IT security

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

The ransomware spread so quickly because it was delivered by a special digital code developed by the NSA to move from one unpatched computer to another, security experts said. They warned that the malware now could move from large networks to individual users.

Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide.

BoingBoing: 185,000+ IoT security cameras are vulnerable to a new worm »

A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday.

The VPN Guru: 11 Ways to Secure Your Social Media Accounts »

What happens when intelligence agencies go to war with each other and don’t tell the rest of us? I think there’s something going on between the US and Russia that the public is just seeing pieces of. We have no idea why, or where it will go next, and can only speculate.

Schneier on Security: Who is Publishing NSA and CIA Secrets, and Why? »

Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.

Reuters: Bose headphones spy on listeners: lawsuit »

Mirai, the botnet that threatened the Internet as we knew it last year with record-setting denial-of-service attacks, is facing an existential threat of its own: A competing botnet known as Hajime has infected at least 10,000 home routers, network-connected cameras, and other so-called Internet of Things devices.

Ars Technica: Vigilante botnet infects IoT devices before blackhats can hijack them »

Reuters: Hacker documents show NSA tools for breaching global money transfer system »

German Member of the European Parliament Julia Reda has published an open-letter signed by UK MEP Lucy Anderson, raising alarm at the fact that the W3C is on the brink of finalising a DRM standard for web video, which — thanks to crazy laws protecting DRM — will leave users at risk of unreported security vulnerabilities, and also prevent third parties from adapting browsers for the needs of disabled people, archivists, and the wider public.