Crypto-Gram: 2020 Archives

December 15, 2020

In this issue:

  1. On Blockchain Voting
  2. Michael Ellis as NSA General Counsel
  3. The US Military Buys Commercial Location Data
  4. Symantec Reports on Cicada APT Attacks against Japan
  5. Indistinguishability Obfuscation
  6. More on the Security of the 2020 US Election
  7. On That Dusseldorf Hospital Ransomware Attack and the Resultant Death
  8. Cyber Public Health
  9. Undermining Democracy
  10. Check Washing
  11. Manipulating Systems Using Remote Lasers
  12. Impressive iPhone Exploit
  13. Open Source Does Not Equal Secure
  14. Enigma Machine Recovered from the Baltic Sea
  15. The 2020 Workshop on Economics and Information Security (WEIS)
  16. Hiding Malware in Social Media Buttons
  17. Oblivious DNS-over-HTTPS
  18. FireEye Hacked
  19. Finnish Data Theft and Extortion
  20. A Cybersecurity Policy Agenda
  21. Authentication Failure
  22. Upcoming Speaking Engagements
  23. Should There Be Limits on Persuasive Technologies?
Read This Issue →

November 15, 2020

In this issue:

  1. 2020 Workshop on Economics of Information Security
  2. US Cyber Command and Microsoft Are Both Disrupting TrickBot
  3. Split-Second Phantom Images Fool Autopilots
  4. Cybersecurity Visuals
  5. NSA Advisory on Chinese Government Hacking
  6. New Report on Police Decryption Capabilities
  7. IMSI-Catchers from Canada
  8. Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition
  9. The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products
  10. Tracking Users on Waze
  11. The Legal Risks of Security Research
  12. New Windows Zero-Day
  13. Determining What Video Conference Participants Are Typing from Watching Shoulder Movements
  14. California Proposition 24 Passes
  15. Detecting Phishing Emails
  16. 2020 Was a Secure Election
  17. The Security Failures of Online Exam Proctoring
  18. “Privacy Nutrition Labels” in Apple’s App Store
  19. New Zealand Election Fraud
  20. Inrupt’s Solid Announcement
  21. Upcoming Speaking Engagements
Read This Issue →

October 15, 2020

In this issue:

  1. Interesting Attack on the EMV Smartcard Payment Standard
  2. Upcoming Speaking Engagements
  3. Privacy Analysis of Ambient Light Sensors
  4. How the FIN7 Cybercrime Gang Operates
  5. New Bluetooth Vulnerability
  6. Matt Blaze on OTP Radio Stations
  7. Nihilistic Password Security Questions
  8. Former NSA Director Keith Alexander Joins Amazon’s Board of Directors
  9. Amazon Delivery Drivers Hacking Scheduling System
  10. Interview with the Author of the 2000 Love Bug Virus
  11. Documented Death from a Ransomware Attack
  12. Iranian Government Hacking Android
  13. CEO of NS8 Charged with Securities Fraud
  14. On Executive Order 12333
  15. Hacking a Coffee Maker
  16. Negotiating with Ransomware Gangs
  17. Detecting Deep Fakes with a Heartbeat
  18. COVID-19 and Acedia
  19. On Risk-Based Authentication
  20. Swiss-Swedish Diplomatic Row Over Crypto AG
  21. New Privacy Features in iOS 14
  22. Hacking Apple for Profit
  23. Google Responds to Warrants for “About” Searches
Read This Issue →

September 15, 2020

In this issue:

  1. Robocall Results from a Telephony Honeypot
  2. Vaccine for Emotet Malware
  3. Using Disinformation to Cause a Blackout
  4. Copying a Key by Listening to It in Action
  5. Yet Another Biometric: Bioacoustic Signatures
  6. DiceKeys
  7. Identifying People by Their Browsing Histories
  8. Amazon Supplier Fraud
  9. Cory Doctorow on The Age of Surveillance Capitalism
  10. US Postal Service Files Blockchain Voting Patent
  11. Seny Kamara on "Crypto for the People"
  12. North Korea ATM Hack
  13. Insider Attack on the Carnegie Library
  14. 2017 Tesla Hack
  15. Hacking AI-Graded Tests
  16. More on NIST’s Post-Quantum Cryptography
  17. US Space Cybersecurity Directive
  18. The Third Edition of Ross Anderson’s Security Engineering
  19. Ranking National Cyber Power
  20. Interesting Attack on the EMV Smartcard Payment Standard
  21. Upcoming Speaking Engagements
Read This Issue →

August 15, 2020

In this issue:

  1. NSA on Securing VPNs
  2. Twitter Hackers May Have Bribed an Insider
  3. On the Twitter Hack
  4. Hacking a Power Supply
  5. Fawkes: Digital Image Cloaking
  6. Adversarial Machine Learning and the CFAA
  7. Update on NIST’s Post-Quantum Cryptography Program
  8. Images in Eye Reflections
  9. Survey of Supply Chain Attacks
  10. Fake Stories in Real News Sites
  11. Data and Goliath Book Placement
  12. Twitter Hacker Arrested
  13. BlackBerry Phone Cracked
  14. Cybercrime in the Age of COVID-19
  15. The NSA on the Risks of Exposing Location Data
  16. Smart Lock Vulnerability
  17. Collecting and Selling Mobile Phone Location Data
  18. Cryptanalysis of an Old Zip Encryption Algorithm
  19. UAE Hack and Leak Operations
  20. Drovorub Malware
  21. Upcoming Speaking Engagements
Read This Issue →

July 15, 2020

In this issue:

  1. Examining the US Cyber Budget
  2. Eavesdropping on Sound Using Variations in Light Bulbs
  3. Bank Card “Master Key” Stolen
  4. Zoom Will Be End-to-End Encrypted for All Users
  5. Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security
  6. New Hacking-for-Hire Company in India
  7. Security and Human Behavior (SHB) 2020
  8. Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs
  9. Nation-State Espionage Campaigns against Middle East Defense Contractors
  10. Cryptocurrency Pump and Dump Scams
  11. COVID-19 Risks of Flying
  12. Analyzing IoT Security Best Practices
  13. The Unintended Harms of Cybersecurity
  14. iPhone Apps Stealing Clipboard Data
  15. Android Apps Stealing Facebook Credentials
  16. Securing the International IoT Supply Chain
  17. The Security Value of Inefficiency
  18. EncroChat Hacked by Police
  19. ThiefQuest Ransomware for the Mac
  20. IoT Security Principles
  21. Traffic Analysis of Home Security Cameras
  22. Business Email Compromise (BEC) Criminal Ring
  23. EFF’s 30th Anniversary Livestream
  24. A Peek into the Fake Review Marketplace
  25. Enigma Machine for Sale
Read This Issue →

June 15, 2020

In this issue:

  1. On Marcus Hutchins
  2. Ramsay Malware
  3. AI and Cybersecurity
  4. Criminals and the Normalization of Masks
  5. Bart Gellman on Snowden
  6. Ann Mitchell, Bletchley Park Cryptanalyst, Dies
  7. Bluetooth Vulnerability: BIAS
  8. Websites Conducting Port Scans
  9. Thermal Imaging as Security Theater
  10. Facebook Announces Messenger Security Features that Don’t Compromise Privacy
  11. Bogus Security Technology: An Anti-5G USB Stick
  12. Password Changing After a Breach
  13. “Sign in with Apple” Vulnerability
  14. Wallpaper that Crashes Android Phones
  15. Zoom’s Commitment to User Security Depends on Whether you Pay It or Not
  16. New Research: “Privacy Threats in Intimate Relationships”
  17. Phishing Attacks against Trump and Biden Campaigns
  18. Gene Spafford on Internet Voting
  19. Security Analysis of the Democracy Live Online Voting System
  20. Availability Attacks against Neural Networks
  21. Another Intel Speculative Execution Vulnerability
  22. Facebook Helped Develop a Tails Exploit
Read This Issue →

May 15, 2020

In this issue:

  1. California Needlessly Reduces Privacy During COVID-19 Pandemic
  2. The DoD Isn’t Fixing Its Security Problems
  3. Vulnerability Finding Using Machine Learning
  4. Another Story of Bad 1970s Encryption
  5. New iPhone Zero-Day Discovered
  6. Chinese COVID-19 Disinformation Campaign
  7. Global Surveillance in the Wake of COVID-19
  8. Automatic Instacart Bots
  9. Fooling NLP Systems Through Word Swapping
  10. How Did Facebook Beat a Federal Wiretap Demand?
  11. Securing Internet Videoconferencing Apps: Zoom and Others
  12. Me on COVID-19 Contact Tracing Apps
  13. Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance
  14. Malware in Google Apps
  15. ILOVEYOU Virus
  16. iOS XML Bug
  17. Used Tesla Components Contain Personal Information
  18. Another California Data Privacy Law
  19. Attack Against PC Thunderbolt Port
  20. New US Electronic Warfare Platform
  21. US Government Exposes North Korean Malware
Read This Issue →

April 15, 2020

In this issue:

  1. TSA Admits Liquid Ban Is Security Theater
  2. The Insecurity of WordPress and Apache Struts
  3. Work-from-Home Security Advice
  4. Emergency Surveillance During COVID-19 Crisis
  5. Hacking Voice Assistants with Ultrasonic Waves
  6. Internet Voting in Puerto Rico
  7. Facial Recognition for People Wearing Masks
  8. On Cyber Warranties
  9. Story of Gus Weiss
  10. Privacy vs. Surveillance in the Age of COVID-19
  11. Clarifying the Computer Fraud and Abuse Act
  12. Dark Web Hosting Provider Hacked
  13. Marriott Was Hacked — Again
  14. Bug Bounty Programs Are Being Used to Buy Silence
  15. Security and Privacy Implications of Zoom
  16. Emotet Malware Causes Physical Damage
  17. Cybersecurity During COVID-19
  18. RSA-250 Factored
  19. Microsoft Buys Corp.com
  20. Kubernetes Security
  21. Contact Tracing COVID-19 Infections via Smartphone Apps
  22. Ransomware Now Leaking Stolen Documents
  23. Upcoming Speaking Engagements
Read This Issue →

March 15, 2020

In this issue:

  1. Voatz Internet Voting App Is Insecure
  2. Hacking McDonald’s for Free Food
  3. Internet of Things Candle
  4. Policy vs. Technology
  5. Inrupt, Tim Berners-Lee’s Solid, and Me
  6. Russia Is Trying to Tap Transatlantic Cables
  7. Firefox Enables DNS over HTTPS
  8. Newly Declassified Study Demonstrates Uselessness of NSA’s Phone Metadata Program
  9. Securing the Internet of Things through Class-Action Lawsuits
  10. Deep Learning to Find Malicious Email Attachments
  11. Facebook’s Download-Your-Data Tool Is Incomplete
  12. Wi-Fi Chip Vulnerability
  13. Let’s Encrypt Vulnerability
  14. Security of Health Information
  15. More on Crypto AG
  16. Cybersecurity Law Casebook
  17. CIA Dirty Laundry Aired
  18. LA Covers Up Bad Cybersecurity
  19. The Whisper Secret-Sharing App Exposed Locations
  20. The EARN-IT Act
Read This Issue →

February 15, 2020

In this issue:

  1. Critical Windows Vulnerability Discovered by NSA
  2. Securing Tiffany’s Move
  3. Clearview AI and Facial Recognition
  4. SIM Hijacking
  5. Brazil Charges Glenn Greenwald with Cybercrimes
  6. Half a Million IoT Device Passwords Published
  7. Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained
  8. Technical Report of the Bezos Phone Hack
  9. Smartphone Election in Washington State
  10. Modern Mass Surveillance: Identify, Correlate, Discriminate
  11. Google Receives Geofence Warrants
  12. Customer Tracking at Ralphs Grocery Store
  13. Collating Hacked Data Sets
  14. US Department of Interior Grounding All Drones
  15. NSA Security Awareness Posters
  16. Attacking Driverless Cars with Projected Images
  17. New Research on the Adtech Industry
  18. Tree Code
  19. A New Clue for the Kryptos Sculpture
  20. New Ransomware Targets Industrial Control Systems
  21. Security in 2020: Revisited
  22. Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug
  23. Crypto AG Was Owned by the CIA
  24. Companies that Scrape Your Email
  25. A US Data Protection Agency
  26. DNSSEC Keysigning Ceremony Postponed Because of Locked Safe
  27. Upcoming Speaking Engagements
Read This Issue →

January 15, 2020

In this issue:

  1. Security Vulnerabilities in the RCS Texting Protocol
  2. Iranian Attacks on Industrial Control Systems
  3. Attacker Causes Epileptic Seizure over the Internet
  4. Lousy IoT Security
  5. ToTok Is an Emirati Spying Tool
  6. Chinese Hackers Bypassing Two-Factor Authentication
  7. Hacking School Surveillance Systems
  8. Mysterious Drones Are Flying over Colorado
  9. Chrome Extension Stealing Cryptocurrency Keys and Passwords
  10. Mailbox Master Keys
  11. USB Cable Kill Switch for Laptops
  12. New SHA-1 Attack
  13. Police Surveillance Tools from Special Services Group
  14. Artificial Personas and Public Discourse
  15. 5G Security
  16. Upcoming Speaking Engagements
Read This Issue →
← 20192021 →Calendar

Sidebar photo of Bruce Schneier by Joe MacInnis.