LinkLocker

LOGIN

Black Hat Badge Attack Reveals Attendees' PII

In a brief blog post full of informative screenshots, a Colorado security researcher known as NinjaStyle details how easily he was able to figure out how to pull personal information belonging to attendees of this year's Black Hat security conference. His snooping reveals that personally identifiable information for every attendee of the conference could be gathered in as little as six hours from an API used in collating marketing data via scans of attendee's conference badges. NinjaStyle found that he could pull his ...

» Read more...


WhatsApp Co-Founder Funds New Signal Foundation

The news about the new Signal Foundation is encouraging, provided that new stakeholders like Acton (and presumably others) don't get it in their heads to screw things up in the usual Silicon Valley way of screwing good things up. Moxie Marlinspike remains at the helm, and I trust him to keep Signal from becoming another ad-driven sinkhole of VC grossness. Also, the fact that this new entity is a non-profit ought to keep the incentives of all involved relatively pure.

It will be exciting ...

» Read more...


Identity Verification over the Phone Is a Mess

Yesterday afternoon I found myself in the position of needing to call a national bank on the telephone in response to what turned out be a false fraud warning placed on my credit card account. Everything about the incident—from the fraud warning itself right up through the way the bank sought to resolve the problem—points to a systemic failure on the part of a huge and well-known financial institution to understand some of the most basic tenets of information security. These misapprehensions seem ...

» Read more...


Run Your Own Secure VPN Service with Algo

Algo, a project by Trail of Bits, is a VPN that you host yourself on a VPS of your own choosing. Self-hosted VPN's can be complicated to set up, but Algo is pretty easy: just download the files to your local machine, register for an account (if you don't have one already) at Amazon Web Services, Digital Ocean, or Google App Engine, and then run three commands in the terminal. That's pretty much it. In about 10 minutes, you have an easy, secure IPSec VPN.

» Read more...


Web History Pollution Is No Privacy Panacea

In the wake of Congress' recent vote to reverse FCC rules that would require ISP's to obtain customers' permission before selling their browsing histories to marketers, concerned consumers have been searching for some way to prevent their providers from having a complete record of their browsing habits. VPN services seem to be the most often recommended solution, but as security researcher Brian Krebs explains, finding a trustworthy VPN is key—otherwise you might just be handing your browsing history to yet another third party ...

» Read more...