The Ambassador

The Ambassador is both warrior and diplomat. He listens to the words of those who deserve influence and guides those in his care as he guides himself. He acts not selfishly but for the betterment of all.

Securing the Nest Thermostat

A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nest's remote data collection....


Fingerprinting Computers By Making Them Draw Images

Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now. Article. Hacker News thread. EDITED TO ADD (7/22): This...


Friday Squid Blogging: Squid Dissection

A six-hour video of a giant squid dissection from Auckland University of Technology. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....


NASDAQ Hack

Long article on a sophisticated hacking of the NASDAQ stock exchange....


US National Guard is Getting Into Cyberwar

The Maryland Air National Guard needs a new facility for its cyberwar operations: The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive...


Hackers Steal Personal Information of US Security-Clearance Holders

The article says they were Chinese but offers no evidence: The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their...


Security Against Traffic Analysis of Cloud Data Access

Here's some interesting research on foiling traffic analysis of cloud storage systems. Press release....


Risks of Keyloggers on Public Computers

Brian Krebs is reporting that: The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. It's actually a very hard problem to solve. The adversary can...


Legal Attacks Against Tor

Last week, we learned that the NSA targets people who look for information about Tor. A few days later, the operator of a Tor exit node in Austria has been found guilty as an accomplice, because someone used his computer to transmit child porn. Even more recently, Tor has been named as a defendant in a revenge-porn suit in Texas...


GCHQ Catalog of Exploit Tools

The latest Snowden story is a catalog of exploit tools from JTRIG (Joint Threat Research Intelligence Group), a unit of the British GCHQ, for both surveillance and propaganda. It's a list of code names and short descriptions, such as these: GLASSBACK: Technique of getting a targets IP address by pretending to be a spammer and ringing them. Target does not...