LiFX WiFi Lightbulb
Insecure By Default
"An endless parade of depressing infosec stories"
Tuesday, January 29, 2019
More Internet of Shit - WiFi Lightbulbs
Limited Results does a tear down of a LiFX WiFi lightbulb and finds username and passwords stored in plain text, allows insecure flashing, and exposed private key. This is all stored in the bulb firmware so if you ever throw it away you're giving the keys to your kingdom away.
Wednesday, January 23, 2019
China's Social Credit System Starts to Flex it's Muscle
China has been developing their social credit system where each citizen's social and financial actions impacts their "social credit score". If you get caught jaywalking, you'll get a point against your social credit. Get enough dings and you won't be able to buy a airline ticket or get a loan.
A new app, that currently operates in Hebei province, will notify you if you are within 500 meters of someone in debt. In the US, this app notification would be constant and deafening. Being in debt is the norm for US citizens. So, this app may not sound so scary but this is just an initial application. All this data is available for US citizens it just hasn't been used, publicly, by our government in this way. Yet.
From EveningStandard:
A new app, that currently operates in Hebei province, will notify you if you are within 500 meters of someone in debt. In the US, this app notification would be constant and deafening. Being in debt is the norm for US citizens. So, this app may not sound so scary but this is just an initial application. All this data is available for US citizens it just hasn't been used, publicly, by our government in this way. Yet.
From EveningStandard:
In China, things work a little differently. The country is gearing up to launch a social credit system in 2020, giving all citizens an identity number that will be linked to a permanent record.
Like a financial score, everything from paying back loans to behaviour on public transport will be included.
The app name translates to “map of deadbeat debtors”, and can be accessed via WeChat, China’s most popular instant-messaging platform. The idea is that it will allow people to “whistle-blow on debtors capable of paying their debts.”
Tuesday, January 22, 2019
Australian "Snooping" Laws Coming to a Country Near You
As smart phone developers start dealing with the Australian "snooping" laws, they may have to include backdoor code to be compliant. Once in it would be trivial for other countries, including the US, to mandate the same security bypasses. Another San Bernardino event could tip the scale.
From NYT:
SYDNEY, Australia — A new law in Australia gives law enforcement authorities the power to compel tech-industry giants like Apple to create tools that would circumvent the encryption built into their products.The law, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, applies only to tech products used or sold in Australia. But its impact could be global: If Apple were to build a so-called back door for iPhones sold in Australia, the authorities in other countries, including the United States, could force the company to use that same tool to assist their investigations.
Drone Shuts Down Newark Airport
More airport shutdowns due to drones. I expect this to become more common and more sophisticated.
From NYT:
From NYT:
All flights bound for Newark Liberty International Airport were halted on Tuesday evening after two pilots reported seeing a drone flying nearby, the Federal Aviation Administration said.The drone was spotted about 3,500 feet over Teterboro Airport In New Jersey, a small airport about 17 miles north of Newark Liberty that handles private planes, the agency said. After the sightings, takeoffs from Newark were halted and inbound planes were held in the air.
Thursday, January 17, 2019
Back to Blogging
Of course, when I'm overloaded with stuff to do I choose this time to restart my security blog. Mania can do great things and awful things
Security Checklist
SecurityCheckLi.st put out a good check list of things you can do to improve your security and safety on the Internet. I don't do all of these but even doing a few of them can make a difference. If you do them all you get a gold star ⭐
The list provides instructions for each of the following:
The list provides instructions for each of the following:
- Use a password manager
- Create a strong device passcode
- Use two-factor authentication
- Set up a mobile carrier PIN
- Encrypt your devices
- Freeze Your Credit
- Use 1.1.1.1 for DNS resolution
- Use a VPN
- Review the privacy of your physical space
- Use a privacy-first web browser
- Use a privacy-first search engine
- Use a privacy-first email provider
- Review location, camera, and other sensitive device permissions
- Review and remove metadata attached to photos you share
- Review your social media privacy settings
- Use encrypted messaging apps when sharing sensitive information
- Educate yourself about phishing attacks
Friday, May 6, 2016
Stingray stings again
Imagine if this guy had robbed a doughnut shop...
From The Register:
From The Register:
Police in Maryland, US, used controversial cellphone-tracking technology intended only for the most serious crimes to track down a man who stole $50 of chicken wings.
Police in Annapolis – an hour's drive from the heart of government in Washington DC – used a StingRay cell tower simulator in an effort to find the location of a man who had earlier robbed a Pizza Boli employee of 15 chicken wings and three sandwiches. Total worth: $56.77.
Subscribe to:
Posts (Atom)