On Deniability and Duress

Imagine you’re at a border crossing, and the guard asks you to hand over all of your electronics for screening. The guard then asks that you unlock your device, provide passwords and decryption keys. Right now, he’s asking nicely, but he happens to be carrying an unpleasant-looking rubber hose, (Yes, cryptographers actually do call this… Read more »

WhatsApp Security Vulnerability

Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages. It seems that this vulnerability is real: WhatsApp has the ability to force… Read more »

Nemucod downloader spreading via Facebook

Earlier today, a friend of mine notified me of something strange going on with his Facebook account; a message containing only an image (an .svg file in reality) had been sent automatically, effectively bypassing Facebook’s file extension filter: What is an .svg file? From Wikipedia: Scalable Vector Graphics (SVG) is an XML-based vector image format… Read more »

5900 online stores found skimming [analysis]

Update Oct 17th: already 841 stores have been fixed! Thanks to everybody who tirelessly notified and fixed stores. Update Oct 14th: Github has booted my data and I have moved to Gitlab (statement from Gitlab on this case). Online card skimming is up 69% since Nov 2015 Multiple groups involved Merchants are unaware Last week… Read more »

NoScript is harmful and promotes Malware!

NoScript proudly calls itself a security extension advertising itself as an extension with “whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality…” Well, guess again. The author has a history of doing shady things, such as messing with AdBlock filters to whitelist ads… Read more »

Seriously, Put Away The Foil

I was scanning the headlines this morning, as I do, and came across this article by YLE Uutiset (News). — “Finnish police: Keep your car keys in the fridge” From YLE’s article: “These so-called smart keys work by emitting a signal when the driver touches the door handle. The lock opens when it recognises the… Read more »

Hacking Your Computer Monitor

Here’s an interesting hack against a computer’s monitor: A group of researchers has found a way to hack directly into the tiny computer that controls your monitor without getting into your actual computer, and both see the pixels displayed on the monitor — effectively spying on you — and also manipulate the pixels to display… Read more »

Decrypting the WhatsApp Database

INTRODUCTION WhatsApp Messenger is an application used across various Mobile Platforms for instant messaging. It uses the internet to send and receive audios, videos, documents, location details, messages etc. WhatsApp saves all the message of user onto a database file in crypt form, which means no one could read anyone’s private messages. WhatsApp uses crypt2,… Read more »

Why you can’t trust things you copy and paste from web pages

Put away your wget and curl, your SOAP clients and WSDLs, WebDAV servers, REST APIs and JSON callbacks; when it comes to moving data off websites and on to your computer the sticky stuff that greases the wheels is copy and paste. This side of haptic gloves, Ctrl+C and Ctrl+V is as close as we… Read more »

Cheating in Marathon Running

Story of Julie Miller, who cheated in multiple triathlon races: The difference between cheating in 1980 and cheating today is that it’s much harder to get away with now. What trips up contemporary cheaters, Empfield said, is their false assumption that the only thing they have to worry about is their timing chip, the device… Read more »

  • English-Italian Translations

    Salma Hayek’s email account is hacked

    Posted on by

    According to reports, Hollywood actress Salma Hayek has fallen victim to hackers, who have broken into her email account and released images of her private communications. The actress, remembered equally well for her Oscar-nominated role in the biopic of Frida Kahlo as her erotic snake-dancing performance in “From Dusk Till Dawn”, had her MobileMe account… Read more »

  • Bruce Schneier, English-Italian Translations

    How Not to Carry Around Secret Documents

    Posted on by

    Here’s a tip: when walking around in public with secret government documents, put them in an envelope. A huge MI5 and police counterterrorist operation against al-Qaeda suspects had to be brought forward at short notice last night after Scotland Yard’s counter-terrorism chief accidentally revealed a briefing document. […] The operation was nearly blown when Assistant… Read more »

  • Bruce Schneier, English-Italian Translations

    The Techniques for Distributing Child Porn

    Posted on by

    Fascinating history of an illegal industry: Today’s schemes are technologically very demanding and extremely complex. It starts with the renting of computer servers in several countries. First the Carders are active to obtain the credit cards and client identities wrongfully. These data are then passed to the falsifiers who manufacture wonderful official documents so that… Read more »

  • Bruce Schneier, English-Italian Translations

    New eBay Fraud

    Posted on by

    Here’s a clever attack, exploiting relative delays in eBay, PayPal, and UPS shipping: The buyer reported the item as “destroyed” and demanded and got a refund from Paypal. When the buyer shipped it back to Chad and he opened it, he found there was nothing wrong with it — except that the scammer had removed… Read more »

  • English-Italian Translations

    Gmail users hit viddyho phishing chat attack

    Posted on by

    Here follows the source text of another translation from Graham Cluley’s blog : It’s not been a good 24 hours for Gmail users. Having survived a blackout yesterday morning, fans of Google’s email system have been the target of phishing campaign spreading via the Google Talk chat system. The unsolicited instant messages urge Gmail users… Read more »

  • English-Italian Translations

    A sting in the tail of the “Error Check System” Facebook scare

    Posted on by

    Here follows the source text of another translation from Graham Cluley’s blog : Earlier today I warned you about a third-party Facebook application called “Error Check System” that has been moving in mysterious ways on the social network. Naturally, a lot of people will have been searching for information about “Error Check System” and if… Read more »

  • English-Italian Translations

    Beware “Error Check System” Facebook application

    Posted on by

    Here follows my first translation of Graham Cluley’s blog. Graham Cluley is a british programmer and ‘Senior Technology Consultant’ at Sophos, a world known developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam and Network Access Control for desktops, servers, email systems and other network gateways. Many thanks to Graham for his… Read more »

  • Bruce Schneier, English-Italian Translations

    Another Password Analysis

    Posted on by

    Here is the original post by Bruce Schneier (the source text of my translation): Here’s an analysis of 30,000 passwords from phpbb.com, similar to my analysis of 34,000 MySpace passwords: The striking different between the two incidents is that the phpbb passwords are simpler. MySpace requires that passwords “must be between 6 and 10 characters,… Read more »

  • Bruce Schneier, English-Italian Translations

    Giving Out Replacement Hotel Keys

    Posted on by

    Here is the original post by Bruce Schneier (the source text of my translation): It’s a tough security trade-off. Guests lose their hotel room keys, and the hotel staff needs to be accommodating. But at the same time, they can’t be giving out hotel room keys to anyone claiming to have lost one. Generally, hotels… Read more »

  • Bruce Schneier, English-Italian Translations

    Clickjacking

    Posted on by

    Here is the original post (the source text of my translation): Good Q&A on clickjacking: In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click… Read more »