Information

Make sure that the device that’s supposed to help you keep tabs on your little one isn’t itself a privacy and security risk We’ve probably all read horror stories online: a parent is woken in the middle of the night by strange noises coming from their child’s bedroom. They open the door, only to find a stranger “talking” to their baby through the monitor. While rare, such cases do happen from time to time. Smart…

by Paul Ducklin Well-known cybersecurity researcher Fabian Bräunlein has featured not once but twice before on Naked Security for his work in researching the pros and cons of Apple’s AirTag products. In 2021, he dug into the protocol devised by Apple for keeping tags on tags and found that the cryprography was good, making it hard for anyone to keep tabs on you via an AirTag that you owned. Even though the system relies on…

The digital skills gap, especially in cybersecurity, is not a new phenomenon, with the problem now further exacerbated by the prevalence of burnout Discussion of the resourcing issues within the cybersecurity sector is not a new phenomenon; according to Cybersecurity Ventures, the number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million. The article breaks this number down further, estimating that there are 1 million cybersecurity workers in…

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars In years past, a massive Windows exploit netted mass casualties, but here at Black Hat, talks turned toward other massive attack platforms like clouds and cars. Windows is no longer alone at the front of the pack, hackwise – it has company. It makes sense. If…

The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain Twenty years ago, Paul Vixie published a Request for Comments on Repudiating MAIL FROM that helped spur the internet community to develop a new way of fighting spam with the Sender Policy Framework (SPF). The issue then, as now, was that the Simple Mail Transfer Protocol (SMTP), which is used to send email…

Don’t worry, elections are safe – this is just one highlight from the DEF CON 30 conference. Scattered around a bevy of tables in the election hacking village here at DEF CON 30 are all the devices – opened wide – that are supposed to keep elections safe. Oh, the irony. It’s unclear how some of these devices ended up here, another unsolved mystery. Luckily, they contain a myriad of tamper-resistant defenses, but from the…