inspiral + security   169

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
espionage  security  hardware  Apple  Amazon  hacking  China  USA  Bloomberg  2018 
october 2018 by inspiral
Two-factor authentication is a mess - The Verge
Five years later, the advice is starting to wear thin. Nearly all major web services now provide some form of two-factor authentication, but they vary greatly in how well they protect accounts. Dedicated hackers have little problem bypassing through the weaker implementations, either by intercepting codes or exploiting account-recovery systems. We talk about two-factor like aspirin — a uniform, all-purpose fix that’s straightforward to apply — but the reality is far more complex. The general framework still offers meaningful protection, but it’s time to be honest about its limits. In 2017, just having two-factor is no longer enough.
twofactorauthentication  security  review  critique  TheVerge  2017 
july 2017 by inspiral
WannaCry About Business Models – Stratechery by Ben Thompson
This is exactly what is necessary for good security: vendors need to keep their applications (or in the case of Microsoft, operating systems) updated, and end users need to always be using the latest version. Moreover, pricing software as a service means it is no longer a capital cost with all of the one-time payment assumptions that go with it: rather, it is an ongoing expense that implicitly includes maintenance, whether that be by the vendor or the end user (or, likely, a combination of the two).
Wannacry  security  hacking  review  critique  softwareasservice  comparison  incentives  Stratechery  2017 
may 2017 by inspiral
After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts • The Register
O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.

In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.
twofactorauthentication  security  onlinebanking  review  critique  Germany  mobile  TheRegister  2017 
may 2017 by inspiral
Why You Really Need to Stop Using Public Wi-Fi
In today’s busy world, convenience seems to outweigh consequence, especially with how people use their mobile devices. Using free public Wi-Fi networks, for example, comes with any number of serious security risks, yet surveys show that the overwhelming majority of Americans do it anyway. In a study by privatewifi.com, a whopping three-quarters of people admitted to connecting to their personal email while on public Wi-Fi.
Wifi  security  public  review  critique  HBRBlog  2017 
may 2017 by inspiral
An Unprecedented Heist Hijacked a Brazilian Bank’s Entire Online Operation | WIRED
THE TRADITIONAL MODEL of hacking a bank isn’t so different from the old-fashioned method of robbing one. Thieves get in, get the goods, and get out. But one enterprising group of hackers targeting a Brazilian bank seems to have taken a more comprehensive and devious approach: One weekend afternoon, they rerouted all of the bank’s online customers to perfectly reconstructed fakes of the bank’s properties, where the marks obediently handed over their account information.
banking  hacking  security  fraud  review  Brazil  Wired  2017 
april 2017 by inspiral
QR code scams highlight security weaknesses in China's wallet apps
The QR code rules supreme in China. You can pay for almost anything with it: street food, toilet paper, a lobster dinner, a foot massage. You can even use it to socialize. At networking sessions, it’s not uncommon to scan someone’s WeChat QR code instead of giving them your business card.

But after an incident last week involving fraudulent QR codes and US$13 million of stolen money, the security of China’s most popular offline-to-online tool is coming under fresh scrutiny.

“Some criminals paste their own QR codes over the original ones to illicitly obtain money, as ordinary consumers simply cannot tell the difference,” wrote China Daily, a state-owned English media site, in an op-ed.

“That is why we are powerless to prevent QR codes from being used for fraudulent activities, and that is precisely why the enterprises using QR codes should assume their share of the responsibility for protection.”
QRcode  mobilepayments  security  fraud  review  China  TechinAsia  2017 
march 2017 by inspiral
The Truth About the WikiLeaks C.I.A. Cache - The New York Times
In other words, the cache reminds us that if your phone is hacked, the Signal or WhatsApp messages on it are not secure. This should not come as a surprise. If an intelligence agency, or a nosy sibling, can get you to install, say, a “key logger” on your phone, either one can bypass the encrypted communication app. But so can someone looking over your shoulder while you use your phone. That is about the vulnerability of your device. It has nothing to do with the security of the apps.
Wikipedia  security  encryption  WhatsApp  Signal  review  critique  misinformation  author:ZeynepTuekci  NYTimes  2017 
march 2017 by inspiral
Hackers can remotely steal fingerprints from Android phones | ZDNet
Researchers outline how hackers can attack your smartphone to steal your fingerprint on a "large scale" -- without anybody noticing.
Android  security  fingerprint  critique  review  Zdnet  2015 
january 2017 by inspiral
1 Billion More Yahoo Accounts Have Been Hacked - BuzzFeed News
Yahoo believes, based on third-party forensic evidence, that someone stole user data from 1 billion Yahoo accounts in 2013, according to a press release from the company. This theft, it says, is likely separate from the hack of 500 million accounts it disclosed in September.
Yahoo  hacking  security  critique  Buzzfeed  2016 
december 2016 by inspiral
Boiler Room's Weekender revealed Trump's America
On Friday, November 4, Ray Ban and Boiler Room teamed up for their first weekend festival, inviting the cream of the world’s diverse underground club scene to a small year-round vacation resort in Lake Harmony, Pennsylvania. On Saturday night, it was shut down after violent involvement from local police and security. FACT’s John Twells witnessed an experiment gone wrong.
BoilerRoom  racism  clubbing  music  security  review  critique  USA  FactMag  2016 
november 2016 by inspiral
A collision of Chinese manufacturing, globalization, and consumer ignorance could ruin the internet for everyone — Quartz
Consumers, meanwhile, don’t buy cameras because they’re secure, they buy them for special features like waterproofing, sharp image resolution, or a Minion-shaped casing. Manufacturers like Xiongmai could fix the security issues, said Boland, but instead “spend as little money as possible on security, in order to make as much margin as possible.”
internetofthings  security  hacking  CCTV  Xiongmai  review  critique  Quartz  2016 
november 2016 by inspiral
The Decline in Chinese Cyberattacks: The Story Behind the Numbers
The Obama administration has been touting a decrease in commercial espionage, but the reality for corporate America may be more complicated.
espionage  security  internationalrelations  China  USA  TechnologyReview  2016 
october 2016 by inspiral
Someone Is Learning How to Take Down the Internet - Schneier on Security
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
DDoS  security  hacking  espionage  China  Russia  review  author:BruceSchneier  Schneier  2016 
october 2016 by inspiral
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage — Krebs on Security
A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.

Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
DDoS  security  internetofthings  Dyn  hacking  Mirai  KrebsonSecurity  2016 
october 2016 by inspiral
Who Makes the IoT Things Under Attack? — Krebs on Security
As KrebsOnSecurity observed over the weekend, the source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released. Here’s a look at which devices are being targeted by this malware.

The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords. Many readers have asked for more information about which devices and hardware makers were being targeted. As it happens, this is fairly easy to tell just from looking at the list of usernames and passwords included in the Mirai source code.
internetofthings  security  Mirai  hacking  review  KrebsonSecurity  2016 
october 2016 by inspiral
Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Ars Technica
For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet.

The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here.

On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers.
KerbsonSecurity  security  DDoS  denialofservice  hacking  internetofthings  review  ArsTechnica  2016 
september 2016 by inspiral
15 Years After 9/11, Is America Any Safer? - The Atlantic
Since 9/11, the United States has spent $1 trillion to defend against al-Qaeda and ISIL, dirty bombs and lone wolves, bioterror and cyberterror. Has it worked?
HomelandSecurity  security  government  review  TheAtlantic  2016 
august 2016 by inspiral
'Beyond a Reasonable Doubt,' Russians Hacked DNC, Analyst Says - ABC News
It was the keyboards that gave them away. Russian hackers, typing on keyboards configured in Cyrillic and doing it in a time zone consistent with Moscow, created the “eloquent” code that breached the computers of the Democratic National Committee, according to a top analyst who investigated the hack.

“This was absolutely not an amateur operation … When you look at the totality of all those pieces and you put them together, it kind of paints a really good picture of who the actor was,” Michael Buratowski, the senior vice president of cybersecurity services at Fidelis Cybersecurity, told ABC News Monday. “I come from a law enforcement background, and it’s [about being] beyond a reasonable doubt. And I would say it’s beyond a reasonable doubt … I’m very confident that the malware that we looked at [was from] Russian actors.”

“When we looked at the malware, we found that it was very, very eloquent in its design as well as its functionality — very advanced, not something that script user or lower level hacker would be able to really generate or customize,” he said.
Democrats  hacking  Russia  security  WikiLeaks  ABCNews  2016 
august 2016 by inspiral
What might May's vision for Brexit look like? | Open Europe
Incoming Prime Minister Theresa May has said that “Brexit means Brexit”. But what does that actually mean? What can we infer from her statements so far about how she might approach the negotiations with the EU? Pawel Swidlicki investigates.
TheresaMay  EuropeanUnion  Brexit  review  immigration  sovereignty  security  trade  freetrade  internationalrelations  OpenEurope  2016 
july 2016 by inspiral
Hacked medical records markets in everything - Marginal REVOLUTION
For some time now I have had mixed feelings about the move to electronic medical records, here is another reason why:

On the dark web, medical records draw a far higher price than credit cards. Hackers are well aware that it’s simple enough to cancel a credit card, but to change a social security number is no easy feat. Banks have taken some major steps to crack down on identity theft. But hospitals, which have only transitioned en masse from paper-based to digital systems in the past decade, have far fewer security protections in place.

…These records can sell for as much as (the bitcoin equivalent) of $60 apiece, whereas social security numbers are a mere $15. Stolen credit cards sell for just $1 to $3. During the tour, we spotted one hacker who claimed to have a treasure trove of just shy of 1 million full health records up for grabs.

As IBM’s Kuhn explained in a follow-up interview, these medical records can be leveraged for a wide variety of nefarious purposes. In some cases, it’s about stealing a person’s identity and billing them for a surgery or a prescription, and in others it’s about opening a new line of credit. Security researcher Avi Rubin told Fast Company in an recent interview that he suspects hacked medical records are often routinely used for blackmail and extortion.

Such hacking is indeed a trend:

More than 113 million medical records were hacked in 2015 alone, according to data compiled by the Health and Human Services. A newly released report from the Institute for Critical Infrastructure Technology, a cybersecurity think tank, found that some 47% of Americans have had their medical record hacked in the past 12 months.
security  healthcare  privacy  hacking  critique  author:ChristinaFarr  MarginalRevolution  2016 
july 2016 by inspiral
From HummingBad to Worse NEW DETAILS AND AN IN-DEPTH ANALYSIS OF THE HUMMINGBAD ANDROID MALWARE CAMPAIGN
For five months, Check Point mobile threat researchers had unprecedented, behind-thescenes access to a group of cybercriminals in China. This group created a malware that takes over Android devices and generates $300,000 per month in fraudulent ad revenue.
The group effectively controls an arsenal of over 85 million mobile devices around the world. With the potential to sell access to these devices to the highest bidder, Check Point researchers say similar malware campaigns may become a trend.
HummingBad  Android  security  hacking  review  Checkpoint  2016 
july 2016 by inspiral
Amazon Echo and Alexa really matter — Medium
The Amazon Echo is the first smart consumer electronics product since the smartphone that’s poised to become a daily habit for millions.
AmazonEcho  Alexa  review  virtualassistant  smarthome  security  surveillance  privacy  timer  integrations  branding  author:AnilDash  Medium  2016 
june 2016 by inspiral
Mark Zuckerberg Covers His Laptop Camera. You Should Consider It, Too. - The New York Times
On Tuesday, observers were reminded that Mr. Zuckerberg, 32, is not just a normal guy who enjoys running and quiet dinners with friends. In a photo posted to his Facebook account, he celebrated the growing user base of Instagram, which is owned by Facebook. An eagle-eyed Twitter user named Chris Olson noticed that in the image’s background, his laptop camera and microphone jack appeared to be covered with tape.
MarkZuckerberg  privacy  security  NYTimes  2016 
june 2016 by inspiral
The Mobile Economy 2015
The mobile industry continues to scale rapidly, with a total of 3.6 billion unique mobile subscribers at the end of 2014. Half of the world’s population now has a mobile subscription—up from just one in five 10 years ago. An additional one billion subscribers are predicted by 2020, taking the global penetration rate to approximately 60%. There were 7.1 billion global SIM connections at the end of 2014, and a further 243 million machine-to-machine (M2M) connections.
telecoms  mobile  statistics  penetration  mobileinternet  2G  3G  4G  LTE  smartphones  featurephones  traffic  music  profitability  revenues  investment  employment  economy  inclusion  mobilebanking  unbanked  internetofthings  mobilecommerce  identity  security  growth  global  region  Africa  Asia  Europe  LatinAmerica  MiddleEast  NorthAmerica  GSMA  2016 
june 2016 by inspiral
The big gamble: the dangerous world of British betting shops | Tom Lamont | Business | The Guardian
Bookmakers have become a fixture of the British high street. But the savage murder of a lone employee at a London betting shop has revealed the risks that their workers face
bettingshops  gambling  retail  safety  security  critique  WilliamHill  Ladbrokes  UK  Guardian  2016 
may 2016 by inspiral
How Genius annotations undermined web security | The Verge
To comment on other people’s websites, Genius broke a 20-year-old browser security system
Genius  security  critique  TheVerge  2016 
may 2016 by inspiral
What’s driving Silicon Valley to become ‘radicalized’
In Silicon Valley, there’s a new emphasis on putting up barriers to government requests for data. The Apple-FBI case and its aftermath have tech firms racing to employ a variety of tools that would place customer information beyond the reach of a government-ordered search.

The trend is a striking reversal of a long-standing article of faith in the data-hungry tech industry, where companies including Google and the latest start-ups have predicated success on the ability to hoover up as much information as possible about consumers.

Now, some large tech firms are increasingly offering services to consumers that rely far less on collecting data. The sea change is even becoming evident among early-stage companies that see holding so much data as more of a liability than an asset, given the risk that cybercriminals or government investigators might come knocking.
startup  security  privacy  encryption  data  trends  WashingtonPost  2016 
may 2016 by inspiral
Troy Hunt: Going dark: online privacy and anonymity for normal people
For the purposes of protecting yourself from incidents such as I opened this blog with, most people are simply looking for one degree of separation from the site. This means that they don't want to give the site anything personally identifiable, but they may be happy to give other services upstream of there certain info. Think about this carefully when you create accounts; who are you giving personally identifiable data attributes to and where might they be passed on to?
I'm also conscious that the guidance here could be used to hide identities on sites that most reasonable people would not like to see others participating in. The advice above is not going to entirely circumvent law enforcement - it's not supposed to - it's simply there to enable you to participate in communities where anonymity is important. Start throwing in police surveillance, court orders and data requests of service providers and the wheels will fall off very quickly.
Online privacy is not necessarily about having something to hide, it's often about simply not wanting to share certain activities. If you consider that everything you do on the web might one day become public, you may well find there are classes of site you use where privacy is actually rather important.
privacy  anonymity  internet  security  review  Tor  incognito  payments  email  Mailinator  TroyHunt  2016 
may 2016 by inspiral
10 Reasons Why InsurTech Is Going to Be Important | Let's Talk Payments
Technology spending in the global insurance industry is estimated to be around $189 billion. By 2019, the spending industry is expected to reach $205 billion. The IT spending ratio of insurance companies as a percentage of premiums has not changed to a great extent. Insurance companies currently spend about 3.8% of their direct written premium on information technology. The average spending by insurance companies has comparatively reduced in the last four years. There are around 700–800 InsurTech firms globally which are addressing the requirements of the $4.5-trillion insurance industry but the state of InsurTech is at a stage of infancy. New exciting business models to take over the insurance industry such as microinsurance and pay-as-you-go insurance have emerged. What will truly change the nature of the industry is the shift from complex, long-term insurance products to the fractions of insurance for a particular moment, time and miles count. The new opportunities are tied to mobile devices and time-efficiency. 
insurtech  insurance  opportunity  innovation  loyalty  dataanalytics  bigdata  blockchain  peertopeer  benchmarking  wearablecomputing  internetofthings  payperuse  security  fraud  API  review  LetsTalkPayments  2016 
may 2016 by inspiral
The Ukrainian Hacker Who Became the FBI’s Best Weapon—And Worst Nightmare | WIRED
ONE THURSDAY IN January 2001, Maksym Igor Popov, a 20-year-old Ukrainian man, walked nervously through the doors of the United States embassy in London. While Popov could have been mistaken for an exchange student applying for a visa, in truth he was a hacker, part of an Eastern European gang that had been raiding US companies and carrying out extortion and fraud. A wave of such attacks was portending a new kind of cold war, between the US and organized criminals in the former Soviet bloc, and Popov, baby-faced and pudgy, with glasses and a crew cut, was about to become the conflict’s first defector.
hacking  Ukraine  security  FBI  MaksymIgorPopov  profile  USA  creditcards  fraud  Wired  2016 
may 2016 by inspiral
Tails - Privacy for anyone anywhere
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:

use the Internet anonymously and circumvent censorship;
all connections to the Internet are forced to go through the Tor network;
leave no trace on the computer you are using unless you ask it explicitly;
use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
Tails  security  privacy  censorship  encryption 
may 2016 by inspiral
Everything You Ever Wanted To Know About How ISIS Uses The Internet - BuzzFeed News
They talk on Telegram and send viruses to their enemies. BuzzFeed News’ Sheera Frenkel looks at how ISIS members and sympathizers around the world use the internet to grow their global network.
ISIS  security  encryption  WhatsApp  Telegram  Tor  VPN  hacking  Tails  review  Buzzfeed  2016 
may 2016 by inspiral
What Would Happen If G.P.S. Failed? - The New Yorker
Security officials have been concerned about the susceptibility of G.P.S. to spoofing since at least the early two-thousands. Fourteen years ago, a team at Los Alamos National Laboratory, in New Mexico, built a spoofer by modifying a G.P.S.-signal simulator (a legal device that tests receivers’ accuracy) and aiming it at a stationary receiver more than a mile away. The receiver’s display revealed that it believed it was zipping across the desert at six hundred miles per hour. The world’s most powerful spoofer, however, wasn’t built for another six years. It began as a graduate-school project by Todd Humphreys, now an engineering professor and the head of the Radionavigation Laboratory at the University of Texas at Austin. Humphreys believed that the government was underestimating G.P.S.’s vulnerability to the Los Alamos team’s spoofer, but he also felt that the device would be readily detected in the real world. So he set about building a more covert version. An expert in software-defined radio—the modification of radio signals with a computer, as opposed to mixers, amplifiers, and other hardware—Humphreys used a general-purpose processor to build what he calls a “formidable lying machine,” a box that “listens” to the G.P.S. signal, gradually builds a bogus signal that aligns perfectly with the real, and then slowly overtakes it.
GPS  locationbasedservices  security  hacking  review  NewYorker  2016 
may 2016 by inspiral
Adults Media Use and Attitudes Report 2016 | Ofcom
This report is published as part of our media literacy duties. It provides research that looks at media use, attitudes and understanding, and how these change over time, with a particular focus on those groups that tend not to participate digitally. The report covers TV, radio, mobile, games, and the internet, with a particular focus on the latter.

The report focuses on the current wave of research which was conducted in autumn 2015 and any key changes compared to 2014.
internet  mobileinternet  ecommerce  mobilecommerce  mobilebanking  onlinebanking  Facebook  WhatsApp  Instagram  LinkedIn  Pinterest  Tumblr  privacy  security  demographics  socialclass  gaming  mobilegaming  tablets  PCs  smartphones  penetration  statistics  UK  Ofcom  2016 
april 2016 by inspiral
Exclusive: How Canadian Police Intercept and Read Encrypted BlackBerry Messages | Motherboard
By way of metaphor, this is exactly how the Royal Canadian Mounted Police, Canada’s federal police force, intercepted and decrypted “over one million” BlackBerry messages during an investigation into a mafia slaying, called “Project Clemenza," that ran between 2010 and 2012.

Using these messages and other evidence, the Crown mounted a case known as R. v. Mirarchi against seven men connected to the killing of Sal “the Ironworker” Montagna, a reputed member of the New York Bonanno crime family, on the outskirts of Montreal. On March 30, six of the men pleaded guilty to conspiracy to commit murder, and the seventh to being an accessory after the fact.

According to privacy expert Christopher Parsons from Canadian security research hub Citizen Lab, the RCMP may still have the ability to read anybody’s encrypted BlackBerry messages, as long as the phone isn’t linked to a corporate account.
Blackberry  security  privacy  critique  RoyalCanadianMountedPolice  Canada  Motherboard  2016 
april 2016 by inspiral
What If Apple Is Wrong?
It’s very possible that locking cops and prosecutors out of smartphones won’t interfere with justice as much as they fear. They might find ample methods of adapting, especially as new technologies arise. But just because some officials have overreacted to encryption in the past doesn’t mean we should brush off warnings coming now. The justice system is far from infallible, but it is run by people whose duty is to something more than a set of shareholders.
iPhone  security  privacy  encryption  Police  FBI  SanBernardino  review  TechnologyReview  2016 
april 2016 by inspiral
Beyond surveillance: what could happen if Apple loses to the FBI | Technology | The Guardian
As Apple lawyers recently wrote, the case pits “what law enforcement officials want against the widespread repercussions and serious risks their demands would create”. Or as James Comey, director of the FBI, told Congress in March, the case is about “this collision between public safety and privacy”.
security  privacy  iPhone  SanBernardino  encryption  impact  review  Guardian  2016 
march 2016 by inspiral
Inside Apple CEO Tim Cook’s Fight With the FBI | TIME
In an exclusive interview with TIME, Cook discusses your privacy, America’s security, and what’s at stake in the battle over encryption
TimCook  Apple  interview  security  SanBernardino  iPhone  encryption  Time  2016 
march 2016 by inspiral
Apple Policy on Bugs May Explain Why Hackers Would Help F.B.I. - The New York Times
For all the steps Apple has taken to encrypt customers’ communications and its rhetoric around customer privacy, security experts said the company was still doing less than many competitors to seal up its systems from hackers. And when hackers do find flaws in Apple’s code, they have little incentive to turn them over to the company for fixing.
Apple  security  hacking  strategy  review  critique  NYTimes  2016 
march 2016 by inspiral
Apple Stared Down The FBI And The FBI Just Blinked | Tech.pinions - Perspective, Insight, Analysis
In the case of FBI v. Apple, a hearing was scheduled for Tuesday, March 22, 2016. Late on Monday afternoon, the government requested a postponement. I predict that this case is over. Here’s why.
Apple  iPhone  Sanbernardino  security  encryption  FBI  review  author:JohnKirk  Techpinions  2016 
march 2016 by inspiral
The Feds Are Wrong to Warn of “Warrant-Proof” Phones
Warrant-proof technologies are not inherently bad. Both ephemeral and inaccessible technologies free us to explore, inquire, and play in ways that have always been necessary for human development. If we care about the freedoms that being warrant-proof gives us, we should find a more measured way to talk about facilitating law enforcement’s access to information. Otherwise we might find ourselves wondering how we wound up saddled with the concept of permanent data retention.
iPhone  SanBernardino  security  FBI  encryption  review  TechnologyReview  2016 
march 2016 by inspiral
Why Are We Fighting the Crypto Wars Again? — Backchannel — Medium
The iPhone Crisis reignited a conflict that should have been settled in the 90s. The loser is our national security.
SanBernardino  iPhone  security  encryption  NSA  review  critique  author:StevenLevy  BackChannel  Medium  2016 
march 2016 by inspiral
Mr. Fart’s Favorite Colors — Medium
The security we encounter every day — when it works at all — is usually built out of shades of gray: Lock your door. Need more? Arm your alarm. Even more? Don’t feed Fido for a day. Marginal benefits, marginal costs.
It’s easy to assume that digital security is just another spectrum, and politicians love to reinforce that — gray’s their favorite color. Every presidential candidate is offering the same Michael Scott solution: Let’s preserve everyone’s security at once! Give a little here, take a little there, half-pregnancies for all.
Unfortunately it’s not that complicated, which means it’s not that simple. Unbreakable phones are coming. We’ll have to decide who controls the cockpit: The captain? Or the cabin? Either choice has problems, but — I’m sorry, Aunt Congress — you crash if you pick 2.
Apple  iPhone  security  SanBernardino  FBI  comparison  airlines  author:BlakeRoss  Medium  2016 
march 2016 by inspiral
Apple’s “Code = Speech” Mistake
But on the other hand, and critically, there are many things that humans will do with code that will have nothing to do with the First Amendment (e.g., launching denial of service attacks and writing computer viruses). Code = Speech is a fallacy because it would needlessly treat writing the code for a malicious virus as equivalent to writing an editorial in the New York Times. Similarly, if companies use algorithms to discriminate on the basis of race or sex, wrapping those algorithms with the same constitutional protection we give to political novels would needlessly complicate civil rights law in the digital age. It’s easy to argue that Code = Speech, but accepting that argument would create a mess, and an avoidable one at that. It’s harder to look at what the government is trying to do, and harder to figure out whether this is in conflict with the values the First Amendment protects, but that’s the way the law works. The hard way is also far more preferable to giving tech companies whose businesses run on code a free pass from the kinds of meaningful regulation we’ve imposed upon other companies since the New Deal.
Apple  SanBernardino  iPhone  security  law  FBI  review  TechnologyReview  2016 
march 2016 by inspiral
Apple is right. Our smartphones must be kept secure - FT.com
Something in the government’s rhetoric does not add up. The FBI either has solid reasons to break into that phone — in which case it is not obvious why the mighty power of the National Security Agency and other government bodies has not yet been mobilised — or it is simply using the San Bernardino case as an excuse to redefine its relationship with Silicon Valley.
SanBernardino  iPhone  Apple  FBI  security  SiliconVallley  review  critique  author:EvgenyMorozov  FinancialTimes  2016 
february 2016 by inspiral
Apple, the FBI, and Security - Stratechery by Ben Thompson
Note what I have not discussed in this article: privacy. In fact, I do agree that there are significant privacy concerns around the FBI’s insistence that Apple explicitly weaken iPhone security, and I would personally lean towards the privacy side of the debate when it comes to the privacy-security tradeoff.

That said, as I articulated above, I understand the FBI’s concerns about going dark, and the agency could hardly have picked a more compelling example to make their case for tech company cooperation. I am not surprised that a majority of Americans say Apple “Should unlock the terror suspect’s iPhone.”

That is why it is critical to make the argument that the FBI’s request weakens security by compelling something much deeper than merely “unlocking an iPhone.” In other words, given the context of the United States as a whole, an argument for privacy and an argument for security are not a tradeoff at all, but rather two paths to the same outcome: stronger, not weaker iPhones.
Apple  iPhone  security  privacy  encryption  SanBernardino  review  author:BenThompson  Stratechery  2016 
february 2016 by inspiral
Report outlines how family offices can keep sensitive data out of cyber hacker hands | Campden FB
A “shocking” number of family offices send confidential information via email, according to a family wealth IT expert, as new research outlines how family offices can protect themselves from cyber attacks.
familyoffice  informationtechnology  security  critique  TrustedFamily  ArchwayTechnologyPartners  CampdenFB  2014 
january 2016 by inspiral
“Internet of Things” security is hilariously broken and getting worse | Ars Technica
Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.

The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.
InternetofThings  security  critique  Shodan  ArsTechnica  2016 
january 2016 by inspiral
How the smartphone changed everything, or, the rise of BYOD in the workplace | Ars Technica
In the past decade, mobile computing has gone from a niche market for well-heeled enterprises with large field organisations to the fastest growing, and often most popular, way for employees of organisations of all sizes to do business computing. The near-universal adoption of mobile devices by consumers—who are also employees—has forced one of the most major shifts that corporate IT has ever seen.
mobile  enterprise  smartphones  bringyourowndevice  chooseyourowndevice  security  hybriddevices  iPadPro  MicrosoftSurface  virtualassistant  mobileapps  review  ArsTechnica  2016 
january 2016 by inspiral
Why Apple Defends Encryption
Apple is nearly unique among technology leaders in that it’s high profile, has revenue lines that don’t rely on compromising privacy, and sells products that are squarely in the crosshairs of the encryption debate. Because of this, Apple comes from a far more defensible position, especially now that the company is dropping its iAd App Network.
Apple  encryption  security  privacy  strategy  TitBits  2016 
january 2016 by inspiral
Amazon’s customer service backdoor — Hacker Daily — Medium
As a security conscious user who follows the best practices like: using unique passwords, 2FA, only using a secure computer and being able to spot phishing attacks from a mile away, I would have thought my accounts and details would be be pretty safe? Wrong.
Because when someone has gone after me, it all goes for nothing. That’s because most systems come with a backdoor, customer support. In this post I’m going to focus on the most grievous offender: Amazon.com
Amazon  security  customerservice  review  critique  personalaccount  EricSpringe  Medium  2016 
january 2016 by inspiral
Stranger hacks family's baby monitor and talks to child at night  | SF Globe
family living in Washington is speaking out about the horrors they experienced while operating a baby monitor inside their 3-year-old son's bedroom. The couple Jay and Sarah were alarmed to discover that a stranger had hacked into their baby monitor and was spying on their toddler, sometimes speaking disturbing messages into the device, as CBS News describes. 
inter  babymonitor  security  critique  Foscam  SFGate  2016 
january 2016 by inspiral
Four predictions for email marketing that won’t come true in 2016 | Econsultancy
For the last three years, I’ve made predictions about various aspects of online marketing (see here for 2015 and 2014.) They’re mostly right, except for most of them

For the last three years, I’ve made predictions about various aspects of online marketing (see here for 2015 and 2014.) They’re mostly right, except for most of them

So here’s some predictions for email marketing that won’t come true in 2016.
1. Automated campaigns won’t annoy any consumers, at all, ever. For reals.
2. Last-click email attribution will die the slow, horrible death it deserves.
3. More companies will get their lists nicked, and will vigilantly prevent it in the future.
4. The old guard’s ways of thinking will be replaced by actual innovation.
Who wants to hear about two super-positive predictions that I believe WILL come true in 2016?
1. Innovation will continue to happen, but not how you expect.
2. Someone will say “Email isn’t dead!” and we’ll be like “No sh*t!”
emailmarketing  forecast  automation  attribution  security  Econsultancy  2016 
january 2016 by inspiral
Accenture: Consumers not interested in Internet of Things devices - Business Insider
Accenture surveyed more than 28,000 consumers in 28 countries. Here's what they found out:

People are getting bored with new smartphones. Only 48% of consumers plan to buy a smartphone in the next 12 months. That's down 6 points from last year — the first drop since Accenture started doing this survey almost a decade ago, the company's representative Charles Hartley told me. The drop was particularly stark in China, where it went from 82% last year to only 61% this year. Of those who don't plan to buy a new one, 47% said the main reason was because their current phone was good enough.
They're also bored with tablets and laptops. Similarly, the survey showed an eight-point drop in purchase intent for tablets, and a six-point drop for laptops. Overall, only 13% expected to spend more on smartphones, tablets, and laptops this year than last year. That's compared with 33% who said they were planning to spend more in 2014 than 2013. 
Interest in new kinds of gadgets is not filling the gap. Most worryingly, interest in wearables and connected devices was flat from last year, and purchase intent is relatively low
A lot of people are worried about security and privacy of these new gadgets. This was perhaps the biggest surprise: The number-two reason people didn't plan to buy one of these devices (which Accenture calls "Internet of Things" or IoT devices) was because they were worried that they would expose their personal information
smartphones  Tablets  laptops  PCs  internetofthings  consumer  survey  research  security  privacy  critique  Accenture  BusinessInsider  2016 
january 2016 by inspiral
Terrorism Response Puts Belgium in a Harsh Light - The New York Times
Belgium has a government, unlike the long stretch of limbo after inconclusive elections in 2010. But with its capital paralyzed and its political elite pointing fingers over who is to blame for letting jihadists go unchecked, the country is again being ridiculed as the world’s most prosperous failed state.
terrorism  Islam  politics  government  security  responsibility  critique  Belgium  NYTimes  2015 
november 2015 by inspiral
Social Media Real Time Alerts To Protect your Business and Employees
SecureMySocial, a new offering created by cybersecurity veteran, Joseph Steinberg, alerts people in real time if they make social-media posts that may break the law, violate internal-policy guidelines, deface their employer’s brand, or might otherwise harm either the person making the post or their employer. Within seconds of a problematic post being made from anywhere, SecureMySocial can notify the poster with information as to why the post may be problematic and instructions on how to remove the post, or it can even automatically and instantly delete the post if so authorized. This is a potential lifesaver.
socialmedia  security  regulations  safety  utility  SecureMySocial 
november 2015 by inspiral
Why is Android security so bad: Google-funded research explains | BGR
How bad is this? Because of Android’s highly fragmented distribution and because third parties are responsible to delivering critical patches to their devices, the researchers estimate that 90% of Android devices right now are exposed to at least one critical vulnerability.
Android  mobileoperatingsystems  security  critique  BGR  2015 
october 2015 by inspiral
« earlier      
per page:    204080120160

related tags

2G  3dcameras  3dprinters  3G  4G  4K  ABCNews  Accenture  AdiosHola  advocacy  Africa  airlines  airport  Alexa  AllThingsD  AlQaeda  Amazon  AmazonEcho  AmericanExpress  Android  anonymity  API  Apple  ApplePay  AppleWatch  ArchwayTechnologyPartners  ARM  ARPAnet  ArsTechnica  artificialintelligence  Asia  AsiaPacific  AT&T  attribution  augmentedreality  authentication  author:AnilDash  author:BenBajarin  author:BenThompson  author:BlakeRoss  author:BruceScheier  author:BruceSchneier  author:ChristinaFarr  author:EvgenyMorozov  author:FredWilson  author:JohnKirk  author:KevinRoose  author:NicholasBarr  author:StevenLevy  author:StevenSinofsky  author:TimBajarin  author:ZeynepTuekci  automation  AVC  babymonitor  BackChannel  backup  BadUSB  banking  battery  beacon  Belgium  benchmarking  BenedictEvans  bettingshops  BGR  bigdata  biometrics  bitcoin  Blackberry  BLE  blockchain  Bloomberg  BoilerRoom  BoingBoing  BoozAllen  branding  Brazil  Brexit  BrianActon  bringyourowndevice  Broadwell  BruceSchneier  Business2Community  BusinessInsider  Buzzfeed  CampdenFB  Canada  Canonical  capacity  Captcha  CaseyResearch  Caucuses  CCTV  censorship  Checkpoint  China  chipandpin  chooseyourowndevice  Chromebook  Clearmatics  cloudcomputing  clubbing  comparison  consumer  consumercreatedcontent  contentmarketing  CoreM  country  CreativeShowcase  creditcards  crime  critique  crowdsourcing  cryptocurrencies  cryptography  ctrlshift  currency  customerservice  cybersecurity  cycling  DailyDot  DAO  DaringFireball  DarkReading  data  dataanalytics  databreach  datavisualisation  DavidCameron  DDoS  defence  DefenceDepartment  Deloitte  democracy  Democrats  demographics  denialofservice  developingworld  development  device  drones  Dvice  Dyn  ecommerce  economy  Econsultancy  education  electricity  ElectronicFrontierFoundation  email  emailmarketing  employment  encryption  enterprise  ephemeral  EricSpringe  Ericsson  espionage  Ethereum  Europe  EuropeanUnion  evolution  eyescan  Facebook  facialrecognition  FactMag  familyoffice  FBI  featurephones  FIDO  Fin24  finance  financialservices  FinancialTimes  fingerprint  fintech  FireEye  food  forecast  Foscam  fraud  FreeBasics  freedom  freetrade  FTLabs  Fusion  gambling  gaming  Gartner  Genius  geoblocking  geofencing  Germany  Gigaom  Gliph  global  Google  GoogleGlass  government  GovernmentDigitalService  GPS  growth  GSMA  Guardian  guide  guidelines  guns  hacker  HackerOne  hacking  hardware  HBRBlog  health  healthcare  Heartbleed  Heml.is  history  Hola  home  HomelandSecurity  HTML5  HTTP/2  HummingBad  hybridcloud  hybriddevices  iCloud  identity  identityassurance  IET  imagerecognition  immigration  impact  incentives  inclusion  incognito  information  InformationCommissioner'sOffice  InformationisBeautiful  informationtechnology  InfoWorld  innovation  Instagram  insurance  insurtech  integrations  Intel  inter  interactiveinfographic  internationalrelations  internet  internet.org  internetofshit  internetofthings  internetservices  interview  investment  iOS  iPadPro  iPhone  IPO  ISIS  Islam  JanKoum  Java  Java6  journalism  JWTIntelligence  KakaoTalk  KerbsonSecurity  KernelMag  keys  Knightscope  Knox  KrebsonSecurity  Ladbrokes  laptops  LatinAmerica  launch  law  LearningbyShipping  legal  Legatum  lending  LetsEncrypt  LetsTalkPayments  LinkedIn  locationbasedservices  Lockitron  longform  loyalty  LSE  LTE  machinelearning  Mailinator  MaksymIgorPopov  malware  ManintheMiddle  MarginalRevolution  market  MarkZuckerberg  Mastercard  media  MediaPost  Medium  MicrosoftSurface  MiddleEast  migration  MiiCard  Mindfulness  Mirai  misinformation  mobile  mobileapps  mobilebanking  mobilecommerce  mobiledesign  mobiledevicemanagement  mobilegaming  mobileinternet  mobilemessaging  mobilenews  mobileoperatingsystems  mobilepayments  mobilesearch  mobilesocial  mobilevideo  ModernLuxury  MondayNote  Motherboard  MoxieMarlinspike  multiscreening  multitasking  music  NeoColonialism  NeoLuddism  NetBanker  netizen  NewYorker  NORAD  NorthAmerica  NorthKorea  NSA  NYMag  NYTimes  O'ReillyRadar  Oakland  Ofcom  Olympics  ondemand  onlinebanking  onlinesecurity  OpenEurope  OpenIdentityExchange  opensource  opportunity  Oracle  OryOkollohMwangi  PandoDaily  PartnershipFundforNewYorkCity  password  payments  Paypal  payperuse  PCs  peertopeer  peertopeerlending  penetration  personalaccount  Pinterest  plugin  police  PoliticoMagazine  politics  PonziScheme  premiumisation  privacy  PrivacyInternational  privatisation  profile  profitability  PSFK  public  PublicIntelligence  PublicKeyInfrastructure  PVR  QRcode  Qualcomm  quantifiedself  Quartz  racism  ranking  Recode  referendum  region  regulations  remoteaccess  research  response  responsibility  retail  revenues  review  risk  robotics  RollingStone  RonaldReagan  RoyalCanadianMountedPolice  Russia  safety  Samsung  Sanbernardino  SanBernardino  SanFrancisco  Schneier  searchmarketing  SecureEnclave  SecureMySocial  security  selfdrivingvehicles  semanticsearch  sensors  SFGate  SFWeekly  sharingeconomy  Shodan  Signal  SiliconValley  SiliconVallley  Slate  smartcities  smarthome  smartphones  SmartThings  smartwatch  Snapchat  Sochi  socialcapital  socialclass  socialmedia  softwareasservice  Sony  SouthAfrica  SouthKorea  sovereignty  speculation  speed  SSL  standards  startup  statistics  StevenSinofsky  stickers  Stratechery  strategy  streamingmedia  support  surveillance  survey  SXSW  SyrianElectronicArmy  tabletasatelevision  tablets  Tails  taxevasion  tech  TechCrunch  TechinAsia  technology  TechnologyReview  Techpinions  telecoms  Telegram  television  termsandconditions  terrorism  textmessage  TheAtlantic  TheInterview  TheNextWeb  TheRegister  TheresaMay  TheVerge  ThinkAdvisor  threats  TimCook  time  timer  TitBits  token  Tor  TouchID  trade  traffic  TrendMicro  trends  TroyHunt  trust  TrustedFamily  TSA  Tumblr  TV  twofactorauthentication  ubuntu  Uganda  UK  Ukraine  Ukreaine  unbanked  unions  USA  usb  userexperience  utility  Utne  VanityFair  Venmo  Vice  virtualassistant  virtualreality  Visa  visualweb  VPN  vulnerable  WallStreetJournal  Wannacry  WarGames  WashingtonPost  wealthmanagement  wearablecomputing  webjournalism  wetware  WhatsApp  Wickr  Wifi  WikiLeaks  Wikipedia  WilliamHill  WindowsXP  Wired  WordPress  Xiaomi  Xiongmai  Yahoo  Zdnet  ZeuS 

Copy this bookmark:



description:


tags: