Security News

Hacking a Segway

Bruce Shneier's Blog - Fri, 07/21/2017 - 06:23
The Segway has a mobile app. It is hackable: While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn't being used for authentication at every level of the system. As a result, Kilbride could send arbitrary commands to the scooter without... Bruce Schneier
Categories: Security News

Ethereum Hacks

Bruce Shneier's Blog - Thu, 07/20/2017 - 09:12
The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they're not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency -- in this case, digital wallets. This is the second Ethereum hack this week. The first tricked people in sending their Ethereum to... Bruce Schneier
Categories: Security News

The inner workings of eight Apple iOS vulnerabilities exposed

zdnet 0 day - Thu, 07/20/2017 - 08:00
A total of eight Apple iOS security flaws were discovered by a single researcher.
Categories: Security News

Tor network will pay you to hack it through new bug bounty program

zdnet 0 day - Thu, 07/20/2017 - 08:00
Tor wants to find bugs which could compromise the identity of its users.
Categories: Security News

Hackers strike ethereum again, slink away with over $30 million

zdnet 0 day - Thu, 07/20/2017 - 03:49
The cryptocurrency has been dealt another serious blow with the second high-profile theft of the week.
Categories: Security News

Russian man who helped build Citadel malware sentenced to 5 years

zdnet 0 day - Wed, 07/19/2017 - 14:43
The lead prosecutor said the Russian man had cooperated with the US government "from the start."
Categories: Security News

Password Masking

Bruce Shneier's Blog - Wed, 07/19/2017 - 10:35
Slashdot asks if password masking -- replacing password characters with asterisks as you type them -- is on the way out. I don't know if that's true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in passwords on small screens and annoying... Bruce Schneier
Categories: Security News

Rapid7 snaps up security automation platform Komand

zdnet 0 day - Wed, 07/19/2017 - 03:06
The company hopes that security orchestration and automation will bring in future enterprise revenue.
Categories: Security News

Flaw in home security system lets hackers remotely activate alarms

zdnet 0 day - Tue, 07/18/2017 - 15:05
The company appears to have ignored the security report, months after it was filed.
Categories: Security News

Google bolsters security to prevent another Google Docs phishing attack

zdnet 0 day - Tue, 07/18/2017 - 12:00
It's about to get really difficult to accidentally fall for a phishing attack.
Categories: Security News

Many of My E-Books for Cheap

Bruce Shneier's Blog - Tue, 07/18/2017 - 06:38
Humble Bundle is selling a bunch of cybersecurity books very cheaply. You can get copies of Applied Cryptography, Secrets and Lies, and Cryptography Engineering -- and also Ross Anderson's Security Engineering, Adam Shostack's Threat Modeling, and many others. This is the cheapest you'll ever see these books. And they're all DRM-free.... Bruce Schneier
Categories: Security News

Hacker steals $7.4 million in ethereum during CoinDash ICO launch

zdnet 0 day - Tue, 07/18/2017 - 03:56
The hack took only a few minutes but allowed the criminal to escape with millions in investor funds.
Categories: Security News

Australia Considering New Law Weakening Encryption

Bruce Shneier's Blog - Mon, 07/17/2017 - 06:29
News from Australia: Under the law, internet companies would have the same obligations telephone companies do to help law enforcement agencies, Prime Minister Malcolm Turnbull said. Law enforcement agencies would need warrants to access the communications. "We've got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and pedophile... Bruce Schneier
Categories: Security News

Ashley Madison offers users caught in data breach $11 million in compensation

zdnet 0 day - Mon, 07/17/2017 - 01:04
Whether or not former users of the affairs website will take up the offer, however, is up for debate.
Categories: Security News

Friday Squid Blogging: Eyeball Collector Wants a Giant-Squid Eyeball

Bruce Shneier's Blog - Fri, 07/14/2017 - 16:35
They're rare: The one Dubielzig really wants is an eye from a giant squid, which has the biggest eye of any living animal -- it's the size of a dinner plate. "But there are no intact specimens of giant squid eyes, only rotten specimens that have been beached," he says. As usual, you can also use this squid post to... Bruce Schneier
Categories: Security News

Book Review: Twitter and Tear Gas, by Zeynep Tufekci

Bruce Shneier's Blog - Fri, 07/14/2017 - 12:06
There are two opposing models of how the Internet has changed protest movements. The first is that the Internet has made protesters mightier than ever. This comes from the successful revolutions in Tunisia (2010-11), Egypt (2011), and Ukraine (2013). The second is that it has made them more ineffectual. Derided as "slacktivism" or "clicktivism," the ease of action without commitment... Bruce Schneier
Categories: Security News

Trump voter commission releases voter complaints — and their personal data

zdnet 0 day - Fri, 07/14/2017 - 11:31
The government just doxed several concerned (and angry) citizens.
Categories: Security News

Homeland Security says Americans who don't want faces scanned leaving the country "shouldn't travel"

zdnet 0 day - Fri, 07/14/2017 - 08:48
Congress allowed the government to scan faces of foreign nationals to keep track of visa overstays. But now that's set to be extended to Americans, worrying some privacy advocates.
Categories: Security News

Forged Documents and Microsoft Fonts

Bruce Shneier's Blog - Fri, 07/14/2017 - 06:51
A set of documents in Pakistan were detected as forgeries because their fonts were not in circulation at the time the documents were dated.... Bruce Schneier
Categories: Security News

How to protect yourself from the Verizon data breach

zdnet 0 day - Thu, 07/13/2017 - 12:51
To be safe, you must change your Verizon PIN.
Categories: Security News