What else is out there?

Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition. The company wrote in a disclosure last week it discovered the vulnerability on 12 February 2011 which was patched by Microsoft on 17 June 2014. The flaw affected Internet Explorer

Internet of Things – home alarms

When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren’t even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can

Tails security flaw

Think you’re safe from spies because you’re using Tails, the same Linux distribution that Edward Snowden uses to remain anonymous? Unfortunately, you’ll still have to be on your guard. Security firm Exodus Intelligence has revealed that the latest version of the OS, 1.1, is vulnerable to attacks that could be used to unmask your identity.

TrueCrypt rescued as CipherShed?

CipherShed is free encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. Whois: Registrant Contact Information: Name: Niklas Lemcke City: Muenster State: NRW Zip: 48147 Country: DE Phone: +0.886972880771 Email: niklas.lemcke@gmail.com It’s still very early days, but I’m sure most of us are hoping it

Tor cancelled

A highly anticipated talk on how to identify users of the Internet privacy service Tor was withdrawn from the upcoming Black Hat security conference, a spokeswoman for the event said on Monday. The talk was cancelled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers.

Online Tracking Device

What do the White House and YouPorn have in common? Their websites both use canvas fingerprinting, a newer form of online tracking designed to make it hard to hide. ProPublica investigated the pervasive shadowing method, developed as an insidious alternative to cookies so websites can keep tabs on where their visitors browse online.

It’s not going to get any easier

Internet of Things I got an email from my car the other day, informing me about its need for service. As a security professional, I found it unsettling, not surprising, but unsettling. What’s my car doing on the Internet, anyway? What are the possible implications of that? Tesla Model S hacked The Tesla Model S

Morning reading

Feds have his number In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked. But instead of providing what I had requested,

Tools for manipulation and surveillance

Just as civil liberties groups challenge the legality of the UK intelligence agency’s mass surveillance programs, a catalog of exploit tools for monitoring and manipulation is leaked online. Most of the tools are “fully operational, tested and reliable,” according to the 2012 JTRIG Manual, but “Don’t treat this like a catalog. If you don’t see

Dark Mail – another contender

The internet is littered with burgeoning email encryption schemes aimed at thwarting NSA spying. Many of them are focused on solving the usability issues that have plagued complicated encryption schemes like PGP for years. But a new project called Dark Mail plans to go further: to hide your metadata. Metadata is the pernicious transaction data

Agent.btz: a Source of Inspiration?

I meant to post this 4 months ago, but for some reason it didn’t happen. So, on a no news Sunday morning, it makes for an interesting catch up read. The past few days has seen an extensive discussion within the IT security industry about a cyberespionage campaign called Turla, aka Snake and Uroburos, which,

Review: Blackphone

If there’s a symbol for the idea that privacy is on people’s minds, it’s the Blackphone. The Blackphone, which went on sale this week for $629, is billed as the first smartphone built solely with privacy and security in mind. It is definitely more secure than your average phone, but comes with trade-offs that most consumers

Dashlane 3

Dashlane just took the wraps off its latest version. Dashlane 3 now features emergency contacts who can access your passwords if you’re unable to, secure password sharing for teams or families, and it’s even lighter on system resources than ever. The update is available now to all users, and existing users will get the update

“snoopy2” is a great password

Following on from yesterdays story a  team of researchers says the widely repeated advice isn’t feasible in practice, and they’ve provided the math they say proves it. The burden stems from the two foundations of password security that (A1) passwords should be random and strong and (A2) passwords shouldn’t be reused across multiple accounts. The

It’s always about passwords

Payment Networks? Imagine if you needed a different credit card for each merchant you visited. You probably wouldn’t visit many and there would be almost zero utility to each card. The payments card industry realized this and created an ecosystem built on interoperability and standards, with a few different stakeholders. Access to online services needs