This is significant....

This is an interesting article that looks at Hacking Team's purchasing of zero-day (0day) vulnerabilities from a variety of sources: Hacking Team's relationships with 0day vendors date back to 2009 when they were still transitioning from their information security consultancy roots to becoming a surveillance business. They excitedly purchased exploit packs from D2Sec and VUPEN, but they didn't find the...

The California market squid, Doryteuthis opalescens, can manipulate its color in a variety of ways: Reflectins are aptly-named proteins unique to the light-sensing tissue of cephalopods like squid. Their skin contains specialized cells called iridocytes that produce color by reflecting light in a predictable way. When the neurotransmitter acetylcholine activates reflectin proteins, this triggers the contraction and expansion of deep...

A worker in Amazon's packaging department figured out how to deliver electronics to himself: Since he was employed with the packaging department, he had easy access to order numbers. Using the order numbers, he packed his order himself; but instead of putting pressure cookers in the box, he stuffed it with iPhones, iPads, watches, cameras, and other expensive electronics in...

This is a big deal. Hackers can remotely hack the Uconnect system in cars just by knowing the car's IP address. They can disable the brakes, turn on the AC, blast music, and disable the transmission: The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway....

In this essay/review of a book on UK intelligence officer and Soviet spy Kim Philby, Malcolm Gladwell makes this interesting observation: Here we have two very different security models. The Philby-era model erred on the side of trust. I was asked about him, and I said I knew his people. The "cost" of the high-trust model was Burgess, Maclean, and...

Interesting article....

In this essay/review of a book on UK intelligence officer and Soviet spy Kim Philby, Malcom Gladwell makes this interesting observation: Here we have two very different security models. The Philby-era model erred on the side of trust. I was asked about him, and I said I knew his people. The "cost" of the high-trust model was Burgess, Maclean, and...

The -- depending on who is doing the reporting -- cheating, affair, adultery, or infidelity site Ashley Madison has been hacked. The hackers are threatening to expose all of the company's documents, including internal e-mails and details of its 37 million customers. Brian Krebs writes about the hackers' demands. According to the hackers, although the "full delete" feature that Ashley...

Google secures photos using public but unguessable URLs: So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you'd have to work through 1070 different combinations to get the...

I may have posted this short video before, but if I did, I can't find it. It's four years old, but still pretty to watch. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Micah Lee has a good tutorial on installing and using secure chat. To recap: We have installed Orbot and connected to the Tor network on Android, and we have installed ChatSecure and created an anonymous secret identity Jabber account. We have added a contact to this account, started an encrypted session, and verified that their OTR fingerprint is correct. And...

The ProxyHam project (and associated Def Con talk) has been canceled under mysterious circumstances. No one seems to know anything, and conspiracy theories abound....

If you subscribe to my monthly e-mail newsletter, Crypto-Gram, you need to read this. Sometime between now and the August issue, the Crypto-Gram mailing list will be moving to a new host. When the move happens, you'll get an e-mail asking you to confirm your subscription. In the e-mail will be a link that you will have to click in...

This is interesting: We can learn a lot about the potential for safety failures at US nuclear plants from the July 29, 2012, incident in which three religious activists broke into the supposedly impregnable Y-12 facility at Oak Ridge, Tennessee, the Fort Knox of uranium. Once there, they spilled blood and spray painted "work for peace not war" on the...