"Bill Burr didn’t really know much about how passwords worked back in 2003, when he wrote the manual. He certainly wasn’t a security expert. And now the retired 72-year-old bureaucrat wants to apologize." Continue reading →
"The Nation‘s Patrick Lawrence wrote a lengthy review of the findings made by various computer experts formerly with the NSA. Published this week, the left-wing magazine’s report notes two bases for their conclusion: (1) hard science shows that a remote hack of the DNC servers resulting in the breach that actually occurred would have been technologically impossible; (2) forensic review of the initial Guccifer 2.0 documents proves that they are poorly-disguised cut-and-paste jobs–forgeries–intended to finger Russia." Continue reading →
"It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction." Continue reading →
"There's a need to protect patients, so that attackers can't hack an insulin pump to administer a fatal dose. And vulnerable medical devices also connect to a huge array of sensors and monitors, making them potential entry points to larger hospital networks. That in turn could mean the theft of sensitive medical records, or a devastating ransomware attack that holds vital systems hostage until administrators pay up." Continue reading →
"We’re not dealing with a government that exists to serve its people, protect their liberties and ensure their happiness. Rather, these are the diabolical machinations of a make-works program carried out on an epic scale whose only purpose is to keep the powers-that-be permanently (and profitably) employed." Continue reading →
"Microsoft references the WannaCry ransomware's source as an vulnerability known by the NSA, noting that similar security holes were revealed on WikiLeaks in documents stolen from the CIA. It says that the governments of the world should treat the WannaCry attack as 'a wake-up call,' to consider the 'damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,' and to adopt the 'Digital Geneva Convention' the company first suggested in February. That Convention would have a new stipulation, too: 'a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.'" Continue reading →
"UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Doctors have been reduced to using pen and paper, and closing A&E to non-critical patients, amid the tech blackout. The security hole has been patched for modern Windows versions, but not WindowsXP – and the NHS is a massive user of the legacy operating system." Continue reading →
"Not content with having a fleet of insecure surveillance drones, the state of Connecticut wants a fleet of insecure weaponized drones. What could possibly go wrong?" Continue reading →
"If you think you're immune from a scary exploit found in Intel's Active Management Technology just because you're a consumer, think again. The problem is, plenty of consumers use business-class hardware—and not just the fringe who'll buy or inherit commercial-class laptops and workstations. Many budget PCs use chipsets, firmware, and motherboards that were designed for small business machines. These machines may be exposed to the exploit through Intel's Small Business Advantage technology, which is is a scaled-down version of AMT." Continue reading →
"That fancy new HP EliteBook laptop you just bought? It may be silently recording every keystroke, according to Swiss infosec firm ModZero. For what it’s worth, it doesn’t look like there’s malice here – just staggering incompetence." Continue reading →