Wyden: ‘Plans to Weaken Strong Encryption Are a Double Loser’
Sen. Ron Wyden, who has been perhaps the most outspoken legislator on the topic of encryption, privacy, and government intervention in technology, said he will “use every power I have as senator” to prevent lawmakers from passing laws that weaken encryption. Wyden (D-Ore.) spoke Tuesday at RightsCon, a conference on digital rights and privacy, and […]
On the Wire Podcast: Mike Mimoso on the Apple-FBI Case
Dennis Fisher talks with Mike Mimoso of Threatpost about the details of Apple’s legal and PR battle with the FBI and federal government. The case involves a lot of oddities, including the FBI’s choice to play it out in public, why the FBI didn’t seek help from forensics experts, and why the government decided that […]
1,418 Bugs in Medical Devices, Zero Patches
There are vulnerability reports, and there are Vulnerability Reports. The latest and perhaps best entry in the latter category is a disclosure of more than 1,400 vulnerabilities in a variety of medication-supply devices manufactured by CareFusion. The affected devices are CareFusion’s Pyxis SupplyStation systems, automated cabinets that allow medical personnel to dispense medication and monitor […]
New Florida Law Exempts Agencies From Reporting Some Breach Details
Florida’s governor has signed a bill that allows state agencies not to release details of data breaches and security audits if that information would “facilitate the unauthorized access, modification, disclosure or destruction of data”. The new law, which went into effect on Friday, requires that agencies still release details of breaches to a group of state law […]
Apple Case May Cast a Long Shadow
Now that the Department of Justice has withdrawn its lawsuit against Apple in the case concerning the San Bernardino shooter’s iPhone, it’s clear that the legal and media battles of the last month and a half have produced more questions than they’ve answered. Chief among those remaining questions is this: What was the point? The […]
Treasurehunt PoS Malware Hitting Soft Targets
Researchers are tracking a new version of some point-of-sale malware that has some of the same memory scraping capabilities as other PoS threats, but appears to have been developed specifically for one attacker and is being used in targeted operations against banks and smaller retailers. The malware is known Treasurehunt and researchers say it has […]
Facebook Testing Anti-Impersonation Feature
Phishing and account takeover attacks take many forms, especially on massive platforms such as Twitter or Facebook, and defending against them is a tall order. Facebook has tried a number of tactics over the years, and now the company is testing a new feature that will detect and warn users when someone else is trying […]
By the Numbers: Data Breach Attack Tactics
Data breaches once were rare enough that every one was a big story. Remember ChoicePoint? Now they’re so commonplace that consumers hardly blink when they get a data breach notice or new credit card in the mail. It’s a part of modern life. While these compromises are numbingly frequent, there’s a lot of data being […]
Comey: NAND Mirroring Doesn’t Work
The FBI director says the prevailing theory about the alternative method the bureau is testing for unlocking the iPhone in the San Bernardino case, a technique called NAND mirroring, “doesn’t work”. Speaking at a press conference Thursday with the United States Attorney General Loretta Lynch regarding the terror attacks in Brussels, FBI Director James Comey […]