Two new attacks on Tor
Two new attacks on Tor were recently announced. The first involves using an exit node to automatically modify software patches to include malware. This one is being seen in the wild already. The...
View ArticleHow to protect your Mac from Rootpipe
https://xkcd.com/149/ Security researcher Emil Kvarnhammar of TrueSec announced the discovery of a new vulnerability in Mac OS X from 10.8.5 though the current 10.10. The attack is against a unix...
View ArticleHow to protect yourself against new DarkHotel type WiFi attacks
Kaspersky recently announced the discovery of a new Advanced Persistent Threat (APT) that they are calling DarkHotel. This is in the fine tradition of giving all newly discovered hackers or...
View ArticleProtect your security from ISPs stripping email encryption
Engineers at Golden Frog recently discovered that Cricket wireless was automatically disabling their email encryption. It is not at all clear why they were doing this, but we do know how. When an...
View ArticleSecurity risk of Uber abusing trust & tracking reporters
In two separate cases recently Uber has, or has talked about, abusing its information about their customer’s movements. First a Buzzed reporter Johana Bhuiyan was told that she was tracked on the way...
View ArticleChaos Computer Club censored (and me too)
The Chaos Computer Club recently announced that their website was being blocked by Vodefone as part of their participation in the “Great Firewall of Britain”. This is somewhat concerning as they don’t...
View ArticleSecurity implications of Lizard Squad Attack on Tor
Right after the Lizard Squad finished with a DDOS attack on the PSN and XBOX networks, they launched an attack against the Tor anonymity system. The attack was simple, set up enough Tor relays to be...
View ArticleSnipers at the Watering Hole
Security researchers discovered a very sophisticated watering hole attack against Forbes. There is a major trend towards increasingly targeted cyber attacks, from advanced persistent threats (APT), to...
View ArticleWhat Hand Sanitizer Can Teach Us About Cybersecurity
I spent the last week at the RSA security conference in fear of getting sick before my talk on Friday, the last day of the conference. During that time I was nearly obsessive about using hand...
View ArticleIndia Censorship – on then off again
India recently announced that all ISPs in the country will be required to block a list of over 800 websites. They claim all of these were for pornography or child pornography, but it turns out that...
View Article