January 2020 – Page 2 – SSL and internet security news

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

January 23, 2020 infossl

apple, backups, cloudcomputing, cybercrime, encryption, fbi, Security technology

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple … Read More “Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained” »

Half a Million IoT Device Passwords Published

January 22, 2020 infossl

botnets, internetofthings, leaks, passwords, Security technology

It’s a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices. The list, … Read More “Half a Million IoT Device Passwords Published” »

Brazil Charges Glenn Greenwald with Cybercrimes

January 21, 2020 infossl

brazil, cellphones, chelseamanning, cybercrime, hacking, Security technology

Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking: Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a “clear role in facilitating the … Read More “Brazil Charges Glenn Greenwald with Cybercrimes” »

SIM Hijacking

January 21, 2020 infossl

academicpapers, authentication, cellphones, fraud, Security technology, simcards, smartphones, usability

SIM hijacking — or SIM swapping — is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. … Read More “SIM Hijacking” »

Clearview AI and Facial Recognition

January 20, 2020 infossl

artificialintelligence, facerecognition, lawenforcement, police, privacy, Security technology, surveillance

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, … Read More “Clearview AI and Facial Recognition” »

Friday Squid Blogging: Giant Squid Genome Analyzed

January 17, 2020 infossl

Security technology, squid

This is fantastic work: In total, the researchers identified approximately 2.7 billion DNA base pairs, which is around 90 percent the size of the human genome. There’s nothing particularly special about that size, especially considering that the axolotl genome is 10 times larger than the human genome. It’s going to take some time to fully … Read More “Friday Squid Blogging: Giant Squid Genome Analyzed” »

Securing Tiffany’s Move

January 16, 2020 infossl

auditing, physicalsecurity, police, Security technology

Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police. Powered by WPeMatico

Critical Windows Vulnerability Discovered by NSA

January 15, 2020 infossl

certificates, cryptography, encryption, exploits, maninthemiddleattacks, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Yesterday’s Microsoft Windows patches included a fix for a critical vulnerability in the system’s crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was … Read More “Critical Windows Vulnerability Discovered by NSA” »

Artificial Personas and Public Discourse

January 13, 2020 infossl

algorithms, artificialintelligence, botnets, deepfake, disinformation, essays, propaganda, Security technology, socialengineering, socialmedia, voting

Presidential campaign season is officially, officially, upon us now, which means it’s time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: artificial personas are coming, and they’re poised to take over political debate. The risk arises from two separate threads coming together: … Read More “Artificial Personas and Public Discourse” »

Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta

January 10, 2020 infossl

Security technology, squid

A Croatian recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico