Crypto-Gram: 2021 Archives
December 15, 2021
In this issue:
- Securing Your Smartphone
- Why I Hate Password Rules
- Wire Fraud Scam Upgraded with Bitcoin
- Is Microsoft Stealing People’s Bookmarks?
- New Rowhammer Technique
- “Crypto” Means “Cryptography,” Not “Cryptocurrency”
- Apple Sues NSO Group
- Proposed UK Law Bans Default Passwords
- Intel Is Maintaining Legacy Technology for Security Research
- Smart Contract Bug Results in $31 Million Loss
- Testing Faraday Cages
- Thieves Using AirTags to “Follow” Cars
- Someone Is Running Lots of Tor Relays
- New German Government is Pro-Encryption and Anti-Backdoors
- Google Shuts Down Glupteba Botnet, Sues Operators
- Law Enforcement Access to Chat Data and Metadata
- NSO Group’s Pegasus Spyware Used Against US State Department Officials
- On the Log4j Vulnerability
- Upcoming Speaking Engagements
November 15, 2021
In this issue:
- Book Sale: Click Here to Kill Everybody and Data and Goliath
- Security Risks of Client-Side Scanning
- Missouri Governor Doesn’t Understand Responsible Disclosure
- Ransomware Attacks against Water Treatment Plants
- Using Machine Learning to Guess PINs from Video
- Textbook Rental Scam
- Problems with Multifactor Authentication
- Nation-State Attacker of Telecommunications Networks
- New York Times Journalist Hacked with NSO Spyware
- How the FBI Gets Location Information
- More Russian SVR Supply-Chain Attacks
- Squid Game Has a Cryptocurrency
- Hiding Vulnerabilities in Source Code
- On Cell Phone Metadata
- Using Fake Student Accounts to Shill Brands
- US Blacklists NSO Group
- Squid Game Cryptocurrency Was a Scam
- Drones Carrying Explosives
- Hacking the Sony Playstation 5
- Advice for Personal Digital Security
- MacOS Zero-Day Used against Hong Kong Activists
- Upcoming Speaking Engagements
October 15, 2021
In this issue:
- Identifying Computer-Generated Faces
- Zero-Click iMessage Exploit
- Alaska’s Department of Health and Social Services Hack
- FBI Had the REvil Decryption Key
- ROT8000
- The Proliferation of Zero-days
- I Am Not Satoshi Nakamoto
- Tracking Stolen Cryptocurrencies
- Check What Information Your Browser Leaks
- Hardening Your VPN
- A Death Due to Ransomware
- Cheating on Tests
- Facebook Is Down
- Syniverse Hack
- The European Parliament Voted to Ban Remote Biometric Surveillance
- Airline Passenger Mistakes Vintage Camera for a Bomb
- Suing Infrastructure Companies for Copyright Violations
- Recovering Real Faces from Face-Generation ML System
- Upcoming Speaking Engagements
September 15, 2021
In this issue:
- Tetris: Chinese Espionage Tool
- Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
- T-Mobile Data Breach
- More on Apple’s iPhone Backdoor
- Surveillance of the Internet Backbone
- Interesting Privilege Escalation Vulnerability
- Details of the Recent T-Mobile Breach
- Excellent Write-up of the SolarWinds Security Breach
- More Military Cryptanalytics, Part III
- Zero-Click iPhone Exploits
- History of the HX-63 Rotor Machine
- Hacker-Themed Board Game
- Tracking People by their MAC Addresses
- Lightning Cable with Embedded Eavesdropping
- Security Risks of Relying on a Single Smartphone
- More Detail on the Juniper Hack and the NSA PRNG Backdoor
- ProtonMail Now Keeps IP Logs
- Designing Contact-Tracing Apps
- Upcoming Speaking Engagements
August 15, 2021
In this issue:
- Colorado Passes Consumer Privacy Law
- REvil is Off-Line
- Candiru: Another Cyberweapons Arms Manufacturer
- NSO Group Hacked
- Nasty Windows Printer Driver Vulnerability
- Commercial Location Data Used to Out Priest
- Disrupting Ransomware by Disrupting Bitcoin
- Hiding Malware in ML Models
- De-anonymization Story
- AirDropped Gun Photo Causes Terrorist Scare
- Storing Encrypted Photos in Google’s Cloud
- I Am Parting With My Crypto Library
- The European Space Agency Launches Hackable Satellite
- Paragon: Yet Another Cyberweapons Arms Manufacturer
- Zoom Lied about End-to-End Encryption
- Using “Master Faces” to Bypass Face-Recognition Authenticating Systems
- Defeating Microsoft’s Trusted Platform Module
- Apple Adds a Backdoor to iMessage and iCloud Storage
- Cobalt Strike Vulnerability Affects Botnet Servers
- Using AI to Scale Spear Phishing
- Upcoming Speaking Engagements
July 15, 2021
In this issue:
- Andrew Appel on New Hampshire’s Election Audit
- VPNs and Trust
- Paul van Oorschot’s Computer Security and the Internet
- Intentional Flaw in GPRS Encryption Algorithm GEA-1
- Peloton Vulnerability Found and Fixed
- The Future of Machine Learning and Cybersecurity
- Apple Will Offer Onion Routing for iCloud/Safari Users
- Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer
- Banning Surveillance-Based Advertising
- AI-Piloted Fighter Jets
- NFC Flaws in POS Devices and ATMs
- Risks of Evidentiary Software
- Insurance and Ransomware
- More Russian Hacking
- Stealing Xbox Codes
- Vulnerability in the Kaspersky Password Manager
- Details of the REvil Ransomware Attack
- Analysis of the FBI’s Anom Phone
- Iranian State-Sponsored Hacking Attempts
- China Taking Control of Zero-Day Exploits
- Upcoming Speaking Engagements
June 15, 2021
In this issue:
- Is 85% of US Critical Infrastructure in Private Hands?
- Adding a Russian Keyboard to Protect against Ransomware
- Apple Censorship and Surveillance in China
- Bizarro Banking Trojan
- Double-Encrypting Ransomware
- AIs and Fake Comments
- New Disk Wiping Malware Targets Israel
- The Story of the 2011 RSA Hack
- The Misaligned Incentives for Cloud Security
- Security Vulnerability in Apple’s Silicon “M1” Chip
- The DarkSide Ransomware Gang
- Security and Human Behavior (SHB) 2021
- The Supreme Court Narrowed the CFAA
- Vulnerabilities in Weapons Systems
- Information Flows and Democracy
- Detecting Deepfake Picture Editing
- FBI/AFP-Run Encrypted Phone
- TikTok Can Now Collect Biometric Data
- Upcoming Speaking Engagements
May 15, 2021
In this issue:
- DNI’s Annual Threat Assessment
- NSA Discloses Vulnerabilities in Microsoft Exchange
- Cybersecurity Experts to Follow on Twitter
- Details on the Unlocking of the San Bernardino Terrorist’s iPhone
- Biden Administration Imposes Sanctions on Russia for SolarWinds
- Backdoor Found in Codecov Bash Uploader
- On North Korea’s Cyberattack Capabilities
- When AIs Start Hacking
- Security Vulnerabilities in Cellebrite
- Identifying People Through Lack of Cell Phone Use
- Serious MacOS Vulnerability Patched
- Identifying the Person Behind Bitcoin Fog
- Tesla Remotely Hacked from a Drone
- New Spectre-Like Attacks
- The Story of Colossus
- Teaching Cybersecurity to Children
- Newly Declassified NSA Document on Cryptography in the 1970s
- Ransomware Shuts Down US Pipeline
- AI Security Risk Assessment Tool
- New US Executive Order on Cybersecurity
- Ransomware Is Getting Ugly
- Upcoming Speaking Engagements
April 15, 2021
In this issue:
- Security Analysis of Apple’s “Find My…” Protocol
- On the Insecurity of ES&S Voting Machines’ Hash Code
- Illegal Content and the Blockchain
- Exploiting Spectre Over the Internet
- Easy SMS Hijacking
- Details of a Computer Banking Scam
- Accellion Supply Chain Hack
- Determining Key Shape from Sound
- Hacking Weapons Systems
- System Update: New Android Malware
- Fugitive Identified on YouTube By His Distinctive Tattoos
- Malware Hidden in Call of Duty Cheating Software
- Wi-Fi Devices as Physical Object Sensors
- Phone Cloning Scam
- Signal Adds Cryptocurrency Support
- Google’s Project Zero Finds a Nation-State Zero-Day Operation
- Backdoor Added — But Found — in PHP
- More Biden Cybersecurity Nominations
- The FBI Is Now Securing Networks Without Their Owners’ Permission
- Upcoming Speaking Engagements
March 15, 2021
In this issue:
- On Vulnerability-Adjacent Vulnerabilities
- Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed
- US Cyber Command Valentine’s Day Cryptography Puzzles
- Malicious Barcode Scanner App
- Browser Tracking Using Favicons
- Virginia Data Privacy Law
- WEIS 2021 Call for Papers
- Router Security
- GPS Vulnerabilities
- Dependency Confusion: Another Supply-Chain Vulnerability
- Twelve-Year-Old Vulnerability Found in Windows Defender
- On Chinese-Owned Technology Platforms
- The Problem with Treating Data as a Commodity
- National Security Risks of Late-Stage Capitalism
- Mysterious Macintosh Malware
- Encoded Message in the Perseverance Mars Lander’s Parachute
- Chinese Hackers Stole an NSA Windows Exploit in 2014
- Four Microsoft Exchange Zero-Days Exploited by China
- Threat Model Humor
- No, RSA Is Not Broken
- Hacking Digitally Signed PDF Files
- On Not Fixing Old Vulnerabilities
- More on the Chinese Zero-Day Microsoft Exchange Hack
- Fast Random Bit Generation
- Metadata Left in Security Agency PDFs
- Upcoming Speaking Engagements
February 15, 2021
In this issue:
- Cell Phone Location Privacy
- Injecting a Backdoor into SolarWinds Orion
- Sophisticated Watering Hole Attack
- SVR Attacks on Microsoft 365
- Insider Attack on Home Surveillance Systems
- Massive Brazilian Data Breach
- Dutch Insider Attack on COVID-19 Data
- Police Have Disrupted the Emotet Botnet
- New iMessage Security Features
- Including Hackers in NATO Wargames
- Georgia’s Ballot-Marking Devices
- More SolarWinds News
- Another SolarWinds Orion Hack
- Presidential Cybersecurity and Pelotons
- NoxPlayer Android Emulator Supply-Chain Attack
- SonicWall Zero-Day
- Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer
- Ransomware Profitability
- Attack against Florida Water Treatment Facility
- Medieval Security Techniques
- Chinese Supply-Chain Attack on Computer Systems
January 15, 2021
In this issue:
- Another Massive Russian Hack of US Government Networks
- How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication
- Zodiac Killer Cipher Solved
- Mexican Drug Cartels with High-Tech Spyware
- More on the SolarWinds Breach
- US Schools Are Buying Cell Phone Unlocking Systems
- NSA on Authentication Hacks (Related to SolarWinds Breach)
- Eavesdropping on Phone Taps from Voice Assistants
- Investigating the Navalny Poisoning
- How China Uses Stolen US Personnel Data
- Russia’s SolarWinds Attack
- On the Evolution of Ransomware
- Brexit Deal Mandates Old Insecure Crypto Algorithms
- Amazon Has Trucks Filled with Hard Drives and an Armed Guard
- Military Cryptanalytics, Part III
- Latest on the SVR’s SolarWinds Hack
- Backdoor in Zyxel Firewalls and Gateways
- Extracting Personal Information from Large Language Models Like GPT-2
- Russia’s SolarWinds Attack and Software Security
- APT Horoscope
- Changes in WhatsApp’s Privacy Policy
- Cloning Google Titan 2FA keys
- On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security
- Finding the Location of Telegram Users
- Upcoming Speaking Engagements
- Click Here to Kill Everybody Sale
Sidebar photo of Bruce Schneier by Joe MacInnis.