Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now. Article....

A six-hour video of a giant squid dissection from Auckland University of Technology. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Long article on a sophisticated hacking of the NASDAQ stock exchange....

The Maryland Air National Guard needs a new facility for its cyberwar operations: The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive...

The article says they were Chinese but offers no evidence: The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their...

Here's some interesting research on foiling traffic analysis of cloud storage systems. Press release....

Brian Krebs is reporting that: The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. It's actually a very hard problem to solve. The adversary can...

Last week, we learned that the NSA targets people who look for information about Tor. A few days later, the operator of a Tor exit node in Austria has been found guilty as an accomplice, because someone used his computer to transmit child porn. Even more recently, Tor has been named as a defendant in a revenge-porn suit in Texas...

The latest Snowden story is a catalog of exploit tools from JTRIG (Joint Threat Research Intelligence Group), a unit of the British GCHQ, for both surveillance and propaganda. It's a list of code names and short descriptions, such as these: GLASSBACK: Technique of getting a targets IP address by pretending to be a spammer and ringing them. Target does not...

This is an interesting paper: "An Anthropological Approach to Studying CSIRTs." A researcher spent 15 months at a university's SOC conducting "ethnographic fieldwork." Right now it's more about the methodology than any results, but I'll bet the results will be fascinating. And here's some information about the project....

Neat video shot from a remote-operated vehicle. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Funny, and the inspiration for this week's headlines. (Note that the image shows Password Safe on the screen.) And marginally related, here's an odd essay about using a password as a mantra for personal change....

Okay, it's a parody: The Russian Federation is more complex. At a political level there's a lot of grandstanding. Operationally though, we share intelligence with Russia on anyone who is a mutual target (and that, ironically, includes most of the Russian Federation). China is our main mutual target because it refuses to share the economic intelligence data it gathers about...

Researchers are refining the techniques of surreptitiously videoing people as they type in their passwords. Other hackers have shown it's possible to perform automated over-the-shoulder password stealing. But Fu notes that older video tools had to actually see the display, which often is impossible from a distance or from indirect angles. (See UMass's PIN-capturing footage taken by Glass in the...

LIFX is a smart light bulb that can be controlled with your smart phone via your home's Wi-Fi network. Turns out that anyone within range can obtain the Wi-Fi password from the light bulb. It's a problem with the communications protocol....