Security Archive

After being outed for massive hack and installing an NSA "rootkit," Yahoo cancels earnings call

What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.)  …

Firefox users chalk up HTTPS encryption milestone

A majority of Mozilla users were served encrypted pageloads for the first time yesterday, meaning their web browsing data was secured from snoopers and hackers while in transit. The HTTPS milestone was tweeted by Josh Aas, head of the Let’s Encrypt initiative which has been working to help smaller websites switch to encrypting their web traffic. Mozilla, which is one of the organizations backing Let’s Encrypt, was reporting that 40 per cent …

Joi Ito interviews Barack Obama for Wired: machine learning, neurodiversity, basic research and Star Trek

Joi Ito (previously) — director of MIT Media Lab, former Creative Commons chief, investor, entrepreneur, and happy mutant — interviewed Barack Obama for a special, Obama-edited issue of Wired. The two covered the ethical implications of machine learning, diversity in tech, neurodiversity, the collapse of funding for basic research, precision medicine, high-speed trading, cybersecurity, robots taking our jobs, internet regulation, space travel, and …

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries — that is, pretty much everywhere with reliable electricity and internet access. Imperva, a company that provides protection to websites against Distributed Denial of Service …

U.S. officially attributes DNC hack to Russia

The Department of Homeland Security and the Office of the Director of National Intelligence confirmed today what cybersecurity companies have asserted since emails from Democratic National Committee employees leaked online over the summer — state-sponsored Russian hackers are responsible for the breach. “The U.S. Intelligence Community is confident that the Russian government directed the recent compromises of emails from U.S. persons and institutions, including from …

Report: Verizon wants $1 billion discount after Yahoo privacy concerns

It’s bad news for Yahoo. The company is in the midst of finalizing its sale to Verizon, but recent revelations about hacking and spying may be costing them a pretty penny. A story from the New York Post alleges that Verizon is now asking Yahoo for a hefty $1 billion discount to finalize what was supposed to be a $4.8 billion deal.  (Full disclosure: TechCrunch is …

Not OK, Google

At its hardware launch event in San Francisco yesterday, Alphabet showed the sweeping breadth of its ambition to own consumers’ personal data, as computing continues to accelerate away from static desktops and screens, coalescing into a cloud of connected devices with the potential to generate far more data — and data of a far more intimate nature — than ever before. Along with two new ‘Google designed’ flagship Android smartphones (called Pixel), the first Androids …

Johnson & Johnson says people with diabetes don't need to worry about potentially lethal wireless attacks on insulin pumps

Rapid7 security researcher Jay Radcliffe (previously) has Type I diabetes, and has taken a personal interest in rooting out vulnerabilities in the networked, wireless-equipped blood-sugar monitors and insulin-pumps marketed to people with diabetes, repeatedly discovering potentially lethal defects in these devices. Recently, Radcliffe revealed that Johnson & Johnson’s 2008 Animas Onetouch Ping insulin pump did not encrypt communications between it and its remote …

Yahoo secretly scanned its users' email for U.S. intelligence services

Yahoo email accounts were scanned by the company on behalf of U.S. intelligence services from last year. This represents the first example of a U.S. service provider providing complete access to “all arriving messages,” reports Reuters. It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase …