Group items tagged

"TL;DR: all recent macOS devices are no longer safe to use if left alone, even if you have them powered down. The root of trust on macOS is inherently broken They can bruteforce your FileVault2 volume password They can alter your macOS installation They can load arbitrary kernel extensions"

""Privacy Not Included" is Mozilla's Christmas shopping (anti)-guide to toys and gadgets that spy on you and/or make stupid security blunders, rated by relative "creepiness," from the Nintendo Switch (a little creepy) to the Fredi Baby monitor (very creepy!). Mozilla's reviews include a detailed rationale for each ranking, including whether the product includes encryption, whether it forces a default password change, how easy to understand the documentation is, whether it shares your data for "unexpected reasons," whether it has known security vulnerabilities, whether it has parental controls and more."

Yikes...scary...

"They aren't limited by human notions of attention; they can watch everyone at the same time. So while it may be true that using encryption is something the NSA takes special note of, not using it doesn't mean you'll be noticed less. The best defense is to use secure services, even if it might be a red flag. Think of it this way: you're providing cover for those who need encryption to stay alive."

"This story is getting squrrelier and squrrelier. Yes, security companies love to hype the threat to sell their products and services. But this goes further: single-handedly trying to create a panic, and then profiting off that panic."

Justin Engler and Paul Vines will demo a robot called the Robotic Reconfigurable Button Basher (R2B2) at Defcon; it can work its way through every numeric screen-lock Android password in 19 hours.

"Dropbox is at the centre of a leak scandal, following the releasing of 400 usernames and passwords by an anonymous user on Pastebin. The hacker claims the initial dump is just a portion of the 6,937,081 Dropbox accounts he claims to have compromised on Tuesday. He then requested Bitcoins in payment before he would allow access to more accounts."

"Nearly 150 million people have been affected by a loss of customer data by Adobe, over 20 times more than the company admitted in its initial statement last week."

"And if your password can be reverse-engineered to reveal something about you or others like you, how safe or unique is it really."

"The hacker compromised the firm's global email server through an "administrator's account" that, in theory, gave them privileged, unrestricted "access to all areas". The account required only a single password and did not have "two-step" verification, sources said."

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "

"Regin is a tool capable of infecting and compromising entire networks, not just individual computers, as security companies Symantec and Kaspersky Labs detailed in their technical reports published on Sunday and Monday. It's not only a computer virus or malware, but also a toolkit or platform that can be used for different purposes, depending on the needs of the attackers. It can collect passwords, retrieve deleted files, and even take over entire networks and infrastructures, according to researchers. "

""Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords. These attempts specifically were trying to gain access to our emails. "

Yikes this is very scary - lets all jump from WEP, to WPA to WPA 2?