Here’s a physical-world example of why master keys are a bad idea. It’s a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won’t be fixed anytime soon. Powered by WPeMatico
Author: infossl
Fantastic video: Scientists had used a specialized camera system developed by Widder called the Medusa, which uses red light undetectable to deep sea creatures and has allowed scientists to discover species and observe elusive ones. The probe was outfitted with a fake jellyfish that mimicked the invertebrates’ bioluminescent defense mechanism, which can signal to larger … Read More “Friday Squid Blogging: Giant Squid Video from the Gulf of Mexico” »
A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk. Denley says that the extension sends the private keys of all wallets created or managed through its … Read More “Chrome Extension Stealing Cryptocurrency Keys and Passwords” »
No one knows who they belong to. (Well, of course someone knows. And my guess is that it’s likely that we will know soon.) Powered by WPeMatico
Lance Vick suggesting that students hack their schools’ surveillance systems. “This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said. Of course, there are a lot more laws in place against this sort of thing than there were in — say — … Read More “Hacking School Surveillance Systems” »
Euprymna brenneri was discovered in the waters of Okinawa. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid … Read More “Chinese Hackers Bypassing Two-Factor Authentication” »
The smartphone messaging app ToTok is actually an Emirati spying tool: But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try … Read More “ToTok Is an Emirati Spying Tool” »
Yet another squid acronym. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g., OTA — over-the-air updates) were stored in a publicly accessible AWS S3 bucket … Read More “Lousy IoT Security” »