Informations about SSL certificates and networks security
Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board … Read More “NTSB Investigation of Fatal Driverless Car Accident” »
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because — as generally happens — they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC’s video surveillance cameras a week before … Read More “Identifying and Arresting Ransomware Criminals” »
Interesting: Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible — and sometimes invisible — commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works … Read More “Fooling Voice Assistants with Lasers” »
The headline gives the story: “An 80-Foot Steel Kraken Will Create an Artificial Coral Reef Near the British Virgin Islands.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
xHelper is not interesting because of its infection mechanism; the user has to side-load an app onto his phone. It’s not interesting because of its payload; it seems to do nothing more than show unwanted ads. it’s interesting because of its persistence: Furthermore, even if users spot the xHelper service in the Android operating system’s … Read More “xHelper Malware for Android” »
Fireeye reports on a Chinese-sponsored espionage effort to eavesdrop on text messages: FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 … Read More “Eavesdropping on SMS Messages inside Telco Networks” »
This is a fascinating article about a bait-and-switch Airbnb fraud. The article focuses on one particular group of scammers and how they operate, using the fact that Airbnb as a company doesn’t do much to combat fraud on its platform. But I am more interested in how the fraudsters essentially hacked the complex sociotechnical system … Read More “Details of an Airbnb Fraud” »
This essay discusses the futility of opting out of surveillance, and suggests data obfuscation as an alternative. We can apply obfuscation in our own lives by using practices and technologies that make use of it, including: The secure browser Tor, which (among other anti-surveillance technologies) muddles our Internet activity with that of other Tor users, … Read More “Obfuscation as a Privacy Tool” »
Tom’s Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own — and their neighbors’ — electronic devices are doing. Elliott, a researcher at Boston-based security company Veracode, showed that an inexpensive USB dongle … Read More “Homemade TEMPEST Receiver” »
Research paper: “Triassic Kraken: The Berlin Ichthyosaur Death Assemblage Interpreted as a Giant Cephalopod Midden“: Abstract: The Luning Formation at Berlin Ichthyosaur State Park, Nevada, hosts a puzzling assemblage of at least 9 huge (≤14 m) juxtaposed ichthyosaurs (Shonisaurus popularis). Shonisaurs were cephalopod eating predators comparable to sperm whales (Physeter). Hypotheses presented to explain the … Read More “Friday Squid Blogging: Triassic Kraken” »