badpassword
Latest
2016's biggest privacy threat: Your phone
When it comes to handing malicious hackers' intimate details about our lives, right now Yahoo is leading the pack as one of the worst threats to privacy in recent history. Yet there's one thing that has Yahoo beat in both the amount and sensitivity of the data being leaked, as well as the frequency. And like IoT appliances, it's a well-known and massive problem among security professionals, but it doesn't garner a lot of attention from the public. I'm talking about your smartphone.
Obama's got a new cybersecurity plan, but what's the point?
There's been a lot of hot air blown across headlines this week about the big cybersecurity plan proposed by the White House's Commission on Enhancing National Cybersecurity (PDF). The plan for a commission to create long-term recommendations on beefing up America's cybersecurity was first hatched in April. It's a roadmap that should've been plotted many years ago, and is now being regifted to the next administration. Which may or may not use it for toilet paper.
2016 claims another victim: Your privacy
In a blow to privacy on par with the Patriot Act, changes to the rules around warrants grant the US government unprecedented hacking powers in any jurisdiction, and on as many devices as it wants. The changes to a measure known as Rule 41 were made earlier this year but went into effect Thursday after lots of opposition. Basically, they let any judge issue a warrant to remotely access an unlimited number of computers and devices located in any jurisdiction. There was plenty of objection from senators and congresspeople, groups like the Center for Democracy and Technology and companies such as Google, who said it's unconstitutional and invades citizens' rights to privacy.
Six gifts for your paranoid friends and family
It pays to be paranoid in a time of rampant breaches, social media account extortion, identity theft, fake security products, ransomware, and hack attacks on all. That's why we've put together a gift guide for those among us who don't want to find out they have a security issue the hard way. Typically that would include things like VPN subscriptions or password manager recommendations, but that's no fun when it comes time for everyone to open their presents. That's why we've selected six sweet gadgets that'll protect the privacy and security of those you care about. Carefully screened to keep out the "security snake oil" products flooding the gadget market, our picks have been selected with a keen eye on things that actually work to fight attacks that actually happen.
FriendFinder breach shows it's time to be adults about security
Like all sectors -- government, retail, finance and healthcare -- the adult and porn businesses are feeling the consequences of not making security a priority, in the worst possible ways. Namely, by getting hacked and pwned, hard. Take for example this week's breach-bloodbath, in which FriendFinder Networks (FFN) lost their Sourcefire code to criminal hackers and put their users in serious risk. Combined with Ashley Madison's many deceits, FFN also contributed to the deepening public mistrust about the very sensitive data exchange between adult companies and their consumers.
The consequences of the Trump presidency on cybersecurity
Hacking and cybersecurity played a huge role in the presidential election. So much so that Donald Trump, America's new president-elect, was helped greatly by the acts of criminal hackers in his journey to the White House, and is now an outspoken WikiLeaks fan.
The truth about Trump's secret server and Russia
It's hard not to follow the hacks and cracks of the election, even if you don't want to -- every day there's a new accusation or hysterical revelation. So you no doubt saw "Was a Trump Server Communicating With Russia?" postulating that Donald Trump's connections to Russia were confirmed with the discovery of a secret email server. That story came from Slate and was based on a connection a researcher found between a Trump Organization server and a Russian bank. News outlets took the bait and ran with it, telling us that this was as damning as it appeared.
That time your smart toaster broke the internet
Where were you the day the internet died? Last Friday the internet had its biggest hiccup to date when a whole bunch of major websites were maliciously knocked offline. Harnessing the weak security of internet-connected devices, like DVRs and cameras, the attackers used botnets implanted on the devices to traffic-overload the one business keeping those sites' domain names functional.
The looming specter of cyberwar with Russia
In the world of cyber (as in security), the question of the week seems to be, "Are we going to cyberwar with Russia?" White House Press Secretary Josh Earnest thinks so. A week after President Obama singled out Russia as being responsible for cyberattacks on targets including the Democratic National Committee, Earnest said in a briefing that the administration would be serving a "proportional" response to Putin and the gang.
'Secure' apps in Google's Play Store are a crapshoot
Infosec Apple fanboys are not known for their empathy -- either for those who can't afford their holy high fetish of phone security (iPhone) or for those who simply can't stomach the ecosystem's mounting hypocrisies. But there's one thing on their side. Apple's App Store at least tries to curate product security, while Google's Play Store is like playing appsec Russian roulette.
It's not easy being Yahoo
Remember when Yahoo was great? Yeah, I'm having a hard time, too. Especially in light of the past few weeks, during which the company's house of cards collapsed -- and afterward those cards were set on fire and then pooped on by a passing flock of seagulls who'd had some bad curry.
Wanted: One 400-lb hacker (or maybe five tiny ones)
This week the topic of cybersecurity made its first-ever appearance at a presidential debate. This was thanks to moderator Lester Holt, who asked candidates Hillary Clinton and Donald Trump how to fight cyberattacks. Both were heavy on emphasizing the importance of "the cyber," were scant on policy details and, worryingly, omitted critical cybersecurity issues (like ransomware and breaches).
The FBI recommends you cover your laptop's webcam, for good reason
FBI director James Comey recently recommended that we all cover our webcams with tape for security reasons. Comey believes that doing so is a simple step for people to "take responsibility for their own safety and security."
Customer service matters when it comes to ransomware
This week we're finding out that Cerber is 2016's biggest name in ransomware. Cerber didn't get to the top just by being good at infecting computers, locking up people's files and blackmailing its victims for Bitcoin. The plucky ransomware is on the fast track to fame and fortune thanks to a hard-won reputation for top-notch customer service that wows its victims at every turn. At least that was the conclusion in security company F-Secure's summer report, Evaluating the Customer Journey of Crypto-Ransomware.
Should we be worried about election hacking?
When you know you're gonna lose, one surefire way to cast doubt on your loss is to say the whole thing was a setup. That's exactly what Republican presidential nominee Donald Trump did when he found out that he was trailing Democratic nominee Hillary Clinton by nine points in Pennsylvania last month. While campaigning in the state, he said that the only way he could lose Pennsylvania is through fraud -- as in, electronic voting machines that could be hacked.
Untangling the NSA's latest alleged embarrassment
Last week, security researcher Mikko Hypponen found a notice on Github from an entity called Shadow Brokers, a reference to master of the galactic black market for information in the game Mass Effect. The notice was for an auction of exploits from the Equation Group (widely believed to be operated by the NSA).
Hacking and AI: Moral panic vs. real problems
On Aug. 4th, seven different artificial intelligence systems competed against each other to see which was best at hacking. The Cyber Grand Challenge was sponsored by DARPA (the US Defense Advanced Research Projects Agency) and held at Def Con, in a vast ballroom remade to resemble an e-sports broadcast. Of course, because we're talking about about AIs made to seek out security vulnerabilities (and either patch or exploit them), some were inclined to scream "Skynet!" and run for the hills.
The hysterical hacking headlines of Def Con 24
You might've noticed that your regular news outlets have way more hysterical, random-seeming and utterly terrifying articles about hacking this week. That's because hacking conference Def Con happened last weekend, where a fair number of journalists had the pee scared out of them and decided to share their irrational reactions with everyone.
Where the would-be vice presidents stand on cybersecurity
Aside from sound bites on Russia and hacking, where Clinton and Trump stand on cybersecurity issues is generally unclear. In fact, they've devoted little time to this crucial and urgent subject. Which is weird in light of the epic amount of hacking shenanigans this presidential race has compelled us to endure. When it comes to cybersecurity, neither Clinton nor Trump has a position, a statement, a plan or a section in their "Issues" sections of their campaign websites. Only Clinton's website mentions it -- in passing: once on China's accountability to the U.S., and then again in a little line stating she will work to promote "cybersecurity at home and abroad." You'd think either one of them would have something substantial on a topic that's simultaneously consuming the nation and making them both look foolish. But apparently, that's where their VPs are supposed to come in and take up the very troubling amount of cybersecurity neglect we're witnessing. Which, as you'll see, is pretty lopsided.
SMS two-factor authentication isn't being banned
Another week gone by, and the place is in cybersecurity shambles again. A years' old hacking issue, unencrypted wireless keyboards, being featured in an upcoming Defcon talk mystifyingly became a hot new Internet of Things threat. Obama gave us a colorful "threat level" cyber-thermometer that no one's really sure what to do with. Ransomware is hitting hospitals like there's a fire sale on money. And the DNC-Wikileaks email debacle exploded, splattering blame all over Russia.
