Schneier on Security

Page 40

ShredOS

ShredOS is a stripped-down operating system designed to destroy data.

GitHub page here.

Tags: data destruction, operating systems

Posted on January 3, 2025 at 9:46 AM • View Comments

Google Is Allowing Device Fingerprinting

Lukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a major privacy setback.

EDITED TO ADD (1/12): Shashdot thread.

Tags: data collection, fingerprints, Google, identification, privacy, tracking

Posted on January 2, 2025 at 3:22 PM • View Comments

Gift Card Fraud

It’s becoming an organized crime tactic:

Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the cards back on a rack. When a customer unwittingly selects and loads money onto a tampered card, the criminal is able to access the card online and steal the balance.

[…]

In card draining, the runners assist with removing, tampering and restocking of gift cards, according to court documents and investigators.

A single runner driving from store to store can swipe or return thousands of tampered cards to racks in a short time. “What they do is they just fly into the city and they get a rental car and they just hit every big-box location that they can find along a corridor off an interstate,” said Parks.

Tags: crime, fraud

Posted on December 31, 2024 at 7:02 AM • View Comments

Salt Typhoon’s Reach Continues to Grow

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon.

Tags: China, hacking, telecom

Posted on December 30, 2024 at 7:05 AM • View Comments

Casino Players Using Hidden Cameras for Cheating

The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon obviate the need for an accomplice.

Tags: cameras, cheating, gambling

Posted on December 27, 2024 at 7:03 AM • View Comments

Friday Squid Blogging: Squid on Pizza

Pizza Hut in Taiwan has a history of weird pizzas, including a “2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle.”

Blog moderation policy.

Tags: squid

Posted on December 27, 2024 at 5:06 AM •

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com.

Brian Krebs reports on the effects.

Boing Boing post.

Tags: AI, cryptocurrency, cybercrime, cybersecurity, Google, scams

Posted on December 26, 2024 at 11:09 AM • View Comments

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it.

Jon Penney and I wrote a legal paper on the case.

Tags: academic papers, hacking, Israel, spyware, WhatsApp

Posted on December 24, 2024 at 7:04 AM • View Comments