# SANS ISC

# Reddit netsec

# Krebs On Security

  • The Internet of Dangerous Things Thu, 29 Jan 2015 17:28:08 +0000
    Distributed denial-of-service (DDoS) attacks designed to silence end users and sideline Web sites grew with alarming frequency and size last year, according to new data released this week. Those findings dovetail quite closely with the attack patterns seen against this Web site over the past year.
  • FBI: Businesses Lost $215M to Email Scams Wed, 28 Jan 2015 14:11:58 +0000
    It’s time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked. Federal investigators say the so-called “business email […]
  • Yet Another Emergency Flash Player Patch Tue, 27 Jan 2015 14:17:00 +0000
    For the second time in a week, Adobe has issued an emergency update to fix a critical security flaw that crooks are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X. Last week, Adobe released an out-of-band Flash Patch to fix a dangerous bug that […]

# Bruce Schneier's blog

  • Friday Squid Blogging: Large Squid Washes up on Greek Beach Fri, 30 Jan 2015 16:15:21 -0600
    No mention of the species, but the photo is a depressing one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Co3 Systems Is Expanding into Europe Fri, 30 Jan 2015 14:57:55 -0600
    This was supposed to be a secret until the middle of February, but we've been found out. We already have European customers; this is our European office. And, by the way, we're hiring, primarily in the Boston area....
  • Operating a Fake Bank Fri, 30 Jan 2015 06:49:49 -0600
    Here's a story of a fake bank in China -- a real bank, not an online bank -- that stole $32m from depositors over a year. Pro tip: real banks never offer 2%/week interest....
  • Canada Spies on Internet Downloads Thu, 29 Jan 2015 06:26:35 -0600
    Another story from the Snowden documents: According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada's equivalent of the NSA. (The Canadian agency was formerly known as "CSEC" until a recent name change.) [...] CSE finds...
  • Subconscious Keys Wed, 28 Jan 2015 06:39:37 -0600
    I missed this paper when it was first published in 2012: "Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks" Abstract: Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however, cannot resist coercion attacks where the user is forcibly asked by an attacker to reveal the key. These attacks, known as...
  • Police Using Radar that Sees Through Walls Tue, 27 Jan 2015 13:08:44 -0600
    In the latest example of a military technology that has secretly been used by the police, we have radar guns that can see through walls....
  • The IDEA Encryption Algorithm with a 128-bit Block Length Tue, 27 Jan 2015 06:24:08 -0600
    Here's an IDEA-variant with a 128-bit block length. While I think it's a great idea to bring IDEA up to a modern block length, the paper has none of the cryptanalysis behind it that IDEA had. If nothing else, I would have expected more than eight rounds. If anyone wants to practice differential and linear cryptanalysis, here's a new target...
  • Basaaly Moalin: The One "Terrorist" Caught by Section 215 Surveillance Mon, 26 Jan 2015 05:51:40 -0600
    Remember back in 2013 when the then-director of the NSA Keith Alexander claimed that Section 215 bulk telephone metadata surveillance stopped "fifty-four different terrorist-related activities"? Remember when that number was backtracked several times, until all that was left was a single Somali taxi driver who was convicted of sending some money back home? This is the story of Basaaly Moalin....
  • My Conversation with Edward Snowden Fri, 23 Jan 2015 16:57:54 -0600
    Today, as part of a Harvard computer science symposium, I had a public conversation with Edward Snowden. The topics were largely technical, ranging from cryptography to hacking to surveillance to what to do now. Here's the video. EDITED TO ADD (1/24): News article. EDITED TO ADD (1/30): Another news ">article....
  • Friday Squid Blogging: Giggling Squid Restaurant Fri, 23 Jan 2015 16:22:49 -0600
    Giggling Squid is a Thai restaurant chain in the UK. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

# WIRED Threat Level

# exploit-db.com

# Securiteam