Nicholas Weaver

February 18, 2016

This is Why People Fear the ‘Internet of Things’

This post was originally published on this siteImagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt. The FI9286P, a Foscam camera that includes P2P communication by default. This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure […]
February 22, 2016

The Lowdown on the Apple-FBI Showdown

This post was originally published on this siteMany readers have asked for a primer summarizing the privacy and security issues at stake in the the dispute between Apple and the U.S. Justice Department, which last week convinced a judge in California to order Apple to unlock an iPhone used by one of assailants in the recent San Bernardino massacres. I don’t have much original reporting to contribute on this important debate, but I’m visiting it here because it’s a complex topic that deserves the broadest possible public scrutiny. Image: Elin Korneliussen (@elincello) A federal magistrate in California approved an order (PDF) granting the […]
March 21, 2016

Carders Park Piles of Cash at Joker’s Stash

This post was originally published on this site A steady stream of card breaches at retailers, restaurants and hotels has flooded underground markets with a historic glut of stolen debit and credit card data. Today there are at least hundreds of sites online selling stolen account data, yet only a handful of them actively court bulk buyers and organized crime rings. Faced with a buyer’s market, these elite shops set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service. An ad for new stolen cards on Joker’s Stash. Today’s post examines […]
May 18, 2017

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

This post was originally published on this siteIdentity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between […]