Millions of Devices Share Common SSH Keys and TLS Certs

Embedded within the ROMs of millions of routers, cameras, and other IP connected devices.

Toymaker VTech Hacked, 5 Million Records Exposed

Information on 5 million parents and 200000 children.

Flow Batteries

Hold 10 times as much as current batteries.

Jeff Kell Obituary

I worked with Jeff for over 20 years.  He will be missed.

"eDellRoot2," Another Dell Cert Found

Another certificate has been found issued by Dell on some of its computers that would allow the bad guys to "sniff" your surfing.

FAA Pushing Voluntary Drone Registration

Register your unmanned aircraft (less that 55 lbs) with the FAA for the stability and security of the US Airways.

Malware Planted at Hilton Hotels, Check Your Credit Card Statements

If you've stayed at a Hilton recently, time to review your CC statements and see what Hilton is doing to protect you.

Dell Responds to "eDellRoot"

A "Sorry" and instructions on how to remove the bad certificate.  They will issue a software update Nov 24 to automatically remove it.

Wordpress.com No Longer Running "WordPress Interface"

The interface to the hosted version of WordPress has been rewritten "from the ground up." 

Dell's "SuperFish" Certificate Error

Dell has a self signed certificate that is accepted and can be easily used by malware that might be installed on a PC.

Nanophotonics - The Power of White Lasers

Could allow for the implementation of LiFi, network connectivity over indoor lighting.

Apple, Google, Twitter, Facebook, and Others Say We Need Strong Encryption

Big companies seem to agree that government backdoors could be exploited by the bad guys and if they know about the backdoor they will just use another layer of encryption.

Windows 10 Virtual Desktops

I have found the virtual desktops on OS X to be vital to my usage of a laptop, Windows 10 has a similar technology.

New Versions of Nmap and Wireshark

Nmap has been updated to version 7 while Wireshark is now at version 2.

TrueCrypt Passes Another Audit

A German security firm audited TrueCrypt and found it "safe to use."

StarWood Hotels, Operator of Many Major Hotel Chains, Hacked

If you've stayed in a hotel recently you might want to checkout the list of more than 50 hotels affected by the breach.  

How Covert Channels Drain Android's Battery Life

MIT investigates how many popular apps, even when told not to communicate externally, use covert channels to transfer information about what you are doing.

Android Accessibility Service Can Bring Malware

Installing Apps from 3rd party stores can bring malware that exploits the Accessibility Service and can survive a full factory reset.

Swatting Can Bring 5 to Life

Sending a SWAT team to someone's house could get you 5 to life in prison.

Amazon Enables Two Factor Authentication

You can now secure your Amazon browsing with TFA.

Comcast Leaking Names and Locations of XfinityWiFi Customers

Your Comcast-provided XfinityWiFi router may be offering WiFi to other Xfinity customers in the area.  That services seems to be leaking real names and locations to search engines.

Zero Day Exploit Cost Chart

Wired is reporting on the costs of exploits from the firm Zerodium.  WordPress and the like are the cheapest.

BadBarCode - Hacking with Bar Codes

A researcher has shown how to hack vulnerable apps using embedded special control characters.

Freeing up space with Google Photos

Soon the Google Photo App will suggest photos you can delete from your device (because they've been uploaded to Google) and the Google Photo Site will suggest "downgrading" the quality of your photos to save space.

Google+ now focusing on Collections and Communities

New focus, new "home stream," new look.  Google is trying to get you to use G+ as some combination of Reddit and Facebook.

VirusTotal now accepts Android and OS X Malware

The largest malware sandbox now can handle both Android and OS X malware samples.

T. Cook says no iOS/OS X convergence

So it seems that the iPad Pro v2 and derivatives wont ever run OS X.  I seem to remember S. Jobs saying no one needs a stylus as well.

Facebook to warn parents, "Are you sure you want to post this picture of your children?"

Drawing on its facial recognition technology DeepFace, Facebook will soon start warning users when posting pictures of children.

Javascript flaw endangers Android Chrome App

A new zero day found in Chrome for Android could allow full access to the bad guys by just visiting a malicious site.

FBI says it did not pay academic researchers to unmask Tor

The Tor group, creators of the anonymizing software, says they have proof that the FBI paid $1 million to CMU to "break" Tor security.

Anonymous increases up cyber assault on ISIS

The "hactivist" group Anonymous, already "at war" with ISIS, has stated it will increase efforts to expose the terrorist group and its activities.

Linked In app may be pilfering your data even though you said no

A user on Reddit (granted not the WSJ) details on efforts to keep contact info from the Linked In App.

You can't hear it, but you phone could be talking to your tablet and their both tracking you...

Now it appears that ads, running on two different devices, may be able to emit a sound at a frequency "beyond human hearing" to "pair" with each other in an effort to better track you.

Windows 10 November Update

Microsoft will soon release a large update for Windows 10 including fixes and new (mostly enterprise friendly) features.  In the Windows NT days this would be Service Pack 1.

Review of the iPad Pro

Ars reviews the largest and most powerful iPad so far.

Adobe November Patch Tuesday

Adobe has released an updated version of Flash that patches 17 vulnerabilities.  If you use Flash, patch now.  Windows 10 and Chrome automatically patch Flash.

Microsoft November Patch Tuesday

There are several critical vulnerabilities including ones that affect Internet Explorer and Edge (the new Windows 10 browser.)  Make sure to patch your Microsoft products ASAP.

List of 590k Comcast Usernames and Password found.

A security researcher found almost 600000 usernames and passwords for sale on the Dark Web.  Comcast says it wasn't a breach, but better to reset your password just in case.

Website Ransomware

A new Linux malware scans for vulnerable sites (bad plugins) encrypts files (php, txt, html, etc.)  and demands payment to get them back.

New OmniRAT Multi Platform Malware for $25

Avast has found a cheap malware that can give you control over Android, Mac, Windows, and Linux.

New Ransomware Will Post Your Dirty Laundry

A new version of the Crypto* malware will encrypt your stuff and post your sensitive files if you don't pay.

Don't get your Android Apps from 3rd Party Stores

Over 20000 "trojanized" apps that will "root" your device and steal your data.

Google releases more StageFright patches for Android

Hopefully manufacturers will also produce patches soon.

One Million Dollars paid to creators of IOS 9.x Zero Day

Visit a website and get pwned.  A company wanted a zero day and they got one.

Facebook Changes Real-Name Policy

You can now go by a pseudonym under certain circumstances.

Microsoft drops "unlimited" OneDrive storage, 1TB new limit

Uploads of up to 75TB to some accounts and that nerfs it for everyone else.

PageFair, the Anti Adblock Service, Hacked and Serving Malware for 83 minutes.

Spear phishing success allowed the bad guys to use the CDN to distribute malware.