1. Friday Squid Blogging: Bobtail Squid and Vibrio Bacteria

    Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts.

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

    Read my blog posting guidelines here.

  2. Proposed UK Law Bans Default Passwords

    Following California’s lead, a new UK law would ban default passwords in IoT devices.

  3. Apple Sues NSO Group

    Piling more on NSO Group’s legal troubles, Apple is suing it:

    The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

    NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.

    More news:

    Apple’s legal complaint provides new information on NSO Group’s FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto....

  4. “Crypto” Means “Cryptography,” not “Cryptocurrency”

    I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one.

  5. Friday Squid Blogging: Bigfin Squid Captured on Video

    Eerie video captures elusive, alien-like squid gliding in the Gulf of Mexico.”

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

    Read my blog posting guidelines here.

  6. New Rowhammer Technique

    Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem.

    Well, there is a new enhancement:

    All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these “aggressor” rows — meaning those that cause bitflips in nearby “victim” rows — are accessed the same number of times....

  7. Is Microsoft Stealing People’s Bookmarks?

    I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late.

    Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?

    (Not that “user error” is a good justification. Any system where making a simple mistake means that you’ve forever lost your privacy isn’t a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click “okay” once.)...

  8. Wire Fraud Scam Upgraded with Bitcoin

    The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam:

    As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company. After the mark is convinced, the scammer will have them get cash (sometimes out of investment or retirement accounts), and head to an ATM that sells cryptocurrencies and supports reading QR codes. Once the victim’s there, they’ll scan a QR code that the scammer sent them, which will tell the machine to send any crypto purchased to the scammer’s address. Just like that, the victim loses their money, and the scammer has successfully exploited them...

  9. Why I Hate Password Rules

    The other day, I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used Password Safe to generate this 16-character alphanumeric password:

    :s^Twd.J;3hzg=Q~
    

    Which was rejected by the site, because it didn’t meet its password security rules.

    It took me a minute to figure out what was wrong with it. The site wanted at least two numbers.

    Sheesh.

    Okay, that’s not really why I don’t like password rules. I don’t like them because they’re all different. Even if someone has a strong password generation system, it is likely that whatever they come up with won’t pass somebody’s ruleset...

  10. Book Sale: Click Here to Kill Everybody and Data and Goliath

    For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath, both in paperback, for just $6 each plus shipping.

    I have 500 copies of each book available. When they’re gone, the sale is over and the price will revert to normal.

    Order here and here.

    Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books. And the pandemic is causing mail slowdowns all over the world. I’ll send them out as quickly as I can, but I can’t guarantee any particular delivery date. Also, signed but not personalized books will arrive faster...

Copyright © 2021 • All Rights Reserved.Sensible Voice, LLC
1 High Street • Brandon, VT 05733 • Contact Us • Privacy Policy