Month: May 2019

How Technology and Politics Are Changing Spycraft

Posted on By infossl
cellphones, espionage, nationalsecuritypolicy, privacy, Security technology, surveillance

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this automatic. Meanwhile, Western countries have new laws and norms that put them at a … Read More “How Technology and Politics Are Changing Spycraft” »

The Concept of “Return on Data”

Posted on By infossl
academicpapers, datacollection, dataprotection, economicsofsecurity, privacy, Security technology

This law review article by Noam Kolt, titled “Return on Data,” proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply — “return on data” (ROD) — … Read More “The Concept of “Return on Data”” »

Why Are Cryptographers Being Denied Entry into the US?

Posted on By infossl
borders, cryptography, nationalsecuritypolicy, Security technology, securityconferences

In March, Adi Shamir — that’s the “S” in RSA — was denied a US visa to attend the RSA Conference. He’s Israeli. This month, British citizen Ross Anderson couldn’t attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I’ve heard of two other prominent cryptographers … Read More “Why Are Cryptographers Being Denied Entry into the US?” »

More Attacks against Computer Automatic Update Systems

Posted on By infossl
games, insiders, malware, Security technology, southkorea, supplychain

Last month, Kaspersky discovered that Asus’s live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation. As we mentioned before, ASUS was not the only company used by the attackers. Studying this case, our experts found other samples that … Read More “More Attacks against Computer Automatic Update Systems” »

Another Intel Chip Flaw

Posted on By infossl
hardware, intel, Security technology, vulnerabilities

Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whole bunch more have just been discovered. I don’t think we’re finished yet. A … Read More “Another Intel Chip Flaw” »

WhatsApp Vulnerability Fixed

Posted on By infossl
attribution, exploits, patching, Security technology, vulnerabilities, whatsapp

WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn’t even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof. If you use WhatsApp, update your … Read More “WhatsApp Vulnerability Fixed” »