Google Is Allowing Device Fingerprinting
Lukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a major privacy setback.
EDITED TO ADD (1/12): Shashdot thread.
Page 41
Gift Card Fraud
It’s becoming an organized crime tactic:
Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the cards back on a rack. When a customer unwittingly selects and loads money onto a tampered card, the criminal is able to access the card online and steal the balance.
[…]
In card draining, the runners assist with removing, tampering and restocking of gift cards, according to court documents and investigators.
A single runner driving from store to store can swipe or return thousands of tampered cards to racks in a short time. “What they do is they just fly into the city and they get a rental car and they just hit every big-box location that they can find along a corridor off an interstate,” said Parks.
Salt Typhoon’s Reach Continues to Grow
The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon.
Casino Players Using Hidden Cameras for Cheating
The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon obviate the need for an accomplice.
Friday Squid Blogging: Squid on Pizza
Pizza Hut in Taiwan has a history of weird pizzas, including a “2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle.”
Scams Based on Fake Google Emails
Scammers are hacking Google Forms to send email to victims that come from google.com.
Brian Krebs reports on the effects.
Boing Boing post.
Spyware Maker NSO Group Found Liable for Hacking WhatsApp
A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it.
Jon Penney and I wrote a legal paper on the case.
Criminal Complaint against LockBit Ransomware Writer
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle.
Mailbox Insecurity
It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox.
I get that a single master key makes the whole system easier, but it’s very fragile security.
Sidebar photo of Bruce Schneier by Joe MacInnis.