Smartphone owners today have a plethora of ways to lock and unlock their phones: face scans, finger presses, PIN codes, location detection, and so on. Are some of these options more secure than others? And which one should you use?
According to the t-shirt ‘There’s no place like 127.0.0.1’ but one Google engineer queries just how secure this home is. A Google engineer, Mike West, obviously doesn’t think that the 127.0.0.1 domain is secure enough. West has submitted a standards draft to the Internet Engineering Task Force (IETF) seeking to formalise treating localhost in a […]
Developers have rushed to offer apps that detect when your phone connects to fake cell phone towers. Unfortunately, it seems, those tools aren’t as effective as they claim. Watching the watchers turns out to be a complicated business. Solving that larger architectural problem will require not just improvements in some Android apps, but coordinated security […]
Briar, an instant messaging service that works over the Tor network, has reached beta stage. Only an Android app is available at the moment. The conclusion of the security audit is that Briar for Android provides “an overall good handling of matters linked to security and privacy. Furthermore, the code responsible with the app’s cryptography […]
Tor Project co-founder Roger Dingledine took the stage last week at DEF CON to bust popular myths and announce upcoming features related to the anonymity network that averages 2 million users a day. From the post: Personally I’m (still) waiting for TOR Astoria, and to see if it’s truly as bullet-proof as they claim it […]
WikiLeaks has released today eight manuals from the CIA’s Dumbo project, a tool that the Agency uses to disable webcams, microphones, and other surveillance software. The purpose of this tool is to cripple audio and video surveillance on critical targets so that field agents can perform their missions.
Last week researcher Nitay Artenstein of Exodus Intelligence published a proof of concept for a self-replicating worm that could spread autonomously between mobile devices, needing only the device’s WiFi network address to infect the device. If infected, the device’s WiFi chip would be completely under the attacker’s control, allowing them to propagate the malware to […]
There needs to be a digital safe space. He believes police can still do their jobs with respect to gathering intelligence without denying all of us the ability to “go dark in any fashion”. But government’s such as the “Five Eyes” group [see below] are pursuing a “nowhere to hide” strategy. Governments have a three-pronged […]
We all know IoT security sucks and this is just one more in an endless list of hacks. BUT, worth the read for some interesting bits of info. This process could theoretically work on any digital device that uses flash memory, but most types would require interfacing with more pins than eMMC does, and many […]
Process injection is a widespread defense evasion technique employed often within malware and fileless adversary tradecraft, and entails running custom code within the address space of another process. Process injection improves stealth, and some techniques also achieve persistence. Although there are numerous process injection techniques, in this blog I present ten techniques seen in the […]