“It affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, Apple, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.”
“The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance.”
Read more: https://www.schneier.com/blog/archives/2017/09/iso_rejects_nsa.html
“Yahoo said a major security breach in 2013 compromised all three billion accounts the company maintained, a three-fold increase over the estimate it disclosed previously.”
“This article assumes that you’ve either checked a credit report or been told by a bank that an account exists in your name which you didn’t open.”
Read more: http://www.kalzumeus.com/2017/09/09/identity-theft-credit-reports/
“The information came mostly from US residents, but a percentage also involved UK and Canadian citizens and the company is working with authorities from these countries. Equifax reports that it discovered the leak on July 29th and took steps to stop the intrusion. It then hired a cybersecurity firm to determine the extent of the intrusion and what damage was done. The company reports that it has involved law enforcement, but it’s not clear at this point how the intruders entered the system or exactly what they took.”
Read more: https://techcrunch.com/2017/09/07/equifax-data-leak-could-involve-143-million-consumers/
“Pacemakers from Abbott Laboratories contain critical flaws that allow hijackers within radio range to seize control while the pacemakers are running. The update will require patients to visit a clinic where doctors will put the pacemakers in backup mode while the firmware is being patched. The Abbott letter said that, for certain patients, the update should be performed ‘in a facility where temporary pacing and pacemaker generator change are readily available, due to the very small estimated risk of firmware update malfunction.'”
“Windows machines are targeted by the CIA under ‘Angelfire,’ according to the latest release from WikiLeaks’ ‘Vault7’ series. The documents detail an implant that can allow Windows machines to create undetectable libraries. WikiLeaks says the leaked ‘Vault 7’ documents came from within the CIA, which has in turn refused to confirm their authenticity. Previous releases include details on CIA hacking tools used to weaponize mobile phones, compromize smart TVs and the ability to trojan the Apple OS.”
Read more: https://www.rt.com/news/401568-cia-hacks-angelfire-wikileaks/
“The US government is fighting to keep a former police officer in prison because he claims not to be able to remember the code to decrypt two hard drives under investigation. The ex-cop has twice appealed the decision to detain him, once in federal court and once in the 3rd US Circuit Court of Appeals. His lawyers argue that holding him breaches his Fifth Amendment right to not incriminate himself. The government is also arguing that, as Rawls didn’t use his Fifth Amendment rights in his initial appeal he can’t try to use that defense now.”
Read more: https://www.theregister.co.uk/AMP/2017/08/30/ex_cop_jailed_for_not_decrypting_data/
“Bill Burr didn’t really know much about how passwords worked back in 2003, when he wrote the manual. He certainly wasn’t a security expert. And now the retired 72-year-old bureaucrat wants to apologize.”
Read more: http://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987
“The Nation‘s Patrick Lawrence wrote a lengthy review of the findings made by various computer experts formerly with the NSA. Published this week, the left-wing magazine’s report notes two bases for their conclusion: (1) hard science shows that a remote hack of the DNC servers resulting in the breach that actually occurred would have been technologically impossible; (2) forensic review of the initial Guccifer 2.0 documents proves that they are poorly-disguised cut-and-paste jobs–forgeries–intended to finger Russia.”