Collaborate Disseminate
A Connecticut man who’s earned “bug bounty” rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned. Continue reading Bug Bounty Hunter Ran ISP Doxing Service
KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. Continue reading Busting SIM Swappers and SIM Swap Myths
Twilio is hosting its Signal developer conference in San Francisco this week. Yesterday was all about bots and taking payments over the phone; today is all about IoT. The company is launching two new (but related) products today that will make it easier for IoT developers to connect their devices. The first is the Global […] Continue reading Twilio launches a new SIM card and narrowband dev kit for IoT developers
Jared Goetz’s credit card was fraudulently charged, his phone cut-off, and his email account hacked. But in an extraordinary phone call, Goetz managed to talk the hacker down, and get his digital life back. Continue reading ‘I Could Ruin Your Business Right Now’: Listen to a SIM-Jacking, Account-Stealing Ransom
A California task force caught another big name in the criminal underground world of SIM hijackers. Continue reading Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency
No one is really sure who to believe after Businessweek’s bombshell story on an alleged Chinese supply chain attack against Apple, Amazon, and others. Continue reading The Cybersecurity World Is Debating WTF Is Going on With Bloomberg’s Chinese Microchip Stories
But a history of privacy scandals makes them the worst candidates for the job. Continue reading Wireless Carriers Now Want to Be the Keepers of Your Website Login Data
Project Verify from Verizon, AT&T, Sprint and T-Mobile aims to replace your password. Continue reading Major US mobile carriers want to be your password
The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf. Continue reading U.S. Mobile Giants Want to be Your Online Identity
Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. On Tuesday, the Facebook-owned social network said it is in the process of rolling out support for third-party authentication apps. Unfo… Continue reading Instagram’s New Security Tools are a Welcome Step, But Not Enough