Crypto-Gram: 2018 Archives
December 15, 2018
In this issue:
- Chip Cards Fail to Reduce Credit Card Fraud in the US
- Hidden Cameras in Streetlights
- Mailing Tech Support a Bomb
- Israeli Surveillance Gear
- Worst-Case Thinking Breeds Fear and Irrationality
- What Happened to Cyber 9/11?
- The PCLOB Needs a Director
- Information Attacks against Democracies
- Using Machine Learning to Create Fake Fingerprints
- How Surveillance Inhibits Freedom of Expression
- Propaganda and the Weakening of Trust in Government
- Distributing Malware By Becoming an Admin on an Open-Source Project
- FBI Takes Down a Massive Advertising Fraud Ring
- That Bloomberg Supply-Chain-Hack Story
- Three-Rotor Enigma Machine Up for Auction Today
- Click Here to Kill Everybody News
- The DoJ’s Secret Legal Arguments to Break Cryptography
- Bad Consumer Security Advice
- Security Risks of Chatbots
- Your Personal Data is Already Stolen
- Banks Attacked through Malicious Hardware Connected to the Local Network
- Back Issues of the NSA’s Cryptolog
- 2018 Annual Report from AI Now
- New Australian Backdoor Law
- Marriott Hack Reported as Chinese State-Sponsored
- Real-Time Attacks Against Two-Factor Authentication
November 15, 2018
In this issue:
- How DNA Databases Violate Everyone’s Privacy
- Privacy for Tigers
- Government Perspective on Supply Chain Security
- West Virginia Using Internet Voting
- Are the Police Using Smart-Home IoT Devices to Spy on People?
- On Disguise
- China’s Hacking of the Border Gateway Protocol
- Android Ad-Fraud Scheme
- Detecting Fake Videos
- Security Vulnerability in Internet-Connected Construction Cranes
- More on the Supermicro Spying Story
- Cell Phone Security and Heads of State
- ID Systems Throughout the 50 States
- Was the Triton Malware Attack Russian in Origin?
- Buying Used Voting Machines on eBay
- How to Punish Cybercriminals
- Troy Hunt on Passwords
- Security of Solid-State-Drive Encryption
- Consumer Reports Reviews Wireless Home-Security Cameras
- iOS 12.1 Vulnerability
- Privacy and Security of Data at Universities
- The Pentagon Is Publishing Foreign Nation-State Malware
- Hiding Secret Messages in Fingerprints
- New IoT Security Regulations
- Oracle and “Responsible Disclosure”
- More Spectre/Meltdown-Like Attacks
- Upcoming Speaking Engagements
October 15, 2018
In this issue:
- NSA Attacks Against Virtual Private Networks
- Public Shaming of Companies for Bad Security
- Pegasus Spyware Used in 45 Countries
- Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer
- AES Resulted in a $250-Billion Economic Benefit
- New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography
- New Variants of Cold-Boot Attack
- Evidence for the Security of PKCS #1 Digital Signatures
- Counting People through a Wall with Wi-Fi
- Yet Another IoT Cybersecurity Document
- Major Tech Companies Finally Endorse Federal Privacy Regulation
- More on the Five Eyes Statement on Encryption and Backdoors
- Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising
- Sophisticated Voice Phishing Scams
- Terahertz Millimeter-Wave Scanners
- The Effects of GDPR’s 72-Hour Notification Rule
- Helen Nissenbaum on Data Privacy and Consent
- Chinese Supply Chain Hardware Attack
- Conspiracy Theories around the “Presidential Alert”
- Detecting Credit Card Skimmers
- Defeating the “Deal or No Deal” Arcade Game
- The US National Cyber Strategy
- Access Now Is Looking for a Chief Security Officer
- Security Vulnerabilities in US Weapons Systems
- Another Bloomberg Story about Supply-Chain Hardware Attacks from China
- Security in a World of Physically Capable Computers
- Upcoming Speaking Engagements
September 15, 2018
In this issue:
- New Book Announcement: Click Here to Kill Everybody
- Speculation Attack Against Intel’s SGX
- New Ways to Track Internet Browsing
- James Mickens on the Current State of Computer Security
- “Two Stage” BMW Theft Attempt
- Good Primer on Two-Factor Authentication Security
- John Mueller and Mark Stewart on the Risks of Terrorism
- Future Cyberwar
- NotPetya
- CIA Network Exposed through Insecure Communications System
- Cheating in Bird Racing
- Eavesdropping on Computer Screens through the Webcam Mic
- Using a Smartphone’s Microphone and Speakers to Eavesdrop on Passwords
- Five-Eyes Intelligence Services Choose Surveillance Over Security
- Reddit AMA
- Using Hacked IoT Devices to Disrupt the Power Grid
- Security Vulnerability in Smart Electric Outlets
- Security Risks of Government Hacking
- Quantum Computing and Cryptography
- Click Here to Kill Everybody Reviews and Press Mentions
- Upcoming Speaking Engagements
August 15, 2018
In this issue:
- New Book Announcement: Click Here to Kill Everybody
- Reasonably Clever Extortion E-mail Based on Password Theft
- Installing a Credit Card Skimmer on a POS Terminal
- Defeating the iPhone Restricted Mode
- Suing South Carolina Because Its Election Machines Are Insecure
- New Report on Chinese Intelligence Cyber-Operations
- 1Password’s Travel Mode
- Nicholas Weaver on Cryptocurrencies
- On Financial Fraud
- Major Bluetooth Vulnerability
- DARPA Wants Research into Resilient Anonymous Communications
- Google Employees Use a Physical Token as Their Second Authentication Factor
- Third Annual Cybercrime Conference
- New Report on Police Digital Forensics Techniques
- Identifying People by Metadata
- The Poor Cybersecurity of US Space Assets
- Hacking a Robot Vacuum
- Backdoors in Cisco Routers
- GCHQ on Quantum Key Distribution
- Using In-Game Purchases to Launder Money
- How the US Military Can Better Keep Hackers
- Three of My Books Are Available in DRM-Free E-Book Format
- Hacking the McDonald’s Monopoly Sweepstakes
- Measuring the Rationality of Security Decisions
- SpiderOak’s Warrant Canary Died
- Detecting Phishing Sites with Machine Learning
- Don’t Fear the TSA Cutting Airport Security. Be Glad That They’re Talking about It.
- xkcd on Voting Computers
- Identifying Programmers by their Coding Style
- Google Tracks its Users Even if They Opt-Out of Tracking
- My Speaking Engagements
July 15, 2018
In this issue:
- Important: Crypto-Gram Has Moved to MailChimp
- Thomas Dullien on Complexity and Security
- Ridiculously Insecure Smart Lock
- Are Free Societies at a Disadvantage in National Cybersecurity
- Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
- Algeria Shut Down the Internet to Prevent Students from Cheating on Exams
- Domain Name Stealing at Gunpoint
- The Effects of Iran’s Telegram Ban
- Secure Speculative Execution
- Bypassing Passcodes in iOS
- IEEE Statement on Strong Encryption vs. Backdoors
- Manipulative Social Media Practices
- Conservation of Threat
- Traffic Analysis of the LTE Mobile Standard
- California Passes New Privacy Law
- Beating Facial Recognition Software with Face Makeup
- The NSA’s Domestic Surveillance Centers
- PROPagate Code Injection Seen in the Wild
- Recovering Keyboard Inputs through Thermal Imaging
- Department of Commerce Report on the Botnet Threat
- WPA3
- Gas Pump Hack
- Schneier News
June 15, 2018
In this issue:
- Important: Crypto-Gram Is Moving to MailChimp
- Router Vulnerability and the VPNFilter Botnet
- E-Mail Vulnerabilities and Disclosure
- News
- Russian Censorship of Telegram
- Security and Human Behavior (SHB 2018)
- Schneier News
- Another Spectre-Like CPU Vulnerability
- An Example of Deterrence in Cyberspace
- New Data Privacy Regulations
Sidebar photo of Bruce Schneier by Joe MacInnis.