The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

Rhino in the cross hairs at a watering hole

At the recent BSides security conference in San Francisco (just before the RSA conference) I had the opportunity to give a talk about targeted attacks and how they are changing the game of cyber defense. The talk was recorded so you can listen to the whole thing, or read a brief summery below.

(more…)

· ·

Point of sale checkout counterThe point of sales (POS) breaches at Hilton, and Starwood before that, suggest that a group of hackers is specifically targeting hotels, probably because most travelers have above average income. It should also make us brace for a likely wave of further POS breaches in many other businesses during the holiday shopping season.

It really makes me wish that more merchants accepted secure payment tools like Apple Pay, or even that more than a small fraction accepted the new chip and signature cards.

Hilton Data Breach Focuses Attention On Growing POS Malware Threat

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

·

Play

Man spoof Ashley Madison

There is a lot of Schadenfreude going around about the Ashley Madison website hack. People are often treating it as more of a joke than a serious incident.

For those of you who have been under a rock, Ashley Madison is a dating site for married people who want to have affairs. Their tag line is even “Life is short. Have an affair” so they are very not subtle about it.

(more…)

·

Play

India thumbs down

India recently announced that all ISPs in the country will be required to block a list of over 800 websites. They claim all of these were for pornography or child pornography, but it turns out that was not the case for all of them. In the face of a massive backlash, the telecom ministry first said this was no big deal because people could use VPN services to bypass the censorship. They later down entirely. (more…)

· ·

Play

Hola logo unhappy

The Hola peer to peer VPN service suffered a number of very damaging security revelations today. Hola claims that there are (or were) about 45 million active users of the service. (more…)

· · · · ·

Play

Young female nurse, wearing blue scrubs, mask, stethoscope aroun
I spent the last week at the RSA security conference in fear of getting sick before my talk on Friday, the last day of the conference. During that time I was nearly obsessive about using hand sanitizer to protect me against any germs I might be getting from shaking hands, or touching surfaces.

(more…)

· · · · · ·

HTTPS Questionmark screenshot

Google warns of unauthorized TLS certificates trusted by almost all OSes Ars Technica

“In the latest security lapse involving the Internet’s widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well.” (more…)

· ·

Tulips and windmill

DutchNews.nl reports that ISPs in the Netherlands will no longer be required to retain data for law enforcement.

Since 2009, national laws have required keeping records on the activities of all users for a period of one year. In 2014 the EU determined that such mass storage was a violation of fundamental privacy rights.

This court ruling brings the EU and Dutch rules into accord by ending the data retention requirement.

·

HiRes

There is a new “man in the middle” attack against web pages that is significantly worse than I have seen before. Interestingly, it does not even appear to be intended as an attack. (more…)

·

Feb/15

13

Snipers at the Watering Hole

Play

Rhino at watering hole

Security researchers discovered a very sophisticated watering hole attack against Forbes.

There is a major trend towards increasingly targeted cyber attacks, from advanced persistent threats (APT), to spear phishing. Now we are seeing targeting applied to watering hole attacks. I think of this as the sniper at the watering hole. (more…)

· · · · · · ·

<< Latest posts

Older posts >>