Crypto-Gram: 2019 Archives
December 15, 2019
In this issue:
- TPM-Fail Attacks Against Cryptographic Coprocessors
- Security Vulnerabilities in Android Firmware
- Iran Has Shut Off its Internet
- GPS Manipulation
- The NSA Warns of TLS Inspection
- DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy
- Manipulating Machine Learning Systems by Manipulating Training Data
- Cameras that Automatically Detect Mobile Phone Use
- The Story of Tiversa
- RSA-240 Factored
- Becoming a Tech Policy Activist
- Election Machine Insecurity Story
- Andy Ellis on Risk Assessment
- Failure Modes in Machine Learning
- Reforming CDA 230
- Extracting Data from Smartphones
- Scaring People into Supporting Backdoors
- EFF on the Mechanics of Corporate Surveillance
- Upcoming Speaking Engagements
November 15, 2019
In this issue:
- Cracking the Passwords of Early Internet Pioneers
- Using Machine Learning to Detect IP Hijacking
- Adding a Hardware Backdoor to a Networked Computer
- Why Technologists Need to Get Involved in Public Policy
- Details of the Olympic Destroyer APT
- Calculating the Benefits of the Advanced Encryption Standard
- Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance
- NordVPN Breached
- Mapping Security and Privacy Research across the Decades
- Dark Web Site Taken Down without Breaking Encryption
- Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors
- ICT Supply-Chain Security
- WhatsApp Sues NSO Group
- A Broken Random Number Generator in AMD Microcode
- Resources for Measuring Cybersecurity
- Homemade TEMPEST Receiver
- Obfuscation as a Privacy Tool
- Details of an Airbnb Fraud
- Eavesdropping on SMS Messages inside Telco Networks
- xHelper Malware for Android
- Fooling Voice Assistants with Lasers
- Identifying and Arresting Ransomware Criminals
- NTSB Investigation of Fatal Driverless Car Accident
- Technology and Policymakers
- Upcoming Speaking Engagements
October 15, 2019
In this issue:
- Another Side Channel in Intel Chips
- Cracking Forgotten Passwords
- I’m Looking to Hire a Strategist to Help Figure Out Public-Interest Tech
- Revisiting Software Vulnerabilities in the Boeing 787
- New Biometrics
- A Feminist Take on Information Privacy
- Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago
- France Outlines Its Approach to Cyberwar
- Russians Hack FBI Comms System
- Ineffective Package Tracking Facilitates Fraud
- On Chinese “Spy Trains”
- Superhero Movies and Security Lessons
- Supply-Chain Security and Trust
- NSA on the Future of National Cybersecurity
- New Research into Russian Malware
- Measuring the Security of IoT Devices
- Tracking by Smart TVs
- More Cryptanalysis of Solitaire
- Edward Snowden’s Memoirs
- New Unpatchable iPhone Exploit Allows Jailbreaking
- Speakers Censored at AISA Conference in Melbourne
- Illegal Data Center Hidden in Former NATO Bunker
- Cheating at Professional Poker
- Wi-Fi Hotspot Tracking
- New Reductor Nation-State Malware Compromises TLS
- Details on Uzbekistan Government Malware: SandCat
- I Have a New Book: We Have Root
- Factoring 2048-bit Numbers Using 20 Million Qubits
September 15, 2019
In this issue:
- Bypassing Apple FaceID’s Liveness Detection Feature
- Software Vulnerabilities in the Boeing 787
- Influence Operations Kill Chain
- Surveillance as a Condition for Humanitarian Aid
- Google Finds 20-Year-Old Microsoft Windows Vulnerability
- Modifying a Tesla to Become a Surveillance Platform
- License Plate “NULL”
- Detecting Credit Card Skimmers
- The Threat of Fake Academic Research
- The Myth of Consumer-Grade Security
- AI Emotion-Detection Arms Race
- Attacking the Intel Secure Enclave
- Massive iPhone Hack Targets Uyghurs
- Credit Card Privacy
- The Doghouse: Crown Sterling
- Default Password for GPS Trackers
- NotPetya
- On Cybersecurity Insurance
- More on Law Enforcement Backdoor Demands
- Fabricated Voice Used in Financial Fraud
- Smart Watches and Cheating on Tests
- When Biology Becomes Software
- Upcoming Speaking Engagements
August 15, 2019
In this issue:
- Palantir’s Surveillance Service for Law Enforcement
- Zoom Vulnerability
- Identity Theft on the Job Market
- John Paul Stevens Was a Cryptographer
- A Harlequin Romance Novel about Hackers
- Hackers Expose Russian FSB Cyberattack Projects
- Science Fiction Writers Helping Imagine Future Threats
- Attorney General William Barr on Encryption Policy
- Software Developers and Security
- Insider Logic Bombs
- Wanted: Cybersecurity Imagery
- ACLU on the GCHQ Backdoor Proposal
- Another Attack Against Driverless Cars
- Facebook Plans on Backdooring WhatsApp
- How Privacy Laws Hurt Defendants
- Disabling Security Cameras with Lasers
- More on Backdooring (or Not) WhatsApp
- Regulating International Trade in Commercial Spyware
- Phone Pharming for Ad Fraud
- Brazilian Cell Phone Hack
- AT&T Employees Took Bribes to Unlock Smartphones
- Supply-Chain Attack against the Electron Development Platform
- Evaluating the NSA’s Telephony Metadata Program
- Exploiting GDPR to Get Private Information
- Side-Channel Attack against Electronic Locks
July 15, 2019
In this issue:
- Data, Surveillance, and the AI Arms Race
- Maciej Cegłowski on Privacy in the Information Age
- Risks of Password Managers
- Hacking Hardware Security Modules
- How Apple’s “Find My” Feature Works
- Fake News and Pandemics
- Backdoor Built into Android Firmware
- Election Security
- iPhone Apps Surreptitiously Communicated with Unknown Servers
- Florida City Pays Ransomware
- Person in Latex Mask Impersonated French Minister
- MongoDB Offers Field Level Encryption
- Spanish Soccer League App Spies on Fans
- Cellebrite Claims It Can Unlock Any iPhone
- I’m Leaving IBM
- Yubico Security Keys with a Crypto Flaw
- Google Releases Basic Homomorphic Encryption Tool
- Digital License Plates
- US Journalist Detained When Returning to US
- Research on Human Honesty
- Applied Cryptography is Banned in Oregon Prisons
- Ransomware Recovery Firms Who Secretly Pay Hackers
- Cardiac Biometric
- Cell Networks Hacked by (Probable) Nation-State Attackers
- Details of the Cloud Hopper Attacks
- Resetting Your GE Smart Light Bulb
- Presidential Candidate Andrew Yang Has Quantum Encryption Policy
- Clickable Endnotes to Click Here to Kill Everybody
- Upcoming Speaking Engagements
June 15, 2019
In this issue:
- International Spy Museum Reopens
- WhatsApp Vulnerability Fixed
- Another Intel Chip Flaw
- More Attacks against Computer Automatic Update Systems
- Why Are Cryptographers Being Denied Entry into the US?
- The Concept of “Return on Data”
- How Technology and Politics Are Changing Spycraft
- Fingerprinting iPhones
- Visiting the NSA
- Thangrycat: A Serious Cisco Vulnerability
- German SG-41 Encryption Machine Up for Auction
- Germany Talking about Banning End-to-End Encryption
- NSA Hawaii
- First American Financial Corp. Data Records Leak
- Alex Stamos on Content Moderation and Security
- Fraudulent Academic Papers
- The Human Cost of Cyberattacks
- The Importance of Protecting Cybersecurity Whistleblowers
- The Cost of Cybercrime
- Lessons Learned Trying to Secure Congressional Campaigns
- Chinese Military Wants to Develop Custom OS
- Security and Human Behavior (SHB) 2019
- iOS Shortcut for Recording the Police
- Employment Scam
- Workshop on the Economics of Information Security
- Rock-Paper-Scissors Robot
- Report on the Stalkerware Industry
- Video Surveillance by Computer
- Computers and Video Surveillance
- Upcoming Speaking Engagements
May 15, 2019
In this issue:
- China Spying on Undersea Internet Cables
- Vulnerabilities in the WPA3 Wi-Fi Security Protocol
- More on the Triton Malware
- A “Department of Cybersecurity”
- New DNS Hijacking Attacks
- Iranian Cyberespionage Tools Leaked Online
- Excellent Analysis of the Boeing 737 Max Software Problems
- G7 Comes Out in Favor of Encryption Backdoors
- Vulnerability in French Government Tchap Chat App
- Fooling Automated Surveillance Cameras with Patchwork Color Printout
- Towards an Information Operations Kill Chain
- Interview of Me in Taiwan
- Stealing Ethereum by Guessing Weak Private Keys
- Defending Democracies Against Information Attacks
- On Security Tokens
- Why Isn’t GDPR Being Enforced?
- Cybersecurity for the Public Interest
- Protecting Yourself from Identity Theft
- First Physical Retaliation for a Cyberattack
- Locked Computers
- Malicious MS Office Macro Creator
- Leaked NSA Hacking Tools
- Amazon Is Losing the War on Fraudulent Sellers
- Another NSA Leaker Identified and Charged
- Cryptanalyzing a Pair of Russian Encryption Algorithms
- Reverse Engineering a Chinese Surveillance App
- Cryptanalysis of SIMON-32/64
- Upcoming Speaking Engagements
April 15, 2019
In this issue:
- Critical Flaw in Swiss Internet Voting System
- Upcoming Speaking Engagements
- I Was Cited in a Court Decision
- CAs Reissue Over One Million Weak Certificates
- Triton
- An Argument that Cybersecurity Is Basically Okay
- Zipcar Disruption
- First Look Media Shutting Down Access to Snowden NSA Archives
- Enigma, Typex, and Bombe Simulators
- Mail Fishing
- Personal Data Left on Used Laptops
- Programmers Who Don’t Understand Security Are Poor at Security
- Malware Installed in Asus Computers through Hacked Update Process
- NSA-Inspired Vulnerability Found in Huawei Laptops
- Recovering Smartphone Typing from Microphone Sounds
- Hacking Instagram to Get Free Meals in Exchange for Positive Reviews
- How Political Campaigns Use Personal Data
- Adversarial Machine Learning against Tesla’s Autopilot
- Former Mozilla CTO Harassed at the US Border
- Unhackable Cryptography?
- Ghidra: NSA’s Reverse-Engineering Tool
- Hey Secret Service: Don’t Plug Suspect USB Sticks into Random Computers
- How the Anonymous Artist Banksy Authenticates His or Her Work
- TajMahal Spyware
- New Version of Flame Malware Discovered
- Maliciously Tampering with Medical Imagery
March 15, 2019
In this issue:
- Cataloging IoT Vulnerabilities
- I Am Not Associated with Swift Recovery Ltd.
- Estonia’s Volunteer Cyber Militia
- Details on Recent DNS Hijacking
- Reverse Location Search Warrants
- Gen. Nakasone on US Cyber Command
- On the Security of Password Managers
- Attacking Soldiers on Social Media
- “Insider Threat” Detection Software
- Can Everybody Read the US Terrorist Watch List?
- Data Leakage from Encrypted Databases
- The Latest in Creepy Spyware
- Cybersecurity for the Public Interest
- Digital Signatures in PDFs Are Broken
- Letterlocking
- Detecting Shoplifting Behavior
- Cybersecurity Insurance Not Paying for NotPetya Losses
- Videos and Links from the Public-Interest Technology Track at the RSA Conference
- Russia Is Testing Online Voting
- On Surveillance in the Workplace
- Judging Facebook’s Privacy Shift
- DARPA Is Developing an Open-Source Voting System
- Upcoming Speaking Engagements
February 15, 2019
In this issue:
- Alex Stamos on Content Moderation and Security
- El Chapo’s Encryption Defeated by Turning His IT Consultant
- Prices for Zero-Day Exploits Are Rising
- Evaluating the GCHQ Exceptional Access Proposal
- Clever Smartphone Malware Concealment Technique
- Hacking Construction Cranes
- The Evolution of Darknets
- Military Carrier Pigeons in the Era of Electronic Warfare
- Hacking the GCHQ Backdoor
- Japanese Government Will Hack Citizens’ IoT Devices
- iPhone FaceTime Vulnerability
- Security Analysis of the LIFX Smart Light Bulb
- Security Flaws in Children’s Smart Watches
- Public-Interest Tech at the RSA Conference
- Facebook’s New Privacy Hires
- Major Zcash Vulnerability Fixed
- Using Gmail “Dot Addresses” to Commit Fraud
- China’s AI Strategy and its Security Implications
- Blockchain and Trust
- Cyberinsurance and Acts of War
- USB Cable with Embedded Wi-Fi Controller
- Reconstructing SIGSALY
January 15, 2019
In this issue:
- New Shamoon Variant
- Teaching Cybersecurity Policy
- Congressional Report on the 2017 Equifax Data Breach
- Fraudulent Tactics on Amazon Marketplace
- Drone Denial-of-Service Attack against Gatwick Airport
- MD5 and SHA-1 Still Used in 2018
- Glitter Bomb against Package Thieves
- Human Rights by Design
- Stealing Nativity Displays
- Massive Ad Fraud Scheme Relied on BGP Hijacking
- Click Here to Kill Everybody Available as an Audiobook
- China’s APT10
- Long-Range Familial Searching Forensics
- Podcast Interview with Eva Galperin
- New Attack Against Electrum Bitcoin Wallets
- Machine Learning to Detect Software Vulnerabilities
- EU Offering Bug Bounties on Critical Open-Source Software
- Security Vulnerabilities in Cell Phone Systems
- Using a Fake Hand to Defeat Hand-Vein Biometrics
- Why Internet Security Is So Bad
- Upcoming Speaking Engagements
Sidebar photo of Bruce Schneier by Joe MacInnis.