Archive for the ‘Security’ Category

It’s Worse Than You Think: Tracking Apps


(FTB stderr) – Marcus Ranum:

There is a vast infrastructure of sneaky, nasty, deceptive code that is deployed by marketers to infect your browser so they can track everything you are doing. This reduces your ability to trust your browser tremendously, since you (naturally!) have no idea what it’s doing: it is not your browser. And, there is a similar vast infrastructure of evil running on your smartphone, sucking your battery life, tracking your location, monitoring the sounds around you, and eating your bandwidth and performance to transmit all that to dozens of companies: it is not your smartphone.

You’re just paying for it. …

stderr 2017/11/30 tracking-apps

Big-Brother mobile Phones


German Hardware Giant’s Ultra-Secure IoT


(Economist) –

Bosch is to position itself as a trusted custodian of data. “Orwell’s 1984 is kindergarten compared to the IoT-world. When it comes, and people re-evaluate privacy, Bosch will be prepared,” says Peter Schnaebele, its head of smart homes. …

economist 21731196


Intel’s Hidden In-Chip Operating System


(ZDNet) – Steven J. Vaughan-Nichols:

Buried deep inside your computer’s Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It’s slow, hard to get at, and insecure as insecure can be. …

zdnet intels-hidden

Big Brother bug

Reaper Botnet Set to Be Worse Than Mirai


(ZDNet) – Zack Whittaker:

Reaper is on track to become one of the largest botnets recorded in recent years — and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year’s Mirai cyberattack. …

zdnet reaper-botnet-worse


Wire Server Code Now 100% Open Source


(Medium::Wire) – Earlier this year, we started open sourcing Wire server code under the AGPL license. Today, the code necessary to run Wire servers is available to everyone for review. …

wireapp 88e24164309c

Wire messenger

Hacker-Proof Wireless Security


(Non Sequitur) – Wiley Miller:

Klick klick klika klik-klik ding” …

Non Sequitur 2017-08-06

Wiley Miller: Non Sequitur 2017-08-06: Hacker-Proof Wireless Security

Don’t Sweat Quantum Crypto


(FTB stderr) – Marcus Ranum:

Whenever I see the press utterly fail to “get” something to do with computer security, I assume they’re equally lazy and wrong about every other field that requires more understanding than “who made Kim Kardashian’s shoes?” (because they are labelled). …

stderr 2017/07/27 quantum-crypto

Quantum cryptography

Privacy Tools


(Julia Angwin) – In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers. …

juliaangwin privacy-tools

Julia Angwin: Dragnet Nation

Cyberwar Paradox


(FTB stderr) – Marcus Ranum:

I pointed this problem out during my “cyberwar is bullshit” talk at RSA conference in 2012: once you begin using your cyberweapons, they become subject to commercial pressures: and competitive analysis.

This guarantees that cyberweapons will have (relatively) short lifespans, and they’ll have the same problem that copy-protect and other digital rights management systems have: in order to work, you have to give them to the enemy, which means they are subject to examination and dissection. The cost of innovation is borne by the designer of the system, and once the system is widely fielded, it can be completely mooted by a single attacker. …

stderr 2017/06/09 security-paradox

Torpig botnet takeover

TLA Computer Security


(FTB stderr) – Marcus Ranum:

There are many agencies that have some degree of charter for computer security – but “defense” has been a bit of a hot potato. Meanwhile, the NSA (and now we know CIA, and probably every other Three Letter Agency) used to go to security conferences like DEFCON and advertise that they were hiring hackers. Of course they were.

If you know anything about how the US empire operates, you’d predict right away that the effort in computer security has been pretty much all offense and no defense – like our Department of “Defense” and you’d be pretty much right. …

stderr 2017/05/18 sounds-about-right

Marcus J. Ranum: The Myth of Homeland Security