Add this to the list of problems the glut of IoT devices are causing.

Over 90% of data transactions on IoT devices are unencrypted
csoonline.com/article/3397044/

I love how no one is questioning where WE might have gotten them from.

Leaked NSA Hacking Tools
schneier.com/blog/archives/201

You know these companies are on shaky ground when they are summoning "protecting consumers from themselves" & "security through obscurity" arguments. Unfortunately they will likely win until more tech/security savvy people are in government.

Cybersecurity experts battle for right to repair
nakedsecurity.sophos.com/2019/

Definitely agree that the best stance on security at the moment is a defensive one of assuming that your information has already been breached, probably multiple times. Regulation will be slow & if a breach like Equifax didn't change much I wouldn't expect any progress w/o a 9/11 of data theft.

Protecting Yourself from Identity Theft
schneier.com/blog/archives/201

mzo boosted

Designers Release 'Aweigh', An Open Source Alternative to GPS
bit.ly/2GxCZzC

Definitely interested in the security keys that Google has had so much success w/ but glad people are considering the vulnerabilities of fallbacks. Reminds me of how a master password for a password manager can turn 1 password into 100+

On Security Tokens schneier.com/blog/archives/201

Some good examples of common styles of sms phishing. It's important everyone knows how these work because everyone is likely to get some. I know I do.

4 Common Phishing Lies Exposed securityboulevard.com/2019/04/

This is the real threat of insecure IoT devices, they become launch points and proxies. Unlike desktop OS's there won't be AV or need to install keyloggers/adware etc to be noticed. I'd like to see an open source intrusion detection tool built into a cheap chip or OS platforms like raspberry pi.

Emotet gang is trying to build a shell of IoT devices around its banking botnet zdnet.com/article/emotet-gang-

Lack of trustworthy piracy is likely going to have to expand the "dark net" into private trust networks for a larger audience. Perhaps block chain technology can help with verification but incentives for sources of pirate material have to be aligned with user interest for it to be trustworthy.

Piracy streaming apps are stuffed with malware nakedsecurity.sophos.com/2019/

It's gotten to the point where security companies like Avast are the only ones monitoring app stores for fraud & malware. There's no way anyone can realistically keep up so we'll need ML help or they will keep slipping in.

Google boots major Android app developer from store for conducting massive ad fraud zdnet.com/article/google-boots

I expect this to be an inevitable trend as drivers will push towards increasing connectivity and electronics in cars. The ironic part is that the more electronics put in the more necessary connectivity will be to push software updates to fix software problems. A mobile app could handle updating without the car directly connecting for now, but not for long.

"Hacker Can Kill Car Engines Around the World" securityboulevard.com/2019/04/

mzo boosted
mzo boosted

Public Service Announcement:

"uBlock Origin" and "uBlock" are two different privacy plugins for web browsers.

✅ uBlock Origin is the one switching.social recommends

❌ uBlock is NOT recommended

For more information on why they have such similar names but are so different:

reddit.com/r/ublock/comments/3

p.s. Switching.social recommends installing both uBlock Origin and Privacy Badger (eff.org/privacybadger) alongside each other.

#uBlockOrigin #uBlock #µBlock #Privacy #AdBlocking

mzo boosted

2+ million IoT devices vulnerable to man-in-the-middle attacks, allowing attackers to steal passwords:

hacked.camera/

– the website contains a list, so you can check if your devices are vulnerable
– CVE-2019-11219, CVE-2019-11220
– mitigation: dispose your vulnerable devices, or block OUTBOUND traffic to 32100/udp

#iot #vulnerability #cve201911219 cve201911220 #infosec #mitm #cybersecurity #security

On the flip side of the ML camera coin, mistaken identity will become a serious issue. Humans have flexible judgement but many flaws. Computers mitigate human flaws but can be unbending. This is why a collaboration between the two will be necessary to prevent incidents like this.

"Apple facial recognition tech prompts student to sue for $1 billion after false arrest" zdnet.com/article/apple-facial

Looking forward to clothing lines and accessories dedicated to defeating ML trained surveillance. As ML based devices become more ubiquitous expect the adverserial research to ramp up. Credit card thieves already employ many techniques to try and avoid automated fraud detection.

"Academics hide humans from surveillance cameras with 2D prints." zdnet.com/article/academics-hi

Flaws in highly used IoT components are going to become a serious problem. Cybercriminals can easily look for often reused components and invest the time to test the hell out of them and sell/use the zero days. Chinese manufactures probably don't put responding to security researchers high on their list if priorities.
zdnet.com/article/over-two-mil

Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either! We adhere to an adapted version of the TootCat Code of Conduct and have documented a list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators. Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!