Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring. Powered by WPeMatico
Last month, Attorney General William Barr gave a major speech on encryption policywhat is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without … Read More “Attorney General Barr and Encryption” »
A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU’s General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they … Read More “Exploiting GDPR to Get Private Information” »
Interesting analysis: “Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act’s Metadata Program be Extended?” by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversial programs launched by the U.S. Intelligence Community (IC) in the wake … Read More “Evaluating the NSA’s Telephony Metadata Program” »
Great video of the Sinuous Asperoteuthis Mangoldae Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA, a Python-based tool … Read More “Supply-Chain Attack against the Electron Development Platform” »
This wasn’t a small operation: A Pakistani man bribed AT&T call-center employees to install malware and unauthorized hardware as part of a scheme to fraudulently unlock cell phones, according to the US Department of Justice. Muhammad Fahd, 34, was extradited from Hong Kong to the US on Friday and is being detained pending trial. An … Read More “AT&T Employees Took Bribes to Unlock Smartphones” »
I know there’s a lot of politics associated with this story, but concentrate on the cybersecurity aspect for a moment. The cell phones of a thousand Brazilians, including senior government officials, were hacked — seemingly by actors much less sophisticated than rival governments. Brazil’s federal police arrested four people for allegedly hacking 1,000 cellphones belonging … Read More “Brazilian Cell Phone Hack” »
Interesting article on people using banks of smartphones to commit ad fraud for profit. No one knows how prevalent ad fraud is on the Internet. I believe it is surprisingly high — here’s an article that places losses between $6.5 and $19 billion annually — and something companies like Google and Facebook would prefer remain … Read More “Phone Pfarming for Ad Fraud” »
Siena Anstis, Ronald J. Deibert, and John Scott-Railton of Citizen Lab published an editorial calling for regulating the international trade in commercial surveillance systems until we can figure out how to curb human rights abuses. Any regime of rigorous human rights safeguards that would make a meaningful change to this marketplace would require many elements, … Read More “Regulating International Trade in Commercial Spyware” »