Smart toilet’s bidet hacked via Bluetooth, gives new meaning to ‘backdoor vulnerability’

Smart toilet’s bidet hacked via Bluetooth, gives new meaning to ‘backdoor vulnerability’

The smart toilet is vulnerable via its built-in Bluetooth radio, allowing hackers to remotely open or close the lid, flush the toilet, or, perhaps most perturbingly, activate the built-in bidet function.

Troy Hunt: Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt: Beyond Passwords: 2FA, U2F and Google Advanced Protection

For example, if you physically have someone's mobile phone in your hand and it's unlocked, you could login to an account by initiating a password reset, receiving the email in their email client then entering the "2nd factor" token sent via SMS or generated by a soft token app on the device.

Minister in Charge of Japan’s Cybersecurity Says He Has Never Used a Computer

Minister in Charge of Japan’s Cybersecurity Says He Has Never Used a Computer

Japanese lawmakers were aghast on Wednesday when Yoshitaka Sakurada, 68, the minister who heads the government’s cybersecurity office, said during questioning in Parliament that he had no need for the devices, and appeared confused when asked basic technology questions.

Fake fingerprints can imitate real ones in biometric systems – research

Fake fingerprints can imitate real ones in biometric systems – research

Based on those insights, the researchers used a common machine learning technique, called a generative adversarial network, to artificially create new fingerprints that matched as many partial fingerprints as possible.

SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

TLS 1.3 has a heavily touted feature called 0-RTT that has been paraded by CloudFlare as a huge speed benefit to users because it allows sessions to be resumed quickly from previous visits. In the screen that pops up, enter security.tls.enable_0rtt_data into the search bar, and make sure that the setting is set to FALSE.

The Lie Behind the Lie Detector

The Lie Behind the Lie Detector

"As the lie behind the lie detector becomes more and more widely known, those agencies that rely on polygraphy will be able to fool fewer of the people less of the time. Chapter Three exposes the trickery on which polygraph "testing" depends.

The father of the web is redefining the internet, and he’s not asking for permission

The father of the web is redefining the internet, and he’s not asking for permission

In response to the growing threat of data-hungry internet enterprises, Sir Tim Berners-Lee’s new initiative, Inrupt, is aiming to decentralize the web and rewrite the rules of online business with its new open-source project, Solid.

FCC Net Neutrality Repeal: Ignoring the Digital Privacy of Millions of Users

FCC Net Neutrality Repeal: Ignoring the Digital Privacy of Millions of Users

Pai, the former Verizon lawyer, even halted a data security rule that would require ISPs to take “reasonable” steps to protect customer information from unauthorized use or access, making sure Internet providers aren’t at fault if your data is exposed.

Tech sector says Peter Dutton's encrypted message 'back door' will jeopardise digital security

Tech sector says Peter Dutton's encrypted message 'back door' will jeopardise digital security

That is why the Home Affairs Minister, Peter Dutton, has been so keen to pass laws forcing messaging companies to put "back doors" into their technology, allowing authorities to access these otherwise secret communications.

"I'm a person, not a number" - why microchipping staff is a sinister step too far

"I'm a person, not a number" - why microchipping staff is a sinister step too far

It revealed over 50 per cent of workers think their employer is monitoring them at work – and that many feared new technology was going to make workplace monitoring even worse.

The Motherboard Guide to Not Getting Hacked

The Motherboard Guide to Not Getting Hacked

The future is probably not going to get better, with real-life disasters caused by internet-connected knick-knacks , smart home robots that could kill you , and your telecom providers who routinely lose customer data and unwittingly help hackers steal your phone number (and sometimes your money.) Meanwhile, an ever-growing and increasingly passive surveillance apparatus that has trickled down to state and local police is an ever-present threat to our digital privacy and increasingly uses technology that is developed by Silicon Valley giants who are supposedly consumer-focused.

Bitwarden Completes Third-party Security Audit – Bitwarden Blog

In the interest of providing full disclosure, below you will find the technical report that was compiled from the team at Cure53 along with an internal report containing a summary of each issue, impact analysis, and the actions taken/planned by Bitwarden regarding the identified issues and vulnerabilities.

Moody's is going to start building the risk of a business-ending hack into its credit ratings

Moody's is going to start building the risk of a business-ending hack into its credit ratings

"If you look at the history of data breach and data disclosure issues, they're not quite as impactful as the business disruption events," Vadala said.

Congress May Consider a U.S. Version of GDPR

Congress May Consider a U.S. Version of GDPR

Even after all the committee hearings and the flurry of legislative proposals introduced in the House of Representatives and the Senate, there hasn’t been a lot of movement on security and privacy out of Congress over the past few years.

IOS 11 Horror Story: the Rise and Fall of iOS Security

IOS 11 Horror Story: the Rise and Fall of iOS Security

If the attacker has your iPhone and your passcode is compromised, you lose your data; your passwords to third-party online accounts; your Apple ID password (and obviously the second authentication factor is not a problem).

How to improve security when using IoT or Smart Home devices

How to improve security when using IoT or Smart Home devices

With the advent of the Internet of Things (IoT) and Smart Home devices, our environments are becoming more connected however this comes with the compromise of security. So what is the best way to secure your network when using IoT or Smart Home devices?

Why surveillance is even worse for your privacy than you thought: three cautionary tales

Why surveillance is even worse for your privacy than you thought: three cautionary tales

If it is retained, use by criminals is not the only risk: the authorities may demand legal access in order to use that data as they wish, including against the person who caused it to be stored.

Pssst... Wanna buy a digital identity? Only $50

Pssst... Wanna buy a digital identity? Only $50

It finds that for under $50, criminals can sell a person's complete digital life on the dark web, including data from breached social media accounts; banking details; remote access to servers or desktops; data from popular services like Uber, Netflix, and Spotify; and accounts for gaming websites, dating apps and porn websites, which might include credit card information.

Microsoft Office Was Hackers' Favorite App Target This Year

Microsoft Office Was Hackers' Favorite App Target This Year

Kaspersky blocked 796.8 million attacks around the globe in Q1 2018, and the company found that one popular productivity suite was the victim of more than 47 percent of exploits: Microsoft Office.

Australian bill spells trouble for data privacy around the world

Australian bill spells trouble for data privacy around the world

An unlikely alliance of tech companies, start-ups and digital consumer rights groups has locked horns with the Australian government over its proposed anti-data encryption law, currently under review by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

Searching For Privacy

Searching For Privacy

Yes, it’s a little-known secret, but there are ways you can search the web without giving up your privacy. This post is simply to inform you of options besides the traditional search engines like Google and Internet Explorer.

Iris Recognition

Iris Recognition

Making the risk of data breach even greater, law enforcement often stores its iris biometrics on databases operated by vendors and other private third parties.

Popular browsers made to cough up browsing history

Popular browsers made to cough up browsing history

One of the visited-link attacks – CVE2018-6137, a bug in Chrome 67 that Google fixed in June – peeled off user browsing history at the rate of 3,000 URLs per second.

Privacy vs. security: Why the widespread use of encryption is essential to national security

Privacy vs. security: Why the widespread use of encryption is essential to national security

Most recently, the Australian government has waged a campaign to promote encryption backdoors, which would weaken the right to privacy and make us all less safe. Proponents of these kinds of laws say encrypted services, like WhatsApp or ProtonMail, allow criminals to plan and carry out attacks beyond the reach of police.

Private messages from 81,000 hacked Facebook accounts for sale

Private messages from 81,000 hacked Facebook accounts for sale

Hackers appear to have compromised and published private messages from at least 81,000 Facebook users' accounts. The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

The Privacy Battle to Save Google From Itself

The Privacy Battle to Save Google From Itself

Every employee—from research scientists to engineers, program managers, and executives—described a single shared goal: to respect Google users and help them understand and control their data as they generate it in real time on Google’s services.

Why “Cyber” is Red-Hot (and why it’s a Burning Civil Liberties Issue) - BC Civil Liberties Association

Why “Cyber” is Red-Hot (and why it’s a Burning Civil Liberties Issue) - BC Civil Liberties Association

Cyber security is increasingly a national security matter; think: cyber-attacks against critical infrastructure or military equipment (like power grids and satellites). Many countries are responding to these threats, including Canada, which has a new National Cyber Security Strategy.

Google Online Security Blog: Announcing some security treats to protect you from attackers’ tricks

Verify critical security settings to help ensure your account isn’t vulnerable to additional attacks and that someone can’t access it via other means, like a recovery phone number or email address.

Spy and police chiefs demand passage of Australian encryption access law

Spy and police chiefs demand passage of Australian encryption access law

Without providing any evidence, Australian Security Intelligence Organisation (ASIO) chief Duncan Lewis told a parliamentary committee hearing on October 19 that suspected terrorists were using encrypted messages to plan potential attacks.

Apple's T2 security chip disconnects a MacBook's microphone when users close the lid

Apple's T2 security chip disconnects a MacBook's microphone when users close the lid

Apple revealed today that all new notebooks that come with a built-in T2 security chip will now disconnect the built-in microphone at the hardware level when users close their devices' lids.

More