It's not very good, but it has a squid in it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....
I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers,...
The company said it will soon start reporting app takedowns from its app stores.
We are going to change the way business and marketing leaders interact with researchers and analysts, and raise the bar for ethics. We are going to empower researchers and analysts to advocate business and marketing leaders for better practices.
Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent's true identity. Here, we report a novel technique for detecting faked identities based...
An unknown threat actor has so far managed to steal over 388,000 BTG from cryptocurrency exchanges.
Exclusive: The exposed lookup tool let anyone run a customer's phone number -- and obtain their home address and account PIN, used to contact phone support.
The storage bucket wasn't protected with a password and was accessible by anyone.
Interesting research in steganography at the font level....
The rise of self-checkout has caused a corresponding rise in shoplifting....
It seems the same attack vector used to steal cryptocurrency reserves only just over a month ago is at fault.
Tencent's Keen Security Lab found a number of serious bugs which could be exploited by attackers to remotely attack a number of BMW models.
Encrypted cell phones were a major obstacle to criminal investigation. The FBI now admits the problem was much smaller than they'd originally reported.
The agency says encrypted phones harm its investigations, but it won't say how many are affected.
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called "Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown in January, I predicted that we'll be seeing a lot more of these sorts of vulnerabilities. Spectre...
The discovery was made by a university student who was not aware of how dangerous the vulnerability was.
Information belonging to almost 20,000 staff and students was exposed in the security incident.
A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system.
Exclusive: A bug in Comcast's website leaks sensitive customer information.
The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work even the...