There’s a really interesting paper from George Washington University on hacking back: “Into the Gray Zone: The Private Sector and Active Defense against Cyber Threats.” I’ve never been a fan of hacking back. There’s a reason we no longer issue letters of marque or allow private entities to commit crimes, and hacking back is a … Read More “Hacking Back” »
Category: hacking
Auto Added by WPeMatico
President Barack Obama’s public accusation of Russia as the source of the hacks in the US presidential election and the leaking of sensitive e-mails through WikiLeaks and other sources has opened up a debate on what constitutes sufficient evidence to attribute an attack in cyberspace. The answer is both complicated and inherently tied up in … Read More “Attributing the DNC Hacks to Russia” »
Nice article on the 2011 DigiNotar attack and how it changed security practices in the CA industry. Powered by WPeMatico
In this impressive social-engineering display, a hacker convinces a cell phone tech-support person to change an account password without being verified in any way. Powered by WPeMatico
It’s really bad. The ticket machines were hacked. Over the next couple of years, I believe we are going to see the downside of our headlong rush to put everything on the Internet. Slashdot thread. Powered by WPeMatico
This is impressive research: “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals“: Abstract: In this study, we present WindTalker, a novel and practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from the observation that … Read More “Using Wi-Fi to Detect Hand Motions and Steal Passwords” »
PoisonTap is an impressive hacking tool that can compromise computers via the USB port, even when they are password-protected. What’s interesting is the chain of vulnerabilities the tool exploits. No individual vulnerability is a problem, but together they create a big problem. Kamkar’s trick works by chaining together a long, complex series of seemingly innocuous … Read More “Hacking Password-Protected Computers via the USB Port” »
It’s over. The voting went smoothly. As of the time of writing, there are no serious fraud allegations, nor credible evidence that anyone tampered with voting rolls or voting machines. And most important, the results are not in doubt. While we may breathe a collective sigh of relief about that, we can’t ignore the issue … Read More “Election Security” »
Ad networks are surreptitiously using ultrasonic communications to jump from device to device. It should come as no surprise that this communications channel can be used to hack devices as well. Powered by WPeMatico
For years, the DMCA has been used to stifle legitimate research into the security of embedded systems. Finally, the research exemption to the DMCA is in effect (for two years, but we can hope it’ll be extended forever). Powered by WPeMatico