WIRED infosec links October 3, 2014

October 3, 2014

Google and Apple Won't Unlock Your Phone, But a Court Can Make You Do It - Andy Greenberg - WIRED

Silicon Valley’s smartphone snitching has come to an end. Apple and Google have promised that the latest versions of their mobile operating systems make it impossible for them to unlock encrypted phones, even when compelled to do so by the government. But if the Department of Justice can’t demand that its corporate friends unlock your phone, it may have another option: Politely asking that you unlock it yourself, and letting you rot in a cell until you do.

MIT Students Battle State's Demand for Their Bitcoin Miner's Source Code - Kim Zetter - WIRED

The mining tool, known as Tidbit, was developed in late 2013 by Rubin and his classmates for the Node Knockout hackathon—only Rubin is identified on the subpoena but his three classmates are identified on the hackathon web site as Oliver Song, Kevin King and Carolyn Zhang. The now defunct tool was designed to offer web site visitors an alternative way to support the sites they visited by using their computers to mine Bitcoins for them in exchange for having online ads removed.

Kevin Mitnick, Once the World's Most Wanted Hacker, Is Now Selling Zero-Day Exploits - Andy Greenberg - WIRED

Late last week, Mitnick revealed a new branch of his security consultancy business he calls Mitnick’s Absolute Zero Day Exploit Exchange. Since its quiet inception six months ago, he says the service has offered to sell corporate and government clients high-end “zero-day” exploits, hacking tools that take advantage of secret bugs in software for which no patch yet exists. Mitnick says he’s offering exploits developed both by his own in-house researchers and by outside hackers, guaranteed to be exclusive and priced at no less than $100,000 each, including his own fee.

This post first appeared on Exploring Information Security.

InfoSec links September 4, 2014

September 4, 2014

Aaron's Law Is Doomed Leaving US Hacking Law 'Broken' - Thomas Brewster - Forbes

There are various reasons for the impasse. One is that the plans simply haven’t elicited much interest from lawmakers or the general public, said Orin Kerr, professor of law at the George Washington University Law School. “This reform only captured the attention of a small group of people. It’s not an issue that resonates with the public – at least yet,” Kerr told me.

Privacy Under Fire: Aaron Sorkin Saw It Coming In 1999 - Bill Brenner - Liquidmatrix

In the episode, Bartlet has nominated a man for the Supreme Court whose writings suggest a lack of regard for Americans’ right to privacy. During a heated Oval Office discussion, presidential advisor Sam Seaborn explains why their candidate’s views will be dangerous in the first part of the 21st century.

These 3-D Printer Skeleton Keys Can Pick High-Security Locks in Seconds - Andy Greenberg

Even so, bump keys have long been tough to create for high security locks that use obscure, complex key blanks. Many lock makers carefully trademark or patent their key blank designs and prevent them from being sold to anyone outside a small group of verified customers. But with the advent of 3D printing, those restrictions can’t stop lockpickers from 3D printing their own blanks and filing them into bump keys—or simply printing bump keys with their teeth already aligned with a lock’s pins. In this video, Holler demonstrates a 3D-printed and filed bump key for an Ikon SK6, a key that uses restricted, carefully contorted blanks that can’t even be created by many key-milling machines.

This post first appeared on Exploring Information Security.

'Hacker Summercamp' links August 11, 2014

August 11, 2014

Meet the Puzzle Mastermind Who Designs Def Con's Hackable Badges - Kim Zetter - WIRED

This is really cool and I am jealous of anyone that got one of these badges.

Dan Geer Touts Liability Policies For Software Vulnerabilities - Sara Peters - Dark Reading

Another angle on Dan Geer’s opening keynote at Black Hat. Rafal Los linked to the full talk on Twitter if you’re interested:

You should read Dan Geer's Black Hat '14 speech ... http://t.co/1KeOOjk8M9 http://t.co/OhaHJGoDtN
— Rafał Łoś (@Wh1t3Rabbit) August 8, 2014

John McAfee: Google and Facebook's Erosion of Privacy is a Tragedy - Phil Muncaster - Infosecurity Magazine

John McAfee had an interesting closing talk at BSides Las Vegas about privacy.

This post first appeared on Exploring Information Security.

InfoSec Links April 17, 2014

April 16, 2014

Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say - David E. Sanger - New York Times

Disclosure of vulnerabilities by the government can be a bit more complex than it would seem. Still, I believe the governments primary goal should be defense, not offense.

At Feds' request, GoGo in-flight Wi-fi service added more spying capabilities - Joe Silver - ars technica

If you plan on using airplane WiFi, then be prepared to hand over anything you do on that WiFi to the government.

A telephone box near GCHQ gets a visit from Banksy - Graham Cluley

This is a pretty good indication of how street artist Banksy feels about the GCHQ.

This post first appeared on Exploring Information Security.