I genuinely do not have an answer for this. I went back and forth on it for days.

I'd love to know y'alls thoughts!

Show thread

Election security, COVID adjacent 

I'm working on a feature about election security in 2020, and COVID has made everything I've ever written about election security mostly obsolete. For example, pretty much all the conclusions from this:

I'm updating a 2017 story on how to secure your phone for a protest. If anyone has any suggestions, I am all ears.

"A web server containing records of about 76,000 unique fingerprints was left exposed on the internet, researchers said Wednesday. The unsecured fingerprint data, as well as employee email addresses and telephone numbers, had been collected by Brazilian company Antheus Tecnologia."


The CIA literally owned Crypto AG from 1970 on, pushing out weakened crypto systems and allowing them to read messages sent around the world.


Follow up my colleague Michael Kan's excellent reporting: Avast will end browser data harvesting.

"Avast CEO Ondrej Vlcek announced his company plans to shut down operations at Jumpshot, the subsidiary in charge of selling the browser history data. "As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," he said in a statement."


There's a very cool exhibit at the Met right now that includes two 16-17th C encryption devices. The book-like device is surprisingly complex, the second uses a simple substitution system that translates letters into distances.

VPNs have two major problems: They're black boxes to consumers and they're actively trying to destroy each other. For a while, I've been saying that a consortium of VPNs could set standards , improve transparency, and generally clean up the industry.
Such an organization now exists. Will it work? Who knows.


We wanted to know how secure commercial IOT devices are, so we asked Bitdefender to look at the Ring doorbell. It had some issues, which have now been patched.


After the NordVPN and TorGuard breach hit the news last week, I wrote up how it affects my reviews at PCMag and then promptly went on vacation. So here's another boost, in case y'all missed it.


Here's a twist: My works has apparently been named as evidence in the lawsuit by the "snake oil crypto" people against Black Hat. twitter.com/thepacketrat/statu

I've been skeptical of reports that there were tons of unreported bugs in iOS and iMessage. A Google researcher found 10, and revealed that a lot of work needs to be done to secure the platform. She tailored two attacks that took control of an iPhone and stole data just by sending it iMessages.


Guess what? GNSS (aka GPS) doesn't have a mechanism to verify legitimate signals and can be easily overpowered by a malicious transmitter. If you were planning to navigate an autonomous vehicle solely from satellite navigation data, you might want to not do that.


Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.