Tagged: schneier on security

Hacking Team’s Purchasing of Zero-Day Vulnerabilities 0

Hacking Team’s Purchasing of Zero-Day Vulnerabilities

This is an interesting article that looks at Hacking Team’s purchasing of zero-day (0day) vulnerabilities from a variety of sources: Hacking Team’s relationships with 0day vendors date back to 2009 when they were still transitioning from their information security consultancy roots to becoming a surveillance business. They excitedly purchased exploit packs from D2Sec and VUPEN, but they didn’t find the high-quality client-side oriented exploits they were looking for. Their relationship with VUPEN continued to frustrate them for years.

Friday Squid Blogging: How a Squid Changes Color 0

Friday Squid Blogging: How a Squid Changes Color

The California market squid, Doryteuthis opalescens , can manipulate its color in a variety of ways: Reflectins are aptly-named proteins unique to the light-sensing tissue of cephalopods like squid. Their skin contains specialized cells called iridocytes that produce color by reflecting light in a predictable way. When the neurotransmitter acetylcholine activates reflectin proteins, this triggers the contraction and expansion of deep pleats in the cell membrane of iridocytes.

How an Amazon Worker Stole iPads 0

How an Amazon Worker Stole iPads

A worker in Amazon’s packaging department in India figured out how to deliver electronics to himself: Since he was employed with the packaging department, he had easy access to order numbers. Using the order numbers, he packed his order himself; but instead of putting pressure cookers in the box, he stuffed it with iPhones, iPads, watches, cameras, and other expensive electronics in the pressure cooker box

Remotely Hacking a Car While It’s Driving 0

Remotely Hacking a Car While It’s Driving

This is a big deal. Hackers can remotely hack the Uconnect system in cars just by knowing the car’s IP address. They can disable the brakes, turn on the AC, blast music, and disable the transmission: The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway

Google’s Unguessable URLs 0

Google’s Unguessable URLs

Google secures photos using public but unguessable URLs : So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you’d have to work through 10 70 different combinations to get the right one, a problem on an astronomical scale

ProxyHam Canceled 0

ProxyHam Canceled

The ProxyHam project (and associated Def Con talk) has been canceled under mysterious circumstances. No one seems to know anything, and conspiracy theories abound.