Crypto-Gram: 2019 Archives

December 15, 2019

In this issue:

  1. TPM-Fail Attacks Against Cryptographic Coprocessors
  2. Security Vulnerabilities in Android Firmware
  3. Iran Has Shut Off its Internet
  4. GPS Manipulation
  5. The NSA Warns of TLS Inspection
  6. DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy
  7. Manipulating Machine Learning Systems by Manipulating Training Data
  8. Cameras that Automatically Detect Mobile Phone Use
  9. The Story of Tiversa
  10. RSA-240 Factored
  11. Becoming a Tech Policy Activist
  12. Election Machine Insecurity Story
  13. Andy Ellis on Risk Assessment
  14. Failure Modes in Machine Learning
  15. Reforming CDA 230
  16. Extracting Data from Smartphones
  17. Scaring People into Supporting Backdoors
  18. EFF on the Mechanics of Corporate Surveillance
  19. Upcoming Speaking Engagements
Read This Issue →

November 15, 2019

In this issue:

  1. Cracking the Passwords of Early Internet Pioneers
  2. Using Machine Learning to Detect IP Hijacking
  3. Adding a Hardware Backdoor to a Networked Computer
  4. Why Technologists Need to Get Involved in Public Policy
  5. Details of the Olympic Destroyer APT
  6. Calculating the Benefits of the Advanced Encryption Standard
  7. Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance
  8. NordVPN Breached
  9. Mapping Security and Privacy Research across the Decades
  10. Dark Web Site Taken Down without Breaking Encryption
  11. Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors
  12. ICT Supply-Chain Security
  13. WhatsApp Sues NSO Group
  14. A Broken Random Number Generator in AMD Microcode
  15. Resources for Measuring Cybersecurity
  16. Homemade TEMPEST Receiver
  17. Obfuscation as a Privacy Tool
  18. Details of an Airbnb Fraud
  19. Eavesdropping on SMS Messages inside Telco Networks
  20. xHelper Malware for Android
  21. Fooling Voice Assistants with Lasers
  22. Identifying and Arresting Ransomware Criminals
  23. NTSB Investigation of Fatal Driverless Car Accident
  24. Technology and Policymakers
  25. Upcoming Speaking Engagements
Read This Issue →

October 15, 2019

In this issue:

  1. Another Side Channel in Intel Chips
  2. Cracking Forgotten Passwords
  3. I’m Looking to Hire a Strategist to Help Figure Out Public-Interest Tech
  4. Revisiting Software Vulnerabilities in the Boeing 787
  5. New Biometrics
  6. A Feminist Take on Information Privacy
  7. Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago
  8. France Outlines Its Approach to Cyberwar
  9. Russians Hack FBI Comms System
  10. Ineffective Package Tracking Facilitates Fraud
  11. On Chinese “Spy Trains”
  12. Superhero Movies and Security Lessons
  13. Supply-Chain Security and Trust
  14. NSA on the Future of National Cybersecurity
  15. New Research into Russian Malware
  16. Measuring the Security of IoT Devices
  17. Tracking by Smart TVs
  18. More Cryptanalysis of Solitaire
  19. Edward Snowden’s Memoirs
  20. New Unpatchable iPhone Exploit Allows Jailbreaking
  21. Speakers Censored at AISA Conference in Melbourne
  22. Illegal Data Center Hidden in Former NATO Bunker
  23. Cheating at Professional Poker
  24. Wi-Fi Hotspot Tracking
  25. New Reductor Nation-State Malware Compromises TLS
  26. Details on Uzbekistan Government Malware: SandCat
  27. I Have a New Book: We Have Root
  28. Factoring 2048-bit Numbers Using 20 Million Qubits
Read This Issue →

September 15, 2019

In this issue:

  1. Bypassing Apple FaceID’s Liveness Detection Feature
  2. Software Vulnerabilities in the Boeing 787
  3. Influence Operations Kill Chain
  4. Surveillance as a Condition for Humanitarian Aid
  5. Google Finds 20-Year-Old Microsoft Windows Vulnerability
  6. Modifying a Tesla to Become a Surveillance Platform
  7. License Plate “NULL”
  8. Detecting Credit Card Skimmers
  9. The Threat of Fake Academic Research
  10. The Myth of Consumer-Grade Security
  11. AI Emotion-Detection Arms Race
  12. Attacking the Intel Secure Enclave
  13. Massive iPhone Hack Targets Uyghurs
  14. Credit Card Privacy
  15. The Doghouse: Crown Sterling
  16. Default Password for GPS Trackers
  17. NotPetya
  18. On Cybersecurity Insurance
  19. More on Law Enforcement Backdoor Demands
  20. Fabricated Voice Used in Financial Fraud
  21. Smart Watches and Cheating on Tests
  22. When Biology Becomes Software
  23. Upcoming Speaking Engagements
Read This Issue →

August 15, 2019

In this issue:

  1. Palantir’s Surveillance Service for Law Enforcement
  2. Zoom Vulnerability
  3. Identity Theft on the Job Market
  4. John Paul Stevens Was a Cryptographer
  5. A Harlequin Romance Novel about Hackers
  6. Hackers Expose Russian FSB Cyberattack Projects
  7. Science Fiction Writers Helping Imagine Future Threats
  8. Attorney General William Barr on Encryption Policy
  9. Software Developers and Security
  10. Insider Logic Bombs
  11. Wanted: Cybersecurity Imagery
  12. ACLU on the GCHQ Backdoor Proposal
  13. Another Attack Against Driverless Cars
  14. Facebook Plans on Backdooring WhatsApp
  15. How Privacy Laws Hurt Defendants
  16. Disabling Security Cameras with Lasers
  17. More on Backdooring (or Not) WhatsApp
  18. Regulating International Trade in Commercial Spyware
  19. Phone Pharming for Ad Fraud
  20. Brazilian Cell Phone Hack
  21. AT&T Employees Took Bribes to Unlock Smartphones
  22. Supply-Chain Attack against the Electron Development Platform
  23. Evaluating the NSA’s Telephony Metadata Program
  24. Exploiting GDPR to Get Private Information
  25. Side-Channel Attack against Electronic Locks
Read This Issue →

July 15, 2019

In this issue:

  1. Data, Surveillance, and the AI Arms Race
  2. Maciej Cegłowski on Privacy in the Information Age
  3. Risks of Password Managers
  4. Hacking Hardware Security Modules
  5. How Apple’s “Find My” Feature Works
  6. Fake News and Pandemics
  7. Backdoor Built into Android Firmware
  8. Election Security
  9. iPhone Apps Surreptitiously Communicated with Unknown Servers
  10. Florida City Pays Ransomware
  11. Person in Latex Mask Impersonated French Minister
  12. MongoDB Offers Field Level Encryption
  13. Spanish Soccer League App Spies on Fans
  14. Cellebrite Claims It Can Unlock Any iPhone
  15. I’m Leaving IBM
  16. Yubico Security Keys with a Crypto Flaw
  17. Google Releases Basic Homomorphic Encryption Tool
  18. Digital License Plates
  19. US Journalist Detained When Returning to US
  20. Research on Human Honesty
  21. Applied Cryptography is Banned in Oregon Prisons
  22. Ransomware Recovery Firms Who Secretly Pay Hackers
  23. Cardiac Biometric
  24. Cell Networks Hacked by (Probable) Nation-State Attackers
  25. Details of the Cloud Hopper Attacks
  26. Resetting Your GE Smart Light Bulb
  27. Presidential Candidate Andrew Yang Has Quantum Encryption Policy
  28. Clickable Endnotes to Click Here to Kill Everybody
  29. Upcoming Speaking Engagements
Read This Issue →

June 15, 2019

In this issue:

  1. International Spy Museum Reopens
  2. WhatsApp Vulnerability Fixed
  3. Another Intel Chip Flaw
  4. More Attacks against Computer Automatic Update Systems
  5. Why Are Cryptographers Being Denied Entry into the US?
  6. The Concept of “Return on Data”
  7. How Technology and Politics Are Changing Spycraft
  8. Fingerprinting iPhones
  9. Visiting the NSA
  10. Thangrycat: A Serious Cisco Vulnerability
  11. German SG-41 Encryption Machine Up for Auction
  12. Germany Talking about Banning End-to-End Encryption
  13. NSA Hawaii
  14. First American Financial Corp. Data Records Leak
  15. Alex Stamos on Content Moderation and Security
  16. Fraudulent Academic Papers
  17. The Human Cost of Cyberattacks
  18. The Importance of Protecting Cybersecurity Whistleblowers
  19. The Cost of Cybercrime
  20. Lessons Learned Trying to Secure Congressional Campaigns
  21. Chinese Military Wants to Develop Custom OS
  22. Security and Human Behavior (SHB) 2019
  23. iOS Shortcut for Recording the Police
  24. Employment Scam
  25. Workshop on the Economics of Information Security
  26. Rock-Paper-Scissors Robot
  27. Report on the Stalkerware Industry
  28. Video Surveillance by Computer
  29. Computers and Video Surveillance
  30. Upcoming Speaking Engagements
Read This Issue →

May 15, 2019

In this issue:

  1. China Spying on Undersea Internet Cables
  2. Vulnerabilities in the WPA3 Wi-Fi Security Protocol
  3. More on the Triton Malware
  4. A “Department of Cybersecurity”
  5. New DNS Hijacking Attacks
  6. Iranian Cyberespionage Tools Leaked Online
  7. Excellent Analysis of the Boeing 737 Max Software Problems
  8. G7 Comes Out in Favor of Encryption Backdoors
  9. Vulnerability in French Government Tchap Chat App
  10. Fooling Automated Surveillance Cameras with Patchwork Color Printout
  11. Towards an Information Operations Kill Chain
  12. Interview of Me in Taiwan
  13. Stealing Ethereum by Guessing Weak Private Keys
  14. Defending Democracies Against Information Attacks
  15. On Security Tokens
  16. Why Isn’t GDPR Being Enforced?
  17. Cybersecurity for the Public Interest
  18. Protecting Yourself from Identity Theft
  19. First Physical Retaliation for a Cyberattack
  20. Locked Computers
  21. Malicious MS Office Macro Creator
  22. Leaked NSA Hacking Tools
  23. Amazon Is Losing the War on Fraudulent Sellers
  24. Another NSA Leaker Identified and Charged
  25. Cryptanalyzing a Pair of Russian Encryption Algorithms
  26. Reverse Engineering a Chinese Surveillance App
  27. Cryptanalysis of SIMON-32/64
  28. Upcoming Speaking Engagements
Read This Issue →

April 15, 2019

In this issue:

  1. Critical Flaw in Swiss Internet Voting System
  2. Upcoming Speaking Engagements
  3. I Was Cited in a Court Decision
  4. CAs Reissue Over One Million Weak Certificates
  5. Triton
  6. An Argument that Cybersecurity Is Basically Okay
  7. Zipcar Disruption
  8. First Look Media Shutting Down Access to Snowden NSA Archives
  9. Enigma, Typex, and Bombe Simulators
  10. Mail Fishing
  11. Personal Data Left on Used Laptops
  12. Programmers Who Don’t Understand Security Are Poor at Security
  13. Malware Installed in Asus Computers through Hacked Update Process
  14. NSA-Inspired Vulnerability Found in Huawei Laptops
  15. Recovering Smartphone Typing from Microphone Sounds
  16. Hacking Instagram to Get Free Meals in Exchange for Positive Reviews
  17. How Political Campaigns Use Personal Data
  18. Adversarial Machine Learning against Tesla’s Autopilot
  19. Former Mozilla CTO Harassed at the US Border
  20. Unhackable Cryptography?
  21. Ghidra: NSA’s Reverse-Engineering Tool
  22. Hey Secret Service: Don’t Plug Suspect USB Sticks into Random Computers
  23. How the Anonymous Artist Banksy Authenticates His or Her Work
  24. TajMahal Spyware
  25. New Version of Flame Malware Discovered
  26. Maliciously Tampering with Medical Imagery
Read This Issue →

March 15, 2019

In this issue:

  1. Cataloging IoT Vulnerabilities
  2. I Am Not Associated with Swift Recovery Ltd.
  3. Estonia’s Volunteer Cyber Militia
  4. Details on Recent DNS Hijacking
  5. Reverse Location Search Warrants
  6. Gen. Nakasone on US Cyber Command
  7. On the Security of Password Managers
  8. Attacking Soldiers on Social Media
  9. “Insider Threat” Detection Software
  10. Can Everybody Read the US Terrorist Watch List?
  11. Data Leakage from Encrypted Databases
  12. The Latest in Creepy Spyware
  13. Cybersecurity for the Public Interest
  14. Digital Signatures in PDFs Are Broken
  15. Letterlocking
  16. Detecting Shoplifting Behavior
  17. Cybersecurity Insurance Not Paying for NotPetya Losses
  18. Videos and Links from the Public-Interest Technology Track at the RSA Conference
  19. Russia Is Testing Online Voting
  20. On Surveillance in the Workplace
  21. Judging Facebook’s Privacy Shift
  22. DARPA Is Developing an Open-Source Voting System
  23. Upcoming Speaking Engagements
Read This Issue →

February 15, 2019

In this issue:

  1. Alex Stamos on Content Moderation and Security
  2. El Chapo’s Encryption Defeated by Turning His IT Consultant
  3. Prices for Zero-Day Exploits Are Rising
  4. Evaluating the GCHQ Exceptional Access Proposal
  5. Clever Smartphone Malware Concealment Technique
  6. Hacking Construction Cranes
  7. The Evolution of Darknets
  8. Military Carrier Pigeons in the Era of Electronic Warfare
  9. Hacking the GCHQ Backdoor
  10. Japanese Government Will Hack Citizens’ IoT Devices
  11. iPhone FaceTime Vulnerability
  12. Security Analysis of the LIFX Smart Light Bulb
  13. Security Flaws in Children’s Smart Watches
  14. Public-Interest Tech at the RSA Conference
  15. Facebook’s New Privacy Hires
  16. Major Zcash Vulnerability Fixed
  17. Using Gmail “Dot Addresses” to Commit Fraud
  18. China’s AI Strategy and its Security Implications
  19. Blockchain and Trust
  20. Cyberinsurance and Acts of War
  21. USB Cable with Embedded Wi-Fi Controller
  22. Reconstructing SIGSALY
Read This Issue →

January 15, 2019

In this issue:

  1. New Shamoon Variant
  2. Teaching Cybersecurity Policy
  3. Congressional Report on the 2017 Equifax Data Breach
  4. Fraudulent Tactics on Amazon Marketplace
  5. Drone Denial-of-Service Attack against Gatwick Airport
  6. MD5 and SHA-1 Still Used in 2018
  7. Glitter Bomb against Package Thieves
  8. Human Rights by Design
  9. Stealing Nativity Displays
  10. Massive Ad Fraud Scheme Relied on BGP Hijacking
  11. Click Here to Kill Everybody Available as an Audiobook
  12. China’s APT10
  13. Long-Range Familial Searching Forensics
  14. Podcast Interview with Eva Galperin
  15. New Attack Against Electrum Bitcoin Wallets
  16. Machine Learning to Detect Software Vulnerabilities
  17. EU Offering Bug Bounties on Critical Open-Source Software
  18. Security Vulnerabilities in Cell Phone Systems
  19. Using a Fake Hand to Defeat Hand-Vein Biometrics
  20. Why Internet Security Is So Bad
  21. Upcoming Speaking Engagements
Read This Issue →
← 20182020 →Calendar

Sidebar photo of Bruce Schneier by Joe MacInnis.