Verizon techie sold people's call logs at $75 a head to private dick • The Register: "A former Verizon Wireless employee is facing time behind bars after he pled guilty to selling customer records.

Daniel E Traeger copped to one charge of unauthorized access to a protected computer, admitting that from September of 2011 to January of 2014 he accessed and sold customer mobile records, including phone location and call logs, to a private investigator."

Is this the least of your privacy concerns?

Labels: security fail

Inside iOS 10: Apple doubles down on security with cutting edge differential privacy: "Apple has doubled down on privacy protection by researching cutting-edge privacy techniques for iOS 10, allowing advanced new features while protecting user data."

Double-stuffed oreos.

Labels: security policy

Apple summons security experts for bug bounty program brief - report: "Apple has allegedly invited a bevy of third party security experts and device hackers to its headquarters to break down the details of the previously announced bug bounty program for macOS and iOS."

Open the kimono.

Labels: security policy

Suspected Russian DNC hackers brew Mac trojan • The Register: "Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson."

All five Macs in use in aerospace may be infected, but the 100 million Windows machines are not.

Labels: security policy

Safe browsing checks fail as 16,000 WordPress sites hacked this year • The RegisterAt least 15,769 WordPress websites - and probably more - have been compromised this year, half slipping past Google's Safe Browsing checks, says security researcher Daniel Cid.

The world's most popular content management system represented the lion's share of some 21,821 sites studied in the second 2016 Sucuri report on compromised web properties that found 3099 Joomla! sites were hacked in the same period.

Personally a fan of Blogger run by Google's noc engineers rather than limited by my ability to patch PHP, upgrade WP plug-ins and so forth.

Labels: blogger

Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Ars Technica: "On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. "

Apple and Google have much to lose if security weakness are unreported and they also have the server farms to defend this guy.

Labels: security policy

Yahoo confirms at least 500M accounts impacted by 2014 security breach: "Yahoo on Thursday announced that information associated with at least 500 million accounts was stolen in a security breach of its network in 2014, claiming a "state-sponsored actor" was behind the attack."

And we wanted to inform you "right away";

Labels: security policy

Apple buys out machine learning firm Tuplejump: "Apple has bought out Tuplejump, its third machine learning acquisition in the space of a year, a report said on Thursday."

The real loss here is having a (company (named Tuplejump)).

The arms race to protect apps from cracking | Cult of Mac: "App developers put a lot of time and effort into preventing their apps from being cracked or pirated. But for every coder taking a step toward making an app more secure, there’s someone on the march to crack it. The integrity of any app is subject to an ongoing arms race."

The downward spiral...

Labels: app security

Think Your Mobile App is Hack Proof | App Developer Magazine: "In the worst cases, a hack exposes a company to serious risks, and the impact for businesses and users can be devastating. Imagine having your mobile health app reprogrammed to instruct you to deliver a lethal dose of medication. Or your mobile finance app draining your bank account by redirecting funds."

A zero-day exploit could ruin your whole valuation.

Labels: security flaw

Professor proves NAND mirroring attack thwarts iPhone 5c security protocols: "A Cambridge computer scientist used $100 of hardware to clone an iPhone 5c's NAND memory chip in a successful attempt at bypassing the handset's encryption lock, seemingly proving correct theories lobbed in the aftermath of Apple's encryption fight with the FBI.

Troubling for privacy advocates.

Labels: hardware hacking, ludicrous speed

Accused UK hacker to be extradited to the US to face charges | Ars Technica: "Love, 31, is alleged to have been involved in the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the suicide, while awaiting trial, of Aaron Swartz."

Reality.

Labels: security policy

Snowden’s bias is blatant—but Gordon-Levitt makes its message powerful | Ars Technica: "The first major film event about Edward Snowden did not come this year thanks to Director Oliver Stone. Instead, it came in the form of Citizenfour, the deserving winner of the 2015 Academy Award for Best Documentary."

Movie.

Labels: security policy

Publishers must let online readers pay for news anonymously | Technology | The Guardian: "Online newspapers and magazines have come to depend, for their income, on a system of advertising and surveillance, which is both annoying and unjust.

Readers are rebelling by installing ad blockers, which cut into the publisher’s surveillance-based income. And in response, some sites are cutting off access to readers unless they accept being surveilled. What they ought to do instead is give us a truly anonymous way to pay."

On the mic.

Labels: security policy

Swedish appeals court upholds arrest warrant for Julian Assange • The Register: "Assange had sought to appeal the warrant for his arrest, though not the charges, as a means of achieving escape from the Ecuadorian embassy where he has been holed up now for over four years."

Sweden: modern democratic state or vassals of US foreign policy?

Labels: security policy

Researcher reports XSS hole in Google France • The Register: "Security researchers have disclosed an cross-site scripting vulnerability in Google France."

The browser: ubiquitous and vulnerable always.

Labels: security exploit

Ted Cruz channels Senator McCarthy in wrongheaded internet power grab crusade • The Register: "With echoes of the notorious hearings run by Senator Joseph McCarthy in the 1950s, Wednesday saw Senator Ted Cruz cajole, misrepresent and then outright threaten witnesses to a hearing he called over the important change to the internet's functioning."

One must wonder how he was elected. Maybe his pals bought him a seat in the Senate.

Labels: security policy

Thousands of infected FTP servers net attackers $88k in cryptocurrency | Ars Technica: "ttackers are draining the CPU and power resources of thousands file transfer protocol servers by infecting them with malware that surreptitiously mints the relatively new crypto currency called Monero, researchers said."

Cyber-mining on the frontier.

Labels: security policy

Two critical bugs and more malicious apps make for a bad week for Android | Ars Technica: "It was a bad week for millions of Android phone users. Two critical vulnerabilities were disclosed but remain unpatched in a large percentage of devices, while, separately, malicious apps were downloaded as many as 2.5 million times from Google's official Play Marketplace."

Dang kiddies, it's harsh out there. Watch your parking meters.

Labels: android vs. ios

Raspberry Pi sells over 10 million computers | Ars Technica: "Four years since it first went on sale to eager developers, the credit card-sized Raspberry Pi computer has sold an impressive 10 million units."

Essentially, this generation's Apple ][ or C64.

Labels: raspberry pi

Kaspersky Ireland R&D haus • The Register: "With an initial investment of close to $5m, Kaspersky plans to create 50 new Dublin-based roles in the next three years. The new office will focus mainly on developing data analysis and machine learning technologies for the firm’s enterprise product line-up.

The Russian security software firm selected Dublin because of the city’s “growing reputation as a major European tech hub, providing access to a highly skilled IT talent pool and a strong network of innovative technology companies”."

Not just a tax haven, actually a civilized democracy unlike many other EU countries.

Labels: security policy

Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops • The Register: "Security consultant and blogger Rob Fuller has turned a USB SoC-based device into a credential-sniffer that works even on locked machines."

Security is hard and getting harder all the time.

Labels: security flaw

Genius Bar doesn't hire retired Apple engineer, fires up age discrimination debate: "Famously, Facebook Chief Executive Mark Zuckerberg said that "young people are just smarter" at a conference in 2007."

Young people write shitty code and too much of it. There's so much of it out there. Shitty code, that is. University grads produce terrible code. If you don't believe me, go on github and read it. Yawn.

From time to time I do contracting jobs on iOS projects. Almost always, they hire me after 4 engineers have tried to solve the problem and failed.

One thing older engineers typically do not do is sell their soul (read: 90 hour work weeks) to an inexperienced CEO and his VC overlord for stock options that in 3-5 years will be worthless slips of paper.

Labels: security policy

Feds pin brazen kernel.org intrusion on 27-year-old programmer | Ars Technica: "The indictment refers to kernel.org officials P.A. and J.H., who are presumed to be Linux kernel developer H. Peter Anvin and kernel.org Chief System Administrator John "'Warthog9" Hawley, respectively. It went on to say that Austin used the credentials to install a class of extremely hard-to-detect malware known as a rootkit and a Trojan that logs the credentials of authorized users who use the secure shell protocol to access an infected computer."

If the chief admin of the kernel was 0wned what mere mortal is safe?

Labels: security fail

New OS X security updates patch same zero-days as iOS 9.3.5 | Ars Technica: "Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates."

Paddling as fast as I can to keep from inadvertently becoming a tool of the dystopian Orwellian civilization called Earth.

Labels: 1984