Return to Index page. Like this? Please click LIKE / SHARE etc —->
August 31, 2016 86+ Million credentials from a 2012 breach at DropBox have been confirmed valid on the DarkNet. More than half uses the now-deprecated SHA-1 protocol. If you use DropBox, change your password. Story Tweet
August 29, 2016 iPhone 6 and 6+ users beware. Touching the screen can loosen chips leading to fatal “Touch Disease”. How to spot it and how to get Apple to fix it. Story Tweet
August 29, 2016 Cyber-aware journalist refuses tempting bait leading forensic analysts to find not one, but three, previously unknown (or at least undisclosed) major security vulnerabilities in Apple’s operating sytem. Story Tweet
August 29, 2016 Biometric security spoofed again. Maybe it is good people still prefer passwords? Story Tweet
August 29, 2016 Update Class action filed re iPhone 6 and 6+ “Touch Disease”. This Update Start of the Story Tweet
August 29, 2016 Video Jacking is when your smart phone’s video is cloned and recorded via a hacked USB charger exposing everything you see and type. Three ways to protect yourself. Story Tweet
August 29, 2016 Suspected $170M cyber-thief arrested arrested by US Secret Service in Maldives. International considerations, father is Russian politician. Story Tweet
August 28, 2016 FCC to investigate SS7 protocol flaw that allows third party recording of cell calls. That was the one exposed in March 2016, more than four months ago. Story Tweet
August 28, 2016 Opera synchronization service hacked exposing 1.7 million sets of login details. Story Tweet
August 28, 2016 20,000 pages of French submarine design appears to have been compromised at the Indian shipbuilder and published in an Australian newspaper. So much for top secret strategic security. Story Tweet
August 27, 2016 Accounting and payroll services company hacked exposing people in over 23 countries. Story Tweet
August 27, 2016 When you have a universal backdoor to security systems it is a really good idea not to leak the master key. Better yet, remove the backdoor before unleashing the software on the public. Microsoft: Naughty! Apple: Best Practice! Story Tweet
August 23, 2016 Hackers plant “terrorism” files on journalist’s computer. 19 months in jail before forensic analysis clears him. Is your security up to date? Story Tweet
August 23, 2016 Google Adware hacked to serve malware with silent install. Keep those adblockers up! Story Tweet
August 23, 2016 New variant of Nemucod serves up advertising malware and ransomware. Double whammy and not a nice kind. Story Tweet
August 22, 2016 20 hotels hacked, some for more than a year before anybody noticed. Story Tweet
August 22, 2016 350+ Eddie Bauer stores hacked, some for more than six months before anybody noticed. (is this sounding familiar?) Story Tweet
August 22, 2016 Cisco PIX VPNs highly vulnerable. Story Tweet
We took a two week break to concentrate on a patent examiner’s response. While we were away we find that Tim Cook was right to question the security of the government as the NSA appears to be hacked. 20 hotels were hacked, some for more than a year before anybody noticed. Eddie Bauer was hacked for more than six months before anybody noticed. There are over 800 items in our inboxes. Our fingers and eyeballs hurt already.
August 12, 2016 Spend $40 on a computer core, add a 9 volt battery, an antenna, some other parts and software and gain access to 100,000,000 vehicles in the Volkswagen family. How massive can a cyber security failure be? Story Tweet
August 11, 2016 Defense of the Ancients 2 developer forum hacked exposing 1.9M. Admins appeared clueless until data was delivered to LeakedSource who found salt and deprecated MD5 allowed 80%+ of the passwords to be rendered as plain text. Story Tweet
August 11, 2016 Is your personal pleasure device reporting usage statistics and parameters back to the manufacturer without your knowledge or consent? At least one is. Story Tweet
August 10, 2016 BlackHat security conference attacked by Karma creating over 1,000 fake wireless networks and connecting over 35,000 unique devices. Story Tweet
August 10, 2016 ”How to Hack a Government” a surprising presentation at DefCon showing some techniques involving hacking banks, not to steal, but to move money around so current government appears crooked. How to black out communications using a cable cutting drone and how to reverse engineer social media to raise buzz about things that never happened, and more. Story Tweet
August 10, 2016 Are you getting a scam call? How would you know? A presentation gave solid guidance on security the human, often the weakest link in the chain of security. Story Tweet
August 9, 2016 Ransomware for thermostats on the internet of things (IOT) are no longer theoretical. Remember: there are Inherent Dangers to the Internet of Things (IDIOT) Story Tweet
August 9, 2016 Some airport computer generated passcodes are checked only for content, not for authenticity. One traveler gained access to all the airline lounges with codes he created. Great way to save money, but what other “security” systems use this model of insecurity? Story Tweet
August 9, 2016 Vertical integration hacker style: first hack a point-of-sale (POS) device. Then hack the store, the chain that owns the stores, now hack the POS manufacturer. Does that get the hacker control of “support” to directly access over 300,000 POS devices? Story Tweet
August 9, 2016 A Qualcomm chipset in many Android phones has four vulnerabilities that comes with the new-in-the-box device. There are three patches, but not everyone will get them right away. The fourth patch is expected in September. Story Tweet
August 9, 2016 A non-internet connected safe with a Underwriter’s Lab (UL) Type-1 High Security lock was found vulnerable to a novel side channel attack that never touches the lock itself. Story Tweet
August 7, 2016 
The computer computes it and the monitor displays it, right? Not any more. Welcome to a whole new attack plane, direct monitor manipulation. What you see may not be what the computer intended to display. Bad, very bad. Story Tweet
August 7, 2016 Update Whether your bitcoin account was hacked or not BitFinEx will take 36% of your holdings and give you a token they might redeem later. Maybe. This Update Start of the Story Tweet
August 7, 2016 Next generation business email spoofers (BES) accidentally infect themselves with their own malware. Keyloggers uploaded all the information to study how they work. Story Tweet
August 7, 2016 Samsung Pay tokens protect the card information, but are themselves vulnerable to being snagged, replicated and installed in another phone just fine and ready to use. Story Tweet
August 6, 2016 Apple ups bug bounty big time. Hackers, pick up that white hat! Story Tweet
August 6, 2016 Major vulnerability in Windows 95 continued for 20 years and was just patched in June 2016. Are you surprised? Story Tweet
August 5, 2016 
Banner Health announces breach exposing 3.7 million six weeks after the hack started and a month after they knew about it. Financial and personal information exposed. Story Tweet
August 5, 2016 Which has more security your car or your phone? The answer may disappoint you and wonder what is going to happen to those insurance premiums when the insurance companies figure it out. Story Tweet
August 5, 2016 Update 
BitFinEx robber to give away 1,000 bitcoins. Has already proven possession. Not sure they stole from the rich, nor giving to the poor, but it certainly adds some panache to typical cyber skullduggery. This Update Start of the Story Tweet
August 5, 2016 
Chip-and-PIN, stronger security than Chip-and-Signature, has been hacked with a $30 Raspberry Pi computer. Merchants have spent billions to get improved security and consumers are waiting, waiting, waiting in longer lines. Was this about consumer security or transferring risk from providers? Story Tweet
August 5, 2016 ATM that require a chipped card and a personal identification number (PIN) are secure, right? Ah, not so much. See one spew cash on stage. Story Tweet
August 4, 2016 
New hacks on cars (steering and parking brakes) and trucks (changing instrument panel, break some brakes). So “self-driving” won’t be hackable? Story Tweet
August 4, 2016 There are increasingly public incidents of cyber-espionage targeted at national elements, utility infrastructure, military, and more. Unlike WWII where the enemy wore uniforms and had insignia the cyberwar fingerprints are far less clear. Story Tweet
August 4, 2016 NY Governor tells NY AG: Crime? What crime? We just made a law and now we get a split of the take from Fantasy Sports gaming. Conflict of interest? Nonsense! Betting on insider information? That will stop now because its illegal. This Update Start of Knowledge is Power / Insider Trading Start of Knowledge is Power / Fantasy Sports Insider Trading Tweet
August 4, 2016 Voting machines more secure than ever! (NOT!) Still less secure than the average grocery register. Who benefits from this massive cybersecurity failure? Story Tweet
August 4, 2016 Hack of urology practice leads to leak of huge amounts of data for central Ohio patients. Story Tweet
August 4, 2016 Another bitcoin exchange robbed of just under 120,000 BTC, $72 million USD before the exchange drop. Are depositors wiped out? Will the exchange declare bankruptcy? Where did the value go? One thing is certain, FDIC and US-taxpayers are unlikely to be on the hook. Story Tweet
August 4, 2016 Who gets a debit card and is not allowed to decline the card agreement that carries huge fees? Prisoners released from the Federal Bureau of Prisons since 2008 whose cards were issued via a no-bid contract that extracted as much as 40 cents of each dollar on the card. Predatory? Unjustifiable? The court thought so. Story Tweet
August 4, 2016 Great News! Major Nigerian-themed scammer busted! Story Tweet
August 2, 2016 Social Security Administration just announced a requirement to access the web site. You have to have a cell phone to receive a text message with a numeric token before you can log in. This is two-factor identification (2FA) over simple messaging (SMS). No cell phone? Don’t do text messaging? Have wired internet, but live in a cell dead zone? Assisting a senior managing their benefits? More including that NIST just deprecated 2FA/SMS. Ooops. Story Tweet
August 1, 2016 
Part of the “House of the Mouse” was hacked. Good news: they noticed it only three days after it first happened. Bad news: About 391,000 users compromised. Story Tweet
August 1, 2016 
New August, same problems for Microsoft plus a new one: They have problems with their hookers and that vulnerability may have existed for seven years. Story Tweet
