According to a lawsuit (main article behind paywall), “a Miami-based food vendor and its supplier have been misrepresenting their squid as octopus in an effort to boost profits.”
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Posted on June 30, 2017 at 4:22 PM •
Fortune magazine just published a good article about Google’s Project Zero, which finds and publishes exploits in other companies’ software products.
I have mixed feeling about it. The project does great work, and the Internet has benefited enormously from these efforts. But as long as it is embedded inside Google, it has to deal with accusations that it targets Google competitors.
Posted on June 30, 2017 at 6:05 AM •
Really good article about the women who worked at Bletchley Park during World War II, breaking German Enigma-encrypted messages.
EDITED TO ADD (7/13): There’s also a book: The Debs of Blechley Park and Other Stories, by Michael Smith.
Posted on June 29, 2017 at 12:40 PM •
Websites are sending information prematurely:
This is important because it goes against what people expect:
In yesterday’s report on Acurian Health, University of Washington law professor Ryan Calo told Gizmodo that giving users a “send” or “submit” button, but then sending the entered information regardless of whether the button is pressed or not, clearly violates a user’s expectation of what will happen. Calo said it could violate a federal law against unfair and deceptive practices, as well as laws against deceptive trade practices in California and Massachusetts. A complaint on those grounds, Calo said, “would not be laughed out of court.”
This kind of thing is going to happen more and more, in all sorts of areas of our lives. The Internet of Things is the Internet of sensors, and the Internet of surveillance. We’ve long passed the point where ordinary people have any technical understanding of the different ways networked computers violate their privacy. Government needs to step in and regulate businesses down to reasonable practices. Which means government needs to prioritize security over their own surveillance needs.
Posted on June 29, 2017 at 6:51 AM •
The Girl Scouts are going to be offering 18 merit badges in cybersecurity, to scouts as young as five years old.
Posted on June 28, 2017 at 12:56 PM •
WikiLeaks has published CherryBlossom, the CIA’s program to hack into wireless routers. The program is about a decade old.
Four good news articles. Five. And a list of vulnerable routers.
Posted on June 28, 2017 at 5:35 AM •
Apple is fighting its own battle against leakers, using people and tactics from the NSA.
According to the hour-long presentation, Apple’s Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the press, as well as hunt down the source when leaks do occur. Some of these investigators have previously worked at U.S. intelligence agencies like the National Security Agency (NSA), law enforcement agencies like the FBI and the U.S. Secret Service, and in the U.S. military.
The information is from an internal briefing, which was leaked.
Posted on June 27, 2017 at 6:25 AM •
Sad story of someone whose computer became owned by a griefer:
The trouble began last year when he noticed strange things happening: files went missing from his computer; his Facebook picture was changed; and texts from his daughter didn’t reach him or arrived changed.
“Nobody believed me,” says Gary. “My wife and my brother thought I had lost my mind. They scheduled an appointment with a psychiatrist for me.”
But he built up a body of evidence and called in a professional cybersecurity firm. It found that his email addresses had been compromised, his phone records hacked and altered, and an entire virtual internet interface created.
“All my communications were going through a man-in-the-middle unauthorised server,” he explains.
It’s the “psychiatrist” quote that got me. I regularly get e-mails from people explaining in graphic detail how their whole lives have been hacked. Most of them are just paranoid. But a few of them are probably legitimate. And I have no way of telling them apart.
This problem isn’t going away. As computers permeate even more aspects of our lives, it’s going to get even more debilitating. And we don’t have any way, other than hiring a “professional cybersecurity firm,” of telling the paranoids from the victims.
Posted on June 26, 2017 at 12:30 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.