Why Online Voting Is Harder Than Online Banking

from ars technica For a feature last week, I talked to a number of election experts and computer security researchers who argued that secure Internet voting isn’t feasible today and probably won’t be for many years to come. A common response to this argument—one that came up in comments to last week’s article—is to compare voting to banking. After all, we regularly use the Internet to move money around the world. Why can’t we use the same techniques to secure online votes? But voting has some unique requirements that make secure online voting a particularly challenging problem. Every electronic transaction in the […]

Continue reading

The Safest Ways to Log In to Your Computer

from Wired Whether your computer runs Windows, macOS, or Chrome OS, you have options for how you log in. And your choice doesn’t only affect how convenient it is for you to get into your laptop or desktop; it also affects how easily someone else can gain access. These are the different login options that are available and that you need to be aware of, so make sure you choose wisely. The right one for you will depend on how your computer is set up and just how cautious you’d like to be. More here.

Continue reading

Zoombombing Is A Crime, Not A Prank, Prosecutors Warn

from ars technica Coronavirus-related social distancing measures have given a big popularity boost to Zoom, a video conferencing platform that’s known for its ease of use but not necessarily strong security or privacy protections. Internet trolls and other troublemakers have responded with “Zoombombing”: joining Zoom meetings uninvited and disrupting them. Zoombombers have exposed themselves to schoolchildren and shouted racial slurs. In a Friday statement, federal prosecutors in Michigan warned the public that Zoombombing isn’t a harmless prank; it’s a crime. “Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language,” wrote the US Attorney’s Office […]

Continue reading

Hacker Eva Galperin Has a Plan to Eradicate Stalkerware

from Wired Over the last year, Eva Galperin says she’s learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they’ve called, texted, and even what they discussed in their most private conversations. How their abusers seem to know where they’ve been and sometimes even turn up at those locations to menace them. How they flaunt photos mysteriously obtained from the victim’s phone, sometimes using them for harassment or blackmail. And how none of the usual remedies to suspected hacking—changing passwords, setting up two-factor authentication—seem to help. The reason those […]

Continue reading

FCC Accuses Carriers Of Being “Gateways” For Foreign Robocallers

from ars technica The Federal Communications Commission is asking phone carriers for help blocking robocalls made from outside the US and is implementing a congressionally mandated system to trace the origin of illegal robocalls. The FCC yesterday sent letters to seven US-based voice providers “that accept foreign call traffic and terminate it to US consumers.” Tracebacks conducted by the USTelecom trade group and the FCC found that each of these companies’ services is “being used as a gateway into the United States for many apparently illegal robocalls that originate overseas,” the FCC’s letters to the companies say. The FCC letters […]

Continue reading

New Ransomware Doesn’t Just Encrypt Data. It Also Meddles With Critical Infrastructure

from ars technica Over the past five years, ransomware has emerged as a vexing menace that has shut down factories, hospitals, and local municipalities and school districts around the world. In recent months, researchers have caught ransomware doing something that’s potentially more sinister: intentionally tampering with industrial control systems that dams, electric grids, and gas refineries rely on to keep equipment running safely. A ransomware strain discovered last month and dubbed Ekans contains the usual routines for disabling data backups and mass-encrypting files on infected systems. But researchers at security firm Dragos found something else that has the potential to […]

Continue reading

Whatsapp ‘Hack’ Is Serious Rights Violation, Say Alleged Victims

from The Guardian More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones. The individuals received alerts saying they were among more than 100 human rights campaigners whose phones were believed to have been hacked using malware sold by NSO Group, an Israeli cyberweapons company. WhatsApp launched an unprecedented lawsuit against the surveillance company earlier this week, claiming it had discovered more than 1,400 of its users were targeted by NSO technology in a two-week period in May. […]

Continue reading

Recent Decision: D.C. Circuit Rules That OPM Breach Victims Have Standing to Sue

from Lawfare With data breach incidents on the rise, federal courts are grappling with the issue of standing in class action lawsuits arising from data breaches. As Lawfare has covered previously, there is arguably a circuit split over whether plaintiffs can establish an “injury in fact,” one of three constitutional standing requirements, on the grounds that a breach has put them at a heightened risk of identity theft. In a 2-1 decision this past summer titled In re: U.S. Office of Personnel Management Data Security Breach Litigation, the U.S. Court of Appeals for the D.C. Circuit weighed in on that […]

Continue reading

Encrypted DNS Could Help Close the Biggest Privacy Gap on the Internet. Why Are Some Groups Fighting Against It?

from EFF Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption. Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a […]

Continue reading

The Biggest Hacking Risk? Your Employees

from readwrite This January, a hacker broke into Ethereum Classic, one of the more popular cryptocurrencies, and began rewriting transaction histories. Until recently, blockchains were considered unhackable, but it’s clear that cybercriminals always find vulnerabilities. Here’s the lesson: If a blockchain can be hacked, no one is immune to the threat of cybercrime. And businesses are frequently exposed in unexpected ways. One of the easiest vectors for a cyberattack is employee negligence. Easily avoidable mistakes, such as using the same passwords at home and at work, put company data at risk. According to a report from information security company Shred-it, […]

Continue reading

Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis

from NYTs Sheryl Sandberg was seething. Inside Facebook’s Menlo Park, Calif., headquarters, top executives gathered in the glass-walled conference room of its founder, Mark Zuckerberg. It was September 2017, more than a year after Facebook engineers discovered suspicious Russia-linked activity on its site, an early warning of the Kremlin campaign to disrupt the 2016 American election. Congressional and federal investigators were closing in on evidence that would implicate the company. But it wasn’t the looming disaster at Facebook that angered Ms. Sandberg. It was the social network’s security chief, Alex Stamos, who had informed company board members the day before […]

Continue reading

Security in a World of Physically Capable Computers

from Schneier on Security It’s no secret that computers are insecure. Stories like the recent Facebook hack, the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they’re just the newsworthy tip of a very large iceberg. The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space. The primary reason computers […]

Continue reading

A Breach That Ripples Far Beyond Facebook

from NYTs If I did not need Facebook to do my job, I would be deleting it right now. While everyone was riveted by the drama over Judge Brett M. Kavanaugh’s potential confirmation to the Supreme Court, Facebook dropped a bombshell: Hackers had broken into at least 50 million of its accounts. The company’s chief executive, Mark Zuckerberg, and his deputy, Sheryl Sandberg, were among the victims, according to my colleagues Mike Isaac and Sheera Frenkel. For the past year, I have been covering technology in India, which has more Facebook users than any other country. Before that, I was […]

Continue reading

Tackling the Internet’s Central Villain: The Advertising Business

from NYTs Pretend you are the lead detective on a hit new show, “CSI: Terrible Stuff on the Internet.” In the first episode, you set up one of those crazy walls plastered with headlines and headshots, looking for hidden connections between everything awful that’s been happening online recently. There’s a lot of dark stuff. In one corner, you have the Russian campaign to influence the 2016 presidential election with digital propaganda. In another, a rash of repugnant videos on YouTube, with children being mock-abused, cartoon characters bizarrely committing suicide on the kids’ channel and a popular vlogger recording a body […]

Continue reading

Data Breach At Equifax Prompts A National Class-Action Suit

from WaPo The scenario that personal finance and credit experts feared most about the heist of consumer data from Equifax may already be underway: Criminals are using the stolen information to apply for mortgages, credit cards and student loans, and tapping into bank debit accounts, filing insurance claims and racking up substantial debts, according to a major new class-action suit. The suit pulls together dozens of individual complaints from consumers in all 50 states plus the District and suggests that cybercriminals aren’t wasting time using the Social Security numbers, credit card accounts, driver’s license numbers and other sensitive personal information […]

Continue reading

Why You Should Be Using a Password Manager

from iThemes Every few weeks, we hear the news that another major website has been hacked. Often these hacks mean your personal information has also been compromised. In this post, we cover the important reasons for why you should use a password manager to protect your online identity, and how to get started with LastPass, a free password manager. More here.

Continue reading

The Equifax Hack And How To Protect Your Family — All Explained In 5 Minutes

from freeCodeCamp In 1989, the US government decided to concentrate our most sensitive data in the hands of three giant finance corporations: Experian, TransUnion, and Equifax. These three corporations now store our biographic information, every address we’ve ever lived at, and every major financial transaction we’ve ever made — all so they can assign us a FICO credit score. And one of these companies just got hacked. On September 8, Equifax announced what is now the worst data breach in history. And yes — you are most likely a victim of it. Here’s how this whole disaster unfolded. More here.

Continue reading

Security News This Week: Taser Bets Big on the Surveillance State

from Wired Well, we sent 59 Tomahawk cruise missiles smack into a Syrian airbase this week. But other stuff happened too! The week started off with some clever hack revelations, including a backdoor that Russians have used for two decades, and an ATM hack that just takes a drill hole and $15 worth of gear. And some particularly industrious hackers took over a Brazilian bank’s entire online footprint for a few hours. Spies got their own cool new app that you can’t play with. Top-secret iOS spyware popped up on Android too. And drones are behaving badly again. Then there’s the […]

Continue reading

How Not To Freak Out About Cyber War

from The New Yorker In 2007, Admiral Mike McConnell, the wonky former head of the National Security Agency, became the director of National Intelligence, and soon discovered that many senior American officials were not remotely prepared for the advent of digital warfare. (Less than a year earlier, Senator Ted Stevens, of Alaska, who chaired the main Senate committee that regulates the Internet, had described the Web as a “series of tubes.”) To grab his peers’ attention, McConnell adopted the intelligence community’s version of a party trick: when visiting a Cabinet officer, he would pull out a copy of a memo […]

Continue reading