"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."
Jake WilliamsAny time someone says "don't do end to end encryption, we can keep the data safe" just remind them of Shadow Brokers. We still don't even know how the Shadow Brokers stole the data they leaked (which included ETERNALBLUE, fueling WannaCry & NotPetya). 1/2
New Bedford officials decide to restore from backups after negotiations fail.
Jake WilliamsThis is a great case study of ransomware attacks on municipalities. Attackers asked for $5.3 million. The city offered less than 10% of that and attackers ignored the offer. It's likely that bad faith efforts like this will hurt legitimate negotiations 1/2
A complaint has been filed in United States District Court, Southern District of New York by Crown Sterling, Ltd., LLC, an emerging digital cryptograp
Jake WilliamsRemember the folks at BlackHat with the sponsored session on crypto that was devoid of... checks notes... math? They're suing BlackHat now.
Suing a hacker conference, loved by hackers, because you were called out for a bad presentation is a BAD PLAN(tm).
Lake City's online systems were compromised about three weeks ago by malware attackers. This week the city agreed to pay the ransom requested by the attackers. But one cybersecurity expert says paying the ransom is not a good idea.
Jake WilliamsLake City, FL fired their director of IT after being crippled by ransomware and paying $460k in ransom. But is it really the IT director's fault? Did Lake City set themselves up for a wrongful termination suit? 1/2
Backdoor discovered in Agama cryptocurrency wallet. Unconventional tactic saves users from getting robbed.
Jake WilliamsThis story by @campuscodi is absolutely mental. The company learned of a vulnerability in a third party library, then hacked their own users and took their cryptocurrency for safe keeping before real hackers could. Legal? Ethical? Where's the line?
Research by: Nadav Grossman Introduction In this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an...
Jake WilliamsA WinRAR vulnerability existed for 19 years without being discovered. This speaks to how vulnerabilities can hide in legacy software. I regularly hear "if it was vulnerable, there would be an exploit already. Um, ok. 19 years...
The founder says the charge is ‘baseless,’ but that hasn’t stopped employees at some of the most important infosec companies from posting misogynistic comments in a closed Facebook group.
Jake WilliamsThis article from @lorenzofb unearths a dark side of our community that many pretend doesn't exist. The fact that they congregate in the open, most of them without using pseudonyms, indicates they think they are safe to spew misogyny. They should not be.
The following editorial will take you inside the dark world of data brokering, as we expose the backroom deals in which fifteen years of customer data from defunct Canadian retailer NCIX were sold.
Jake WilliamsThis is one of the most eggregious data breaches ever and highlights #supplyChain risk. Vendor stops paying rent, warehouse seizes servers and sells them (with data) unaltered. Millions of records, including plaintext passwords, already sold. Wow.
As the 2 billion user-strong platform grapples with misinformation, a training document for Facebook content moderators incorrectly claimed an image was of violence in Myanmar.
Jake WilliamsThis is a VERY IMPORTANT story from @josephfcox about Facebook's own "Fake News" training documents. By convention, the training materials should be written by the experts, but they themselves fell for fake news. This is a *hard* problem. 1/n