The NSA and FBI released detailed information about the Drovorub Linux malware, but major cybersecurity companies haven't found a single sample. [Read More]
Two French citizens and a Moroccan went on trial in Paris on Monday charged with planning attacks after their cyber network was successfully infiltrated by a French intelligence agent posing as a jihadist. [Read More]
European encrypted services providers ProtonMail, Threema, Tresorit and Tutanota have urged the EU to rethink a resolution that would require the implementation of encryption backdoors. [Read More]
Law enforcement authorities in the U.S. and Europe have seized the dark web sites associated with the NetWalker ransomware operations and also charged a Canadian national in relation to the malware. [Read More]
According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to harvest unique identifiers from millions of mobile devices. [Read More]
Ongoing coverage of the SolarWinds Orion attacks and useful resources, including analysis and indicators of compromise (IOC). Check back often for updates. [Read More]
Even while using Tor hidden services, there are still many ways you can be exposed and have your activities compromised if you don’t take the right precautions.
Asking for security backdoors that only benefit the good guys is like asking for bullets that only hurt the bad guys. That’s simply not how encryption works.
In the initial hours after the Paris attacks by Islamic terrorists, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system.
The overall industry tone of caution around active defenses may be calibrated to defuse the notion rather than taking the argument, buying time for other alternatives to surface.
In 2011, Twitter began encrypting all information between the (mostly) mobile endpoints and their own servers. This made it more difficult for monitoring agencies to determine a mobile user’s Twitter profile, and thereby that user’s follow list. More difficult, but not impossible.
The time has come for the technology professions to demonstrate ethical maturity and adopt standards of ethical conduct to which we hold ourselves and our peers accountable.
If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.
Because transactions using virtual currencies happen anonymously, they confuse issues of jurisdiction and can become difficult to enforce. When authorities do take action, cybercrime simply re-images itself with a new currency and a new platform.
As the “Snowden leaks” continue in their revelations and unraveling of the twisted web of government surveillance, it is becoming clear that the foundation of trust in the Internet as a shared commons has been thoroughly undermined.
The power of metadata does not come in that data itself but in the ability of that data to be processed and correlated in an automated fashion. What many believe is meaningless data can reveal more than one would think.