Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy … Read More “Security and Privacy Implications of Zoom” »
Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty) as a thank you for doing the right thing. However, CSO’s … Read More “Bug Bounty Programs Are Being Used to Buy Silence” »
Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points … Read More “Marriott Was Hacked — Again” »
Daniel’s Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It’s unclear when, or if, it will be back up. Powered by WPeMatico
A federal court has ruled that violating a website’s terms of service is not “hacking” under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have terms of service prohibiting users from supplying fake … Read More “Clarifying the Computer Fraud and Abuse Act” »
The trade-offs are changing: As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder … Read More “Privacy vs. Surveillance in the Age of COVID-19” »
Amazing: Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon — the long, slender neural projections that transmit electrical impulses to other neurons. This is the first time that edits to genetic … Read More “Friday Squid Blogging: Squid Can Edit Their Own Genome” »
This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion somewhere in Siberia in the … Read More “Story of Gus Weiss” »
Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof’s “market for lemons”) or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome the market for lemons. Our preliminary analysis suggests the majority of cyber warranties cover … Read More “On Cyber Warranties” »
The Chinese facial recognition company Hanwang claims it can recognize people wearing masks: The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to … Read More “Facial Recognition for People Wearing Masks” »