There’s a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong? Powered by WPeMatico
Month: February 2020
This hack was possible because the McDonald’s app didn’t authenticate the server, and just did whatever the server told it to do: McDonald’s receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, … Read More “Hacking McDonald’s for Free Food” »
This paper describes the flaws in the Voatz Internet voting app: “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.” Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their … Read More “Voatz Internet Voting App Is Insecure” »
More news based on the squid brain MRI scan: the complexity of their brains are comparable to dogs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
The United States is one of the few democracies without some formal data protection agency, and we need one. Senator Gillibrand just proposed creating one. Powered by WPeMatico
Motherboard has a long article on apps — Edison, Slice, and Cleanfox — that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from “personal inboxes,” the document adds. A spokesperson for J.P. Morgan Research, the … Read More “Companies that Scrape Your Email” »
The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. They were owned by the CIA: But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These … Read More “Crypto AG Was Owned by the CIA” »
Last month, engineers at Google published a very curious privacy bug in Apple’s Safari web browser. Apple’s Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the web. When you visit a few websites that happen to load the … Read More “Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug” »
This paper is filled with brain science that I do not understand (news article), but fails to answer what I consider to be the important question: how do you keep a live squid still for long enough to do an MRI scan on them? As usual, you can also use this squid post to talk … Read More “Friday Squid Blogging: An MRI Scan of a Squid’s Brain” »
Ten years ago, I wrote an essay: “Security in 2020.” Well, it’s finally 2020. I think I did pretty well. Here’s what I said back then: There’s really no such thing as security in the abstract. Security can only be defined in relation to something else. You’re secure from something or against something. In the … Read More “Security in 2020: Revisited” »