If you want to steal a small amount of money, walk into a bank and hand the teller a note. If you want to steal a fairly large amount of money, rob an armored car. If you want to steal a tremendously, uncountably massive amount of money… start a bank and do it a fraction […]

Also single women who like men, getting drunk, and who live near you; Falun Gong aficionados in China; Italian Catholic mothers who like Durex… Behold, the power of Big Data! I can’t help but feel this kind of data should never be compiled. http://actualfacebookgraphsearches.tumblr.com/ http://nakedsecurity.sophos.com/2013/01/28/privacy-facebook-graph-search/ Earlier this month, Facebook announced an upcoming new feature that […]

Remember the millimeter wave scanners endemic to Big Brother-certified airports? They’ve developed a version that works some distance away, and have decided to start putting them on streetcorners to check random passerby for concealed weapons. … Just remember: Titanium dioxide (a component in sunblock) looks just like a metal object in your pocket to these […]

The crypto people have a wonderful concept called “provable security.” It’s not quite as wonderful as you’d think, since rather than proving that a given system is actually secure — few are, other than the famous One-Time Pad — it merely proves that the system is as secure as another system. Where’s the use? Well, […]

Good news for a change: there’s less spam! Better spam filters (backdoored or otherwise) and botnet disruptions have dropped global spam levels 8%, so spam now only accounts for 72% of all email sent… some observers also say (otherwise-legal) Internet advertisers are shifting to more legitimate ad platforms. Politics and science fiction: the spectre of […]

Your web or email traffic has likely passed through a Barracuda appliance at one point or another. As it turns out they all have great big gaping backdoors. Might as well put hello.jpg as the MOTD. These were official backdoors, permitting access both from Barracuda IPs and a mysterious set of IPs linked to domains […]

What’s wrong with this picture, showing results from GitHub’s new search engine? https://twitter.com/brianaker/status/294228373377515522/photo/1 Let me quote the first result: “paypal_production_key_private.pem” Apparently credentials for the Google Chrome source repository were also exposed. Github has since blacklisted these results from their search engine, but (IMHO) needs to tell developers during the upload process, “you may not want […]

In a double-blind test, physicists have quite thoroughly debunked the GT200 “dowsing bomb detector” sold for absurd amounts of money. It’s just a metal rod on a bearing mounted in a pistol grip. The idea is that a very slight hand movement causes the rod to swivel left or right. No surprise, then, that when […]

Security researcher finds random application can access his Twitter “direct messages” (private messages) even though he never authorized this. It turns out any time you used a “sign in with Twitter” page, the application could escalate privileges enough to get access to these messages if you weren’t already logged in to Twitter. Twitter fixed the […]

As most of you have figured out, I’m not a huge fan of encryption. This is because you should only trust things you understand, and thoroughly understanding encryption takes a lot of time and study. However, it’s still worthwhile to learn a bit about it. The concepts are often applicable to more mundane situations, and […]