Google’s reCaptcha cracked again

A couple of important points here. What was theoretically broken was the audio alternative option in reCaptcha. Bad but not as bad as it could be. What is probably worse, though, is that an exploit has been previously published of this same option, in fact using Google’s own voice processing API’s against it. Nothing about how Google can or will shore up this vulnerability.
Read More …

GnuPG project holding a fund raising rally

Gnu Privacy Guard, an open source crypto tool compatible with OpenPGP and laterally supporting dozens of different uses is trying to raise funds for a few months of some additional developers time. I use GPG daily, including signing and encrypting my mail, securing online chats, keeping my password store safe, and so much more. Please check it out and help if you can. If you want to know more ways to use GPG, find me on Freenode at #cmdln or keybase.
Read More …

IoT security anti-patterns

Saw this on Boing Boing, thanks again to Cory. Junade Ali at CloudFlare catalogs a few practices implementing IoT devices that contribute to the overall poor state of security. Importantly, there are recommend alternatives that maintain or improve security. We clearly need more of this, alongside existing resources like the OWASP security guide, both for manufacturers and for expert users to effectively hole them to account.

Read More …

Vaccinating IoT worm possibly uncovered

A bad idea comes back around, this time applied to the Internet of Things. The notion of a bit of self propagating code that defends instead of attacks is arguably as old as the Internet. It is never a good idea given the huge space of unintended consequences from unpredictable interactions with existing software to simple bugs exposing affected devices even more so than untouched ones. It is always better for devices owners to be aware of updates to their devices, ideally through a known and trusted mechanism.

Read More …