Russia has put out a tender on its official government procurement website for anyone who can identify Tor users. The reward of $114,000 seems pretty cheap for this capability. And we now get to debate whether 1) Russia cannot currently deaonymize Tor users, or 2) Russia can, and this is a ruse to make us think they can't....

An interactive animation from the Museum of New Zealand Te Papa Tongarewa. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers....

I'd like more information on this....

A group of hackers are using a vulnerability in the Next thermostat to secure it against Nest's remote data collection....

Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now. Article....

A six-hour video of a giant squid dissection from Auckland University of Technology. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Long article on a sophisticated hacking of the NASDAQ stock exchange....

The Maryland Air National Guard needs a new facility for its cyberwar operations: The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive...

The article says they were Chinese but offers no evidence: The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their...

Here's some interesting research on foiling traffic analysis of cloud storage systems. Press release....

Brian Krebs is reporting that: The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. It's actually a very hard problem to solve. The adversary can...

Last week, we learned that the NSA targets people who look for information about Tor. A few days later, the operator of a Tor exit node in Austria has been found guilty as an accomplice, because someone used his computer to transmit child porn. Even more recently, Tor has been named as a defendant in a revenge-porn suit in Texas...

The latest Snowden story is a catalog of exploit tools from JTRIG (Joint Threat Research Intelligence Group), a unit of the British GCHQ, for both surveillance and propaganda. It's a list of code names and short descriptions, such as these: GLASSBACK: Technique of getting a targets IP address by pretending to be a spammer and ringing them. Target does not...

This is an interesting paper: "An Anthropological Approach to Studying CSIRTs." A researcher spent 15 months at a university's SOC conducting "ethnographic fieldwork." Right now it's more about the methodology than any results, but I'll bet the results will be fascinating. And here's some information about the project....