infossl – Page 235 – SSL and internet security news

Predicting a Slot Machine's PRNG

February 8, 2017 infossl

casinos, cheating, gambling, randomnumbers, russia, Security technology

Wired is reporting on a new slot machine hack. A Russian group has reverse-engineered a particular brand of slot machine — from Austrian company Novomatic — and can simulate and predict the pseudo-random number generator. The cell phones from Pechanga, combined with intelligence from investigations in Missouri and Europe, revealed key details. According to Willy … Read More “Predicting a Slot Machine's PRNG” »

Profile of Citizen Lab and Ron Diebert

February 7, 2017 infossl

citizenlab, cybersecurity, cyberwar, espionage, phishing, Security technology

Here’s a nice profile of Citizen Lab and its director, Ron Diebert. Citizen Lab is a jewel. There should be more of them. Powered by WPeMatico

Cryptkeeper Bug

February 7, 2017 infossl

backdoors, encryption, linux, Security technology, securityengineering

The Linux encryption app Cryptkeeper has a rather stunning security bug: the single-character decryption key “p” decrypts everything: The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem’s command line interface: Cryptkeeper … Read More “Cryptkeeper Bug” »

Hacker Leaks Cellebrite's Phone-Hacking Tools

February 6, 2017 infossl

Security technology

In January we learned that a hacker broke into Cellebrite’s network and stole 900GB of data. Now the hacker has dumped some of Cellebrite’s phone-hacking tools on the Internet. In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scenea community of iPhone hackers that … Read More “Hacker Leaks Cellebrite's Phone-Hacking Tools” »

Friday Squid Blogging: Whale Mistakes Plastic Bags for Squid

February 4, 2017 infossl

Security technology

A whale recently died in Norway because there were thirty plastic bags in its stomach. Researchers believe it may have mistaken the plastic bags for squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Powered by WPeMatico

How the US Secret Service Breaks into Smart Phones

February 3, 2017 infossl

Security technology

Here’s an article about the US Secret Service and their Cell Phone Forensics Facility in Tulsa. I said it before and I’ll say it again: the FBI needs technical expertise, not back doors. Powered by WPeMatico

Pacemaker Data Used in Arson Conviction

February 2, 2017 infossl

courts, fraud, internetofthings, Security technology

Here’s a story about data from a pacemaker being used as evidence in an arson conviction. EDITED TO ADD: Another news article. BoingBoing post. Powered by WPeMatico

Security and the Internet of Things

February 1, 2017 infossl

Security technology

Last year, on October 21, your digital video recorder - or at least a DVR like yours - knocked Twitter off the internet. Someone used your DVR, along with millions of insecure webcams, routers, and other connected devices, to launch an attack that started a chain reaction, resulting in Twitter, Reddit, Netflix, and many sites … Read More “Security and the Internet of Things” »

IoT Ransomware against Austrian Hotel

January 31, 2017 infossl

bitcoin, hotels, internetofthings, ransomware, Security technology

Attackers held an Austrian hotel network for ransom, demanding $1,800 in bitcoin to unlock the network. Among other things, the locked network wouldn’t allow any of the guests to open their hotel room doors. I expect IoT ransomware to become a major area of crime in the next few years. How long before we see … Read More “IoT Ransomware against Austrian Hotel” »

New Rules on Data Privacy for Non-US Citizens

January 30, 2017 infossl

datacollection, dataprotection, nationalsecuritypolicy, privacy, Security technology, surveillance

Last week, President Trump signed an executive order affecting the privacy rights of non-US citizens with respect to data residing in the US. Here’s the relevant text: Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents … Read More “New Rules on Data Privacy for Non-US Citizens” »