The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it’s not a big deal. But why in the world is the vacuum equipped with a microphone? Powered by WPeMatico
Month: July 2018
Good policy paper (summary here) on the threats, current state, and potential policy solutions for the poor security of US space systems. Powered by WPeMatico
Interesting research: “You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information,” by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive. Indeed, … Read More “Identifying People by Metadata” »
This is a fantastic video of a squid attracting prey with a tentacle that looks like a smaller squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
According to a new CSIS report, “going dark” is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups. We also commissioned a survey of law … Read More “New Report on Police Digital Forensics Techniques” »
Ross Anderson liveblogged the Third Annual Cybercrime Conference Powered by WPeMatico
Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account access at Google. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” the spokesperson said. “Users might be asked … Read More “Google Employees Use a Physical Token as Their Second Authentication Factor” »
DARPA is funding research into resilient anonymous communications systems. Powered by WPeMatico
Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all … Read More “Major Bluetooth Vulnerability” »
There are some good lessons in this article on financial fraud: That’s how we got it so wrong. We were looking for incidental breaches of technical regulations, not systematic crime. And the thing is, that’s normal. The nature of fraud is that it works outside your field of vision, subverting the normal checks and balances … Read More “On Financial Fraud” »