Crypto-Gram: 2020 Archives
December 15, 2020
In this issue:
- On Blockchain Voting
- Michael Ellis as NSA General Counsel
- The US Military Buys Commercial Location Data
- Symantec Reports on Cicada APT Attacks against Japan
- Indistinguishability Obfuscation
- More on the Security of the 2020 US Election
- On That Dusseldorf Hospital Ransomware Attack and the Resultant Death
- Cyber Public Health
- Undermining Democracy
- Check Washing
- Manipulating Systems Using Remote Lasers
- Impressive iPhone Exploit
- Open Source Does Not Equal Secure
- Enigma Machine Recovered from the Baltic Sea
- The 2020 Workshop on Economics and Information Security (WEIS)
- Hiding Malware in Social Media Buttons
- Oblivious DNS-over-HTTPS
- FireEye Hacked
- Finnish Data Theft and Extortion
- A Cybersecurity Policy Agenda
- Authentication Failure
- Upcoming Speaking Engagements
- Should There Be Limits on Persuasive Technologies?
November 15, 2020
In this issue:
- 2020 Workshop on Economics of Information Security
- US Cyber Command and Microsoft Are Both Disrupting TrickBot
- Split-Second Phantom Images Fool Autopilots
- Cybersecurity Visuals
- NSA Advisory on Chinese Government Hacking
- New Report on Police Decryption Capabilities
- IMSI-Catchers from Canada
- Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition
- The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products
- Tracking Users on Waze
- The Legal Risks of Security Research
- New Windows Zero-Day
- Determining What Video Conference Participants Are Typing from Watching Shoulder Movements
- California Proposition 24 Passes
- Detecting Phishing Emails
- 2020 Was a Secure Election
- The Security Failures of Online Exam Proctoring
- “Privacy Nutrition Labels” in Apple’s App Store
- New Zealand Election Fraud
- Inrupt’s Solid Announcement
- Upcoming Speaking Engagements
October 15, 2020
In this issue:
- Interesting Attack on the EMV Smartcard Payment Standard
- Upcoming Speaking Engagements
- Privacy Analysis of Ambient Light Sensors
- How the FIN7 Cybercrime Gang Operates
- New Bluetooth Vulnerability
- Matt Blaze on OTP Radio Stations
- Nihilistic Password Security Questions
- Former NSA Director Keith Alexander Joins Amazon’s Board of Directors
- Amazon Delivery Drivers Hacking Scheduling System
- Interview with the Author of the 2000 Love Bug Virus
- Documented Death from a Ransomware Attack
- Iranian Government Hacking Android
- CEO of NS8 Charged with Securities Fraud
- On Executive Order 12333
- Hacking a Coffee Maker
- Negotiating with Ransomware Gangs
- Detecting Deep Fakes with a Heartbeat
- COVID-19 and Acedia
- On Risk-Based Authentication
- Swiss-Swedish Diplomatic Row Over Crypto AG
- New Privacy Features in iOS 14
- Hacking Apple for Profit
- Google Responds to Warrants for “About” Searches
September 15, 2020
In this issue:
- Robocall Results from a Telephony Honeypot
- Vaccine for Emotet Malware
- Using Disinformation to Cause a Blackout
- Copying a Key by Listening to It in Action
- Yet Another Biometric: Bioacoustic Signatures
- DiceKeys
- Identifying People by Their Browsing Histories
- Amazon Supplier Fraud
- Cory Doctorow on The Age of Surveillance Capitalism
- US Postal Service Files Blockchain Voting Patent
- Seny Kamara on "Crypto for the People"
- North Korea ATM Hack
- Insider Attack on the Carnegie Library
- 2017 Tesla Hack
- Hacking AI-Graded Tests
- More on NIST’s Post-Quantum Cryptography
- US Space Cybersecurity Directive
- The Third Edition of Ross Anderson’s Security Engineering
- Ranking National Cyber Power
- Interesting Attack on the EMV Smartcard Payment Standard
- Upcoming Speaking Engagements
August 15, 2020
In this issue:
- NSA on Securing VPNs
- Twitter Hackers May Have Bribed an Insider
- On the Twitter Hack
- Hacking a Power Supply
- Fawkes: Digital Image Cloaking
- Adversarial Machine Learning and the CFAA
- Update on NIST’s Post-Quantum Cryptography Program
- Images in Eye Reflections
- Survey of Supply Chain Attacks
- Fake Stories in Real News Sites
- Data and Goliath Book Placement
- Twitter Hacker Arrested
- BlackBerry Phone Cracked
- Cybercrime in the Age of COVID-19
- The NSA on the Risks of Exposing Location Data
- Smart Lock Vulnerability
- Collecting and Selling Mobile Phone Location Data
- Cryptanalysis of an Old Zip Encryption Algorithm
- UAE Hack and Leak Operations
- Drovorub Malware
- Upcoming Speaking Engagements
July 15, 2020
In this issue:
- Examining the US Cyber Budget
- Eavesdropping on Sound Using Variations in Light Bulbs
- Bank Card “Master Key” Stolen
- Zoom Will Be End-to-End Encrypted for All Users
- Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security
- New Hacking-for-Hire Company in India
- Security and Human Behavior (SHB) 2020
- Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs
- Nation-State Espionage Campaigns against Middle East Defense Contractors
- Cryptocurrency Pump and Dump Scams
- COVID-19 Risks of Flying
- Analyzing IoT Security Best Practices
- The Unintended Harms of Cybersecurity
- iPhone Apps Stealing Clipboard Data
- Android Apps Stealing Facebook Credentials
- Securing the International IoT Supply Chain
- The Security Value of Inefficiency
- EncroChat Hacked by Police
- ThiefQuest Ransomware for the Mac
- IoT Security Principles
- Traffic Analysis of Home Security Cameras
- Business Email Compromise (BEC) Criminal Ring
- EFF’s 30th Anniversary Livestream
- A Peek into the Fake Review Marketplace
- Enigma Machine for Sale
June 15, 2020
In this issue:
- On Marcus Hutchins
- Ramsay Malware
- AI and Cybersecurity
- Criminals and the Normalization of Masks
- Bart Gellman on Snowden
- Ann Mitchell, Bletchley Park Cryptanalyst, Dies
- Bluetooth Vulnerability: BIAS
- Websites Conducting Port Scans
- Thermal Imaging as Security Theater
- Facebook Announces Messenger Security Features that Don’t Compromise Privacy
- Bogus Security Technology: An Anti-5G USB Stick
- Password Changing After a Breach
- “Sign in with Apple” Vulnerability
- Wallpaper that Crashes Android Phones
- Zoom’s Commitment to User Security Depends on Whether you Pay It or Not
- New Research: “Privacy Threats in Intimate Relationships”
- Phishing Attacks against Trump and Biden Campaigns
- Gene Spafford on Internet Voting
- Security Analysis of the Democracy Live Online Voting System
- Availability Attacks against Neural Networks
- Another Intel Speculative Execution Vulnerability
- Facebook Helped Develop a Tails Exploit
May 15, 2020
In this issue:
- California Needlessly Reduces Privacy During COVID-19 Pandemic
- The DoD Isn’t Fixing Its Security Problems
- Vulnerability Finding Using Machine Learning
- Another Story of Bad 1970s Encryption
- New iPhone Zero-Day Discovered
- Chinese COVID-19 Disinformation Campaign
- Global Surveillance in the Wake of COVID-19
- Automatic Instacart Bots
- Fooling NLP Systems Through Word Swapping
- How Did Facebook Beat a Federal Wiretap Demand?
- Securing Internet Videoconferencing Apps: Zoom and Others
- Me on COVID-19 Contact Tracing Apps
- Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance
- Malware in Google Apps
- ILOVEYOU Virus
- iOS XML Bug
- Used Tesla Components Contain Personal Information
- Another California Data Privacy Law
- Attack Against PC Thunderbolt Port
- New US Electronic Warfare Platform
- US Government Exposes North Korean Malware
April 15, 2020
In this issue:
- TSA Admits Liquid Ban Is Security Theater
- The Insecurity of WordPress and Apache Struts
- Work-from-Home Security Advice
- Emergency Surveillance During COVID-19 Crisis
- Hacking Voice Assistants with Ultrasonic Waves
- Internet Voting in Puerto Rico
- Facial Recognition for People Wearing Masks
- On Cyber Warranties
- Story of Gus Weiss
- Privacy vs. Surveillance in the Age of COVID-19
- Clarifying the Computer Fraud and Abuse Act
- Dark Web Hosting Provider Hacked
- Marriott Was Hacked — Again
- Bug Bounty Programs Are Being Used to Buy Silence
- Security and Privacy Implications of Zoom
- Emotet Malware Causes Physical Damage
- Cybersecurity During COVID-19
- RSA-250 Factored
- Microsoft Buys Corp.com
- Kubernetes Security
- Contact Tracing COVID-19 Infections via Smartphone Apps
- Ransomware Now Leaking Stolen Documents
- Upcoming Speaking Engagements
March 15, 2020
In this issue:
- Voatz Internet Voting App Is Insecure
- Hacking McDonald’s for Free Food
- Internet of Things Candle
- Policy vs. Technology
- Inrupt, Tim Berners-Lee’s Solid, and Me
- Russia Is Trying to Tap Transatlantic Cables
- Firefox Enables DNS over HTTPS
- Newly Declassified Study Demonstrates Uselessness of NSA’s Phone Metadata Program
- Securing the Internet of Things through Class-Action Lawsuits
- Deep Learning to Find Malicious Email Attachments
- Facebook’s Download-Your-Data Tool Is Incomplete
- Wi-Fi Chip Vulnerability
- Let’s Encrypt Vulnerability
- Security of Health Information
- More on Crypto AG
- Cybersecurity Law Casebook
- CIA Dirty Laundry Aired
- LA Covers Up Bad Cybersecurity
- The Whisper Secret-Sharing App Exposed Locations
- The EARN-IT Act
February 15, 2020
In this issue:
- Critical Windows Vulnerability Discovered by NSA
- Securing Tiffany’s Move
- Clearview AI and Facial Recognition
- SIM Hijacking
- Brazil Charges Glenn Greenwald with Cybercrimes
- Half a Million IoT Device Passwords Published
- Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained
- Technical Report of the Bezos Phone Hack
- Smartphone Election in Washington State
- Modern Mass Surveillance: Identify, Correlate, Discriminate
- Google Receives Geofence Warrants
- Customer Tracking at Ralphs Grocery Store
- Collating Hacked Data Sets
- US Department of Interior Grounding All Drones
- NSA Security Awareness Posters
- Attacking Driverless Cars with Projected Images
- New Research on the Adtech Industry
- Tree Code
- A New Clue for the Kryptos Sculpture
- New Ransomware Targets Industrial Control Systems
- Security in 2020: Revisited
- Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug
- Crypto AG Was Owned by the CIA
- Companies that Scrape Your Email
- A US Data Protection Agency
- DNSSEC Keysigning Ceremony Postponed Because of Locked Safe
- Upcoming Speaking Engagements
January 15, 2020
In this issue:
- Security Vulnerabilities in the RCS Texting Protocol
- Iranian Attacks on Industrial Control Systems
- Attacker Causes Epileptic Seizure over the Internet
- Lousy IoT Security
- ToTok Is an Emirati Spying Tool
- Chinese Hackers Bypassing Two-Factor Authentication
- Hacking School Surveillance Systems
- Mysterious Drones Are Flying over Colorado
- Chrome Extension Stealing Cryptocurrency Keys and Passwords
- Mailbox Master Keys
- USB Cable Kill Switch for Laptops
- New SHA-1 Attack
- Police Surveillance Tools from Special Services Group
- Artificial Personas and Public Discourse
- 5G Security
- Upcoming Speaking Engagements
Sidebar photo of Bruce Schneier by Joe MacInnis.