eff, microsoft, privacy, Security technology, windows
The EFF has a good analysis of all the ways Windows 10 violates your privacy. Powered by WPeMatico
Month: August 2016
academicpapers, Security technology, securityawareness, securitypolicies
fMRI experiments show that we are more likely to ignore security warnings when they interrupt other tasks. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing haphazardly — while people are typing, watching a video, uploading files, etc. — results in up to 90 percent … Read More “Research on the Timing of Security Warnings” »
Security technology
Now’s your chance…. Powered by WPeMatico
Security technology, squid
Photo of the cutest squid ever. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico
cars, denialofservice, Security technology
Radio noise from a nearby neon-sign transformer made it impossible for people to unlock their cars remotely. Powered by WPeMatico
hacking, risks, Security technology, securityeducation, voting
Andrew Appel has a good two–part essay on securing elections. And three organizations — Verified Voting, EPIC, and Common Cause — have published a report on the risks of Internet voting. The report is primarily concerned with privacy, and the threats to a secret ballot. Powered by WPeMatico
academicpapers, gametheory, liarsandoutliers, Security technology
If you’ve read my book Liars and Outliers, you know I like the prisoner’s dilemma as a way to think about trust and security. There is an enormous amount of research — both theoretical and experimental — about the dilemma, which is why I found this new research so interesting. Here’s a decent summary: The … Read More “Prisoner's Dilemma Experiment Illustrates Four Basic Phenotypes” »
exploits, gametheory, hacking, leaks, nsa, Security technology
The NSA was badly hacked in 2013, and we’re just now learning about it. A group of hackers called “The Shadow Brokers” claim to have hacked the NSA, and are posting data to prove it. The data is source code from “The Equation Group,” which is a sophisticated piece of malware exposed last year and … Read More “Major NSA/Equation Group Leak” »
academicpapers, authentication, forgery, Security technology, ssh
New research: “Flip Feng Shui: Hammering a Needle in the Software Stack,” by Kaveh Razavi, Ben Gras, Erik Bosman Bart Preneel, Cristiano Giuffrida, and Herbert Bos. Abstract: We introduce Flip Feng Shui (FFS), a new exploitation vector which allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS … Read More “Powerful Bit-Flipping Attack” »
advancedpersistentthreats, airgaps, cyberespionage, dns, malware, Security technology
Both Kaspersky and Symantec have uncovered another piece of malware that seems to be a government design: The malware — known alternatively as “ProjectSauron” by researchers from Kaspersky Lab and “Remsec” by their counterparts from Symantec — has been active since at least 2011 and has been discovered on 30 or so targets. Its ability … Read More “Yet Another Government-Sponsored Malware” »