The cell phones we carry with us constantly are the most perfect surveillance device ever invented, and our laws haven’t caught up to that reality. That might change soon. This week, the Supreme Court will hear a case with profound implications on your security and privacy in the coming years. The Fourth Amendment’s prohibition of … Read More “Warrant Protections against Police Searches of Our Data” »
This is an interesting tactic, and there’s a video of it being used: The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. In the footage, one of the men can be seen waving a box in front of the victim’s … Read More “Man-in-the-Middle Attack against Electronic Car-Door Openers” »
Uber was hacked, losing data on 57 million driver and rider accounts. The company kept it quiet for over a year. The details are particularly damning: The two hackers stole data about the company’s riders and drivers – including phone numbers, email addresses and names — from a third-party server and then approached Uber and … Read More “Uber Data Hack” »
Falsely labeled squid snacks were seized in Cambodia. I don’t know what food product it really was. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more. Powered by WPeMatico
The security researchers at Princeton are postingthe results of some very interesting research into web surveillance: You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and … Read More “Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement” »
Amazon has a cloud for US classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it. Powered by WPeMatico
Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don’t abuse their one-time access privilege. Cloud Cam has been hacked: But now security researchers have demonstrated that with … Read More “Vulnerability in Amazon Key” »
Peru and Chile have a new plan. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new … Read More “New White House Announcement on the Vulnerability Equities Process” »