Informations about SSL certificates and networks security
According to this story (non-paywall English version here), Israeli scientists released some information to the public they shouldn’t have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the information was copied and is found on a number of platforms. … Read More “Israeli Scientists Accidentally Reveal Classified Information” »
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We’ve just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law. Section 702 was initially passed in 2008, as an … Read More “After Section 702 Reauthorization” »
Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There’s no actual threat analysis, only fear: “The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awful to … Read More “Subway Elevators and Movie-Plot Threats” »
In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. News article. Powered by WPeMatico
It’s really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I’ve seen at trying to put a number on this. The results are, well, all over the map: “Estimating the Global Cost of Cyber Risk: Methodology and Examples“: Abstract: … Read More “Estimating the Cost of Internet Insecurity” »
The mating and death characteristics of some squid are fascinating. Research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors’ manufacturers, and patched — at least to the extent possible. This news isn’t really any different from the usual endless stream … Read More “The Effects of the Spectre and Meltdown Vulnerabilities” »
A new vulnerability in WhatsApp has been discovered: …the researchers unearthed far more significant gaps in WhatsApp’s security: They say that anyone who controls WhatsApp’s servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Matthew Green has a good … Read More “WhatsApp Vulnerability” »
This is clever: Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject — a window, … Read More “Detecting Drone Surveillance with Traffic Analysis” »
This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually … Read More “New Malware Hijacks Cryptocurrency Mining” »