Another speculative-execution attack against Intel’s SGX. At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow … Read More “Speculation Attack Against Intel’s SGX” »
Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of … Read More “Hacking Police Bodycams” »
Google is tracking you, even if you turn off tracking: Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.” That isn’t true. Even with … Read More “Google Tracks its Users Even if They Opt-Out of Tracking” »
Fascinating research de-anonymizing code — from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt’s former PhD student and now an assistant professor at George Washington University, have found that code, like other forms of stylistic expression, are not anonymous. At the DefCon … Read More “Identifying Programmers by their Coding Style” »
Interesting video of a robot grabber that’s delicate enough to capture squid (and even jellyfish) in the ocean. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Funny and true. Powered by WPeMatico
Last week, CNN reported that the Transportation Security Administration is considering eliminating security at U.S. airports that fly only smaller planes — 60 seats or fewer. Passengers connecting to larger planes would clear security at their destinations. To be clear, the TSA has put forth no concrete proposal. The internal agency working group’s report obtained … Read More “Don’t Fear the TSA Cutting Airport Security. Be Glad That They’re Talking about It.” »
Really interesting article: A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io, that allow humans to specifically search through the massive pile of certificate log entries for sites that spoof certain brands or functions common … Read More “Detecting Phishing Sites with Machine Learning” »
BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. (Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear is what we would expect if SpiderOak … Read More “SpiderOak’s Warrant Canary Died” »
Interesting research: “Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions“: Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic … Read More “Measuring the Rationality of Security Decisions” »