What could go wrong if-as a joke-your being asked if you could hack the former prime minister of Australia Tony Abbott? Well Alex Hope has documented it. Finding pictures of boarding pass he could log into the booking system of the airline (without additional authentication). Then he found out that the systems leaked sensitive information (passport number, telephone number, airline-internal comments about the passenger). He then went through the whole charade of finding someone in government responsible for concrete data security issues. 😵
There’s even an interesting section on when he finally gets through to Tony Abbot and they talk on a very personal level. Given the reason they were talking in the first place it also revolved about how complicated technology seems to be and how you learn how it works.
This lead Alex to reflect about how he started learning things and how you have to change your thinking when you are “hacking.” He gives a great example which he summarizes with:
In conclusion, to be a hacker u ask for tap water.
Thomas Dullien of Google’s Project Zero on why security suffers because it’s actually cheaper to build more complex things (i.e. ship some piece of hardware with a general purpose processor and define features in software instead of using a purpose-built chip).
The Rowhammer class of exploits never stops to amaze.
David Eaves has some interesting thoughts on what Mafia can tell us about trust and security. He also has a few ideas on how the physical game setup gives advantage to different parties.
WhatsApp just announced they enabled end-to-end encryption for all their users … this is huge news. They have put a white paper up describing their implementation. Good news: it’s based on the Signal protocol and first tests seem to suggest they did it properly. ?
This is so moronic I almost fell off my chair laughing: it seems like the TSA spent $47,000 on a “random lane picker.” Please, you be the judge whether it was worth it:
It needs to be operated manually … with hygienic gloves! ?
The plaintiffs in Toyota’s Unintended Acceleration lawsuit had someone with knowledge in building embedded software had a look at Toyota’s source code:
possible bit flips, task deaths that would disable the failsafes, memory corruption, single-point failures, inadequate protections against stack overflow and buffer overflow, single-fault containment regions, thousands of global variables. The list of deficiencies in process and product was lengthy.