Remember Complex Passwords

If passwords are considered the bane of the data security industry, it’s partly because humans are awful at choosing them: By some counts, we still pick “password” a facepalm-inducing one in 20 times. But a study from two researchers at Microsoft and Princeton suggests there’s hope for those much-maligned secret strings of charters. Randomly generate

Internet of Things: 4 Security Tips

The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan. The Internet of today, what some are calling the Internet of Things (IoT), is a network enabled by embedded computers, unobtrusive sensors, worldwide systems, and big-data analytic environments. These systems,

Hello neighbour

When I broke into my neighbor’s home earlier this week, I didn’t use any cat burglar skills. I don’t know how to pick locks. I’m not even sure how to use a crowbar. It turns out all anyone needs to invade a friend’s apartment is an off switch for their conscience and an iPhone. This

The Russians Are Coming

The Russian Ministry of Internal Affairs (MVD) has offered a 3.9 million ruble (approximately $111,000) contract for technology that can identify the users of Tor, the encrypted anonymizing network used by Internet users seeking to hide their activities from monitoring by law enforcement, government censors, and others. The MVD had previously sought to ban the

What else is out there?

Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition. The company wrote in a disclosure last week it discovered the vulnerability on 12 February 2011 which was patched by Microsoft on 17 June 2014. The flaw affected Internet Explorer

Internet of Things – home alarms

When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren’t even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can

Tails security flaw

Think you’re safe from spies because you’re using Tails, the same Linux distribution that Edward Snowden uses to remain anonymous? Unfortunately, you’ll still have to be on your guard. Security firm Exodus Intelligence has revealed that the latest version of the OS, 1.1, is vulnerable to attacks that could be used to unmask your identity.

TrueCrypt rescued as CipherShed?

CipherShed is free encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. Whois: Registrant Contact Information: Name: Niklas Lemcke City: Muenster State: NRW Zip: 48147 Country: DE Phone: +0.886972880771 Email: niklas.lemcke@gmail.com It’s still very early days, but I’m sure most of us are hoping it

Tor cancelled

A highly anticipated talk on how to identify users of the Internet privacy service Tor was withdrawn from the upcoming Black Hat security conference, a spokeswoman for the event said on Monday. The talk was cancelled at the request of attorneys for Carnegie Mellon University in Pittsburgh, where the speakers work as researchers.

Online Tracking Device

What do the White House and YouPorn have in common? Their websites both use canvas fingerprinting, a newer form of online tracking designed to make it hard to hide. ProPublica investigated the pervasive shadowing method, developed as an insidious alternative to cookies so websites can keep tabs on where their visitors browse online.

It’s not going to get any easier

Internet of Things I got an email from my car the other day, informing me about its need for service. As a security professional, I found it unsettling, not surprising, but unsettling. What’s my car doing on the Internet, anyway? What are the possible implications of that? Tesla Model S hacked The Tesla Model S

Morning reading

Feds have his number In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked. But instead of providing what I had requested,

Tools for manipulation and surveillance

Just as civil liberties groups challenge the legality of the UK intelligence agency’s mass surveillance programs, a catalog of exploit tools for monitoring and manipulation is leaked online. Most of the tools are “fully operational, tested and reliable,” according to the 2012 JTRIG Manual, but “Don’t treat this like a catalog. If you don’t see

Dark Mail – another contender

The internet is littered with burgeoning email encryption schemes aimed at thwarting NSA spying. Many of them are focused on solving the usability issues that have plagued complicated encryption schemes like PGP for years. But a new project called Dark Mail plans to go further: to hide your metadata. Metadata is the pernicious transaction data

Agent.btz: a Source of Inspiration?

I meant to post this 4 months ago, but for some reason it didn’t happen. So, on a no news Sunday morning, it makes for an interesting catch up read. The past few days has seen an extensive discussion within the IT security industry about a cyberespionage campaign called Turla, aka Snake and Uroburos, which,