Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Feed Schneier: Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks->

This is interesting research:: Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials. The...
Link to Original Source

Feed Schneier: Mickens on Security->

James Mickens, for your amusement. A somewhat random sample: My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly...
Link to Original Source

Feed Schneier: German BfV - NSA Cooperation->

The German newspaper Zeit is reporting the BfV, Germany's national intelligence agency, (probably) illegally traded data about Germans to the NSA in exchange for access to XKeyscore. From Ars Technica: Unlike Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ....
Link to Original Source

Feed Schneier: Iranian Phishing->

CitizenLab is reporting on Iranian hacking attempts against activists, which include a real-time man-in-the-middle attack against Google's two-factor authentication. This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and...
Link to Original Source

Feed Schneier: Defending All the Targets Is Impossible->

In the wake of the recent averted mass shooting on the French railroads, officials are realizing that there are just too many potential targets to defend. The sheer number of militant suspects combined with a widening field of potential targets have presented European officials with what they concede is a nearly insurmountable surveillance task. The scale of the challenge, security...
Link to Original Source

Feed Schneier: Regularities in Android Lock Patterns->

Interesting: Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, recently collected and analyzed almost 4,000 ALPs as part of her master's thesis. She found that a large percentage of them -- 44 percent -- started in the top left-most node of the screen. A full 77 percent of them started in one of the four...
Link to Original Source

Feed Schneier: Movie Plot Threat: Terrorists Attacking US Prisons->

Kansas Senator Pat Roberts wins an award for his movie-plot threat: terrorists attacking the maximum-security federal prison at Ft. Leavenworth: In an Aug. 14 letter to Defense Secretary Ashton B. Carter, Roberts stressed that Kansas in general -- and Leavenworth, in particular -- are not ideal for a domestic detention facility. "Fort Leavenworth is neither the ideal nor right location...
Link to Original Source

Feed Schneier: Are Data Breaches Getting Larger?->

This research says that data breaches are not getting larger over time. "Hype and Heavy Tails: A Closer Look at Data Breaches," by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest: Abstract: Recent widely publicized data breaches have exposed the personal information of hundreds of millions of people. Some reports point to alarming increases in both the size and frequency of...
Link to Original Source

Feed Schneier: The Advertising Value of Intrusive Tracking->

Here's an interesting research paper that tries to calculate the differential value of privacy-invasive advertising practices. The researchers used data from a mobile ad network and was able to see how different personalized advertising practices affected customer purchasing behavior. The details are interesting, but basically, most personal information had little value. Overall, the ability to target advertising produces a 29%...
Link to Original Source

Feed Schneier: Friday Squid Blogging: Calamari Ripieni Recipe->

Nice and easy Calamari Ripieni recipe, along with general instructions on cooking squid: Tenderizing squid is as simple as pounding it flat -- if you're going to turn it into a steak. Otherwise, depending on the size of the squid, you can simply trim off the tentacles and slice the squid body, or mantle, into rings that can be grilled,...
Link to Original Source

It is impossible to travel faster than light, and certainly not desirable, as one's hat keeps blowing off. -- Woody Allen

Working...