TaoSecurity Blog

I read  Top U.S. spy skeptical about U.S.-China cyber agreement based on today's Senate Armed Services Committee hearing titled  United States Cybersecurity Policy and Threats . It contained this statement: U.S. officials have linked the OPM breach to China, but have not said whether they believe its government was responsible. [Director of National Intelligence] Clapper said no definite statement had been made about the origin of the OPM hack since officials were not fully confident about the three types of evidence that were needed to link an attack to a given country: the geographic point of origin, the identity of the "actual perpetrator doing the keystrokes," and who was responsible for directing the act. I thought this was interesting for several reasons. First, does DNI Clapper mean that the US government has not made an official statement regarding attribution for China and OPM because all "three types of evidence" are missing, or do we have one

Last month I spoke at a telecommunications industry event. The briefer before me showed a video by the Hypervoice Consortium , titled  Introducing Human Technology: Communications 2025 . It consists of a voiceover by a 2025-era Siri-like assistant, speaking to her owner, "Karen." The assistant describes what's happening with Karen's household. 15 seconds into the video, the assistant says: The report is due today. I've cleared your schedule so you can focus. Any attempt to override me will be politely rebuffed. I was already feeling uncomfortable with the scenario, but that is the point at which I really started to squirm. I'll leave it to you to watch the rest of the video and report how you feel about it. My general conclusion was that I'm wary of putting so much trust in a platform that is likely to be targeted by intruders, such that they can manipulate so many aspects of a person's life. What do you think? By the way, the briefer before m

I read the following in the Guardian story  Hackers can trick self-driving cars into taking evasive action . Hackers can easily trick self-driving cars into thinking that another car, a wall or a person is in front of them, potentially paralysing it or forcing it to take evasive action. Automated cars use laser ranging systems, known as lidar, to image the world around them and allow their computer systems to identify and track objects. But a tool similar to a laser pointer and costing less than $60 can be used to confuse lidar... The following appeared in the IEEE Spectrum story Researcher Hacks Self-driving Car Sensors . Using such a system, attackers could trick a self-driving car into thinking something is directly ahead of it, thus forcing it to slow down. Or they could overwhelm it with so many spurious signals that the car would not move at all for fear of hitting phantom obstacles... Petit acknowledges that his attacks are currently limited to one specific unit but