveillance and leave no evidence of its use; that was fiction, but there’s a real Paranoid Linux out there: Tails, The Amnesic Incognito Live System, and it turns 10 today.
Continue reading “Happy 10th birthday, TAILS — the real Paranoid Linux!”
Nulledcast: a podcast where hackers play live audio of themselves breaking into Ring cameras and tormenting their owners
Nulledcast is a realtime podcast streamed on a Discord channel for the hacking forum Nulled: the hosts break into Ring and Nest cameras in realtime, blare sirens at the owners, then torment them with insults and racist slurs, livestreaming their responses to hundreds of listeners.
Continue reading “Nulledcast: a podcast where hackers play live audio of themselves breaking into Ring cameras and tormenting their owners”
Family puts Ring camera in children’s room, discovers that hacker is watching their kids 24/7, taunting them through the speaker
A family in DeSoto County, Mississippi, bought a Ring security camera so they could keep an eye on their three young girls in their bedroom. Four days later, they learned that a hacker had broken into the camera and subjected their children to continuous bedroom surveillance, taunting the children through the camera’s built-in speaker.
Amazon’s Ring surveillance doorbell leaks its customers’ home addresses, linked to their doorbell videos
Evan from Fight for the Future writes, “A new investigation from Gizmodo just revealed that anyone, anywhere can get geographic coordinates of Ring devices from Amazon’s Neighbors App. Not only can someone find out where users live, they can use footage to track bystanders, locate children, and monitor people going into buildings, like clinics, for private appointments. Amazon sells these devices under the guise of keeping us safe. They’re lying. Their surveillance devices and network puts us all in danger. We need lawmakers to fully investigate the threats associated with Amazon’s dragnet and its impact on our privacy, security, and civil liberties. Fight for the Future has launched a campaign calling for Congress to investigate Amazon’s surveillance practices. You can add your name here.” (Image: Dan Calacci/MIT)