The next polla will use passkeys.
Glorious post by Signal (the secure messaging app) founder about shady hacking company Cellebrite and their main product’s lack of security.
Booby trapped apps FTW!
“Apple makes it easy to connect and share your life with the people closest to you. What you share, and whom you share it with, is up to you — including the decision to make changes to better protect your information or personal safety.
If you’d like to revisit what you share with other people, or restore your device’s original settings for any reason, this guide can help you understand what information you are sharing via your Apple devices, and how to make changes to protect your safety. It includes step-by-step instructions on how to remove someone’s access to information you’ve previously granted: from location data on the Find My app, to meetings you’ve scheduled via Calendar.
If you’re concerned that someone is accessing information you did not share from your Apple device, this guide will also help you identify risks, and walk you through the steps to help make the technology you rely on as private and secure as you want it to be.”
Nice idea. Can’t really wait on the web to adopt sane password practices so the pragmatic idea is to consolidate knowledge for the biggest websites.
Let's try and not use Zoom because
Great article, and WOW.
A comment on related article on ArsTechnical had something interesting to say:
Why government regulations are always talked about as a Bad Thing, without being vocally and vociferously challenged by others amazes me. Many of these regulations are written in blood, or were put in place by deep thoughtful consideration by engineers advising regulators.
Cool visualization of largest known breaches since 2004.
So who’s lying (or got it wrong?) Bloomberg or The rest of the world?
List of top websites in the world that still don't use secure connections. Maybe if you shame them, they will fix it?
See if any of your passwords has been seen in a previous security breach.
There's a good chance that 1Password will integrate this into their excellent password manager.
Fascinating story behind the bugs and their disclosures. For me personally due to my line of work, these are a big deal.
Real time map of online attacks as seen by Norse.
Best practices for online passwords. It's kind of crazy how bad so many online services are about this stuff. Including tech companies.
This is a pretty darn good idea, for someone who is tech savvy and distrustful of ISPs.
I know of several non-technical people with great "tech business ideas" say that they can just hire cheap developers in India to implement their business. I always try to explain what a terrible idea that is unless you have someone they trust and who can provide technical oversight to the project. This is an example of how things can go horribly wrong.
Black-hat hackers pull off some incredibly clever stuff. This one is specially cool. But the weakness of credit card security surely doesn't help.
Nice overview of how iMessage security works, in a way that not even Apple can intercept messages. Interesting in view of WhatsApp's recent announcement of encryption and all the FBI / hacking hoopla.
This is crazy. BlackBerry built a backdoor to its BlackBerry messages service AND shared it with the Canadian police. This is a huge breach of trust from a company that advertised its secure devices, with millions of customers who bought BlackBerries partly due to that reason.
If the Canadian government had it, what makes anyone think that other governments didn't have access to it? They may have obtained it through RIM's (now BlackBerry) cooperation or without through hacking or old-school espionage. Think about it, in the early and mid 90's practically all heads of state including Obama used BBM.
They deserve to be sued by their former customers. This underscores why Apple and other tech companies need to resist against building such backdoors into their products.
Anyone interested in the Apple vs FBI debate or in encryption/privacy/security in general in how it relates to government and law enforcement should read this.
Could it be that they were full of it the whole time? (answer: yes)
"Internet of Things" is the current hotness. Few people realize what a security disaster this is going to be. If Mattel, a well funded, well established company can screw up so badly, just imagine what all the under-funded rushed kickstarted projects are going to be like. Then imagine the company that originally released the product is bankrupt a year later and nobody is issuing security patches. And all the clueless users installing these all over. I think this will be worse than even Windows XP ever was.
Just as I posted about this kind of stuff, Target has another breach. You'd think they'd have learned by now.
Addressing the idiocy and ignorance of officials asking for an "encryption backdoor" in the name of security. It's like telling the bank to leave a coy of the key to the vault under the welcome mat.
Nice explanation of one of the most common hacking techniques.
Few people understand computer security, and that's ok because it's complicated. It's not ok when said people are making laws related to it. This article explains why some of the things that government agencies want aren't actually feasible nor a good idea.
This goes to show how vulnerable we are to a hack by a dedicated attacker.
Computer security is hard to do. Just look at what a disaster it was for MS in the pre-Win7 era, and they are a software company! You cannot just add security to a system as an afterthought, it needs to be something that permeates the design. The problem is that it is hard and time consuming (though expensive) to do right, and it doesn't get reflected in the bottom line until disaster strikes. Then it's too late.
"Techies" criticize the closed App Store ecosystem that the iPhone pioneered, but they forget just how awful the alternative is for regular users. This article can serve as a reminder of what a cesspool Windows can be.
Who's the genius executive in Gogo that thought this was a good idea?
Hacking a large corporation is easier than most people think. The weakest link tend to be the non-technical humans.
EFF is going to start providing free TLS encryption certificates. This is great.
Law enforcement officials and even a Washington Post editorial are criticizing Apple's use of full encryption in iOS 8 and forward where not even they can break it. This is good for privacy and all these people are doing is spread FUD or displaying incredible levels of ignorance (or both).
Added this to my RSS reader. In light of everything happening lately, should be an interesting thing to follow: "A critical, campaigning column on vital issues of civil rights, freedom of information and justice – and their enemies, from the award-winning journalist, former constitutional litigator and author of three New York Times bestsellers."
So this unofficial app is available for Android. It allows you to use Apple's iMesage service. Cool, right? It's a security disaster: A user installs it, and types in their Apple ID account information. This goes to a server in China which stores it and spoofs (fakes) an iMac connected to iMessage using the credentials. So it allegedly works. But you are giving your Apple ID password to an unknown entity in China. Your Apple ID is very likely tied to an iTunes account, which is very likely tied to your credit card. Oh, and this app can also install any software on your phone without your permission. Google and Android do nothing to protect the average user. Yet the average user is not a computer security expert with perfect judgement. This is where Apple's App Store rules and tight security shines through. It protects the average user from their own ignorance. And that's a good thing because not all users can be expected to be experts before getting a smartphone.
Clever: botnet of fast servers rather than puny little PCs. No signs that The MKX® is under attack, and I'm not really worried that my password can be cracked (1Password FTW!). But interesting nonetheless.
Friends don't let friends: - Use their browser's password autosave, because it's trivial for anyone to recover it. See also: http://www.hongkiat.com/blog/how-to-retrieve-passwords-from-asterisks/
Excellent, detailed, slightly technical, highly scary article on password hacking.
A technical and objective analysis of the CarrierIQ software without the media hype nor FUD.
Every other week I hear about some malicious app for Android or so. But this is crazy, at a whole different level!
With all the recen high profile hacking going on, I'm seriously thinking about recreating all my passwords somewhat they are unique and unguessable.
It's incredible that a modern cloud service such as Dropbox was designed with such poor security in mind. We are not in the nineties anymore!
the most scary part is that doing this is quite easy, and they did it to security experts!
Very interesting article about the Conficker worm.
Good article. Something to think about every time you are standing barefoot in an airport security line watching your toothpaste go to the trash can.
Charile Miller, the guy who discovered the SMS exploit for the iPhone is interviewed. Lots of details on how the hack works and how it was found.
For the paranoid ice cream lover.