"Backdoor in Call Monitoring, Surveillance Gear"
May 14, 2014 | Brian Krebs, Krebs on Security
Press
If your company’s core business is making software designed to help first responders and police record and intercept phone calls, it’s probably a good idea to ensure the product isn’t so full of security holes that it allows trivial access by unauthorized users. Unfortunately, even companies working in this sensitive space fall victim to the classic blunder that eventually turns most software into Swiss Cheese: Trying to bolt on security only after the product has shipped.
"Do Quora, Jelly and Ask.com Answer Things Correctly?"
May 13, 2014 | Sam Harnett, Marketplace
There is a TV screen in Kartik Ramakrishnan's office that displays an endless loop of questions. He is the COO of Ask.com, which you may remember from the early '90s as the search engine Ask Jeeves. One question scrolling over his screen reads, “What causes hiccups?”
"It’s Crazy What Can Be Hacked Thanks to Heartbleed"
April 28, 2014 | Robert McMillan, Wired
Western Digital makes a tiny box where you can store all your photos and other digital stuff. It’s called My Cloud, and you’ve probably seen the TV ads hawking the thing. It gives you a way to access your stuff from any machine, across the internet.
"Study Finds No Evidence of Heartbleed Attacks Before the Bug Was Exposed"
April 16, 2014 | Nicole Perlroth, New York Times
Ever since the Heartbleed bug was exposed last week, the question everyone has been asking is: Did anyone exploit it before a Google researcher first discovered it?
"Why Heartbleed Is the Most Dangerous Security Flaw On The Web"
April 8, 2014 | Russell Brandom, The Verge
Monday afternoon, the IT world got a very nasty wakeup call, an emergency security advisory from the OpenSSL project warning about an open bug called "Heartbleed." The bug could be used to pull a chunk of working memory from any server running their current software. There was an emergency patch, but until it was installed, tens of millions of servers were exposed. Anyone running a server was suddenly in crisis mode.
"IRS Decision Looms Large Over Future of Bitcoin"
March 31, 2013 | Michael Krasny, KQED Radio
The Internal Revenue Service weighed in last week to say that the online currency Bitcoin should be treated as property, not like money. The decision pits those who favor more regulation against those who want a more freewheeling market for Bitcoin. We discuss what it means for Bitcoin owners, investment firms, startups and the market for cryptocurrency.
"Surprise, Surprise: My Online Metadata Actually Reveals Where I've Been"
March 30, 2014 | Cyrus Farivar, Ars Technica
In January 2014, documents provided by Edward Snowden showed that a Canadian spy agency used a unique identifier to follow thousands of Canadians as they moved about the country. The tracking all originated from an unnamed airport. It got us thinking: how hard would it be to replicate this little experiment, writ small? Could I use one of my own online identifiers as a way to track my own movements through time and space?
"Facebook Fights Back Against the NSA Spy Machine"
March 19, 2014 | Cade Metz, Wired
Mark Zuckerberg was apparently peeved enough to phone the President when he read recent reports that the NSA was using fake Facebook websites to intercept the social network’s traffic and infect private computers with surveillance software. But Joe Sullivan — the ex-federal prosecutor who now serves as Facebook’s chief security officer — says the company has now steeled its online services so that such a ploy is no longer possible.
"Nicholas Weaver Explains How QUANTUM Works"
March 14, 2014 | Bruce Schneier, Schneier on Security
An excellent essay. For the non-technical, his conclusion is the most important:
"A Close Look at the NSA's Most Powerful Attack Tool"
March 13, 2014 | Nicholas Weaver, Wired
We already knew that the NSA has weaponized the internet, enabling it to “shoot” exploits at anyone it desires. A single web fetch, imitated by an identified target, is sufficient for the NSA to exploit its victim. But the Edward Snowden slides and story published yesterday at The Intercept convey a wealth of new detailed information about the NSA’s technology and its limitations.