The smartphone messaging app ToTok is actually an Emirati spying tool: But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try … Read More “ToTok Is an Emirati Spying Tool” »
Yet another squid acronym. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g., OTA — over-the-air updates) were stored in a publicly accessible AWS S3 bucket … Read More “Lousy IoT Security” »
This isn’t a first, but I think it will be the first conviction: The GIF set off a highly unusual court battle that is expected to equip those in similar circumstances with a new tool for battling threatening trolls and cyberbullies. On Monday, the man who sent Eichenwald the moving image, John Rayne Rivello, was … Read More “Attacker Causes Epileptic Seizure over the Internet” »
New details: At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company’s threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group … Read More “Iranian Attacks on Industrial Control Systems” »
Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be vulnerable to interception and spoofing attacks. While … Read More “Security Vulnerabilities in the RCS Texting Protocol” »
Interesting stuff. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
EFF has published a comprehensible and very readable “deep dive” into the technologies of corporate surveillance, both on the Internet and off. Well worth reading and sharing. Boing Boing post. Powered by WPeMatico
Back in 1998, Tim May warned us of the “Four Horsemen of the Infocalypse”: “terrorists, pedophiles, drug dealers, and money launderers.” I tended to cast it slightly differently. This is me from 2005: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public … Read More “Scaring People into Supporting Backdoors” »
Privacy International has published a detailed, technical examination of how data is extracted from smartphones. Powered by WPeMatico