Martijn Lammerts
My own digital place with a little of everything

Me on the Equifax Breach

8 November 2017
Testimony and Statement for the Record of Bruce Schneier Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet and Society at Harvard Law School Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerce" Before the Subcommittee on Digital Commerce and Consumer Protection Committee on Energy and Commerce United...
Continue reading...

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

7 November 2017
There's a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company's or realty agent's email account, track upcoming home purchases scheduled for settlements -- the pricier the better -- then assume...
Continue reading...

Daphne Caruana Galizia’s Murder and the Security of WhatsApp

6 November 2017
Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were. One journalist reports: Part of...
Continue reading...

Friday Squid Blogging: Squid Product Recall

3 November 2017
Lidl is recalling two of its packaged squid products because of the presence of struvite salt crystals. The danger is unclear. The article says that struvite crystals "may be mistaken as glass fragments," which isn't actually dangerous. It also says: "As these salt crystals may cause injury, the product should not be consumed." Maybe it's the intestinal tract that mistakes...
Continue reading...

Fraud Detection in Pokémon Go

3 November 2017
I play Pokémon Go. (There, I've admitted it.) One of the interesting aspects of the game I've been watching is how the game's publisher, Niantec, deals with cheaters. There are three basic types of cheating in Pokémon Go. The first is botting, where a computer plays the game instead of a person. The second is spoofing, which is faking GPS...
Continue reading...

Attack on Old ANSI Random Number Generator

31 October 2017
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here's the research paper, the website -- complete with cute logo -- for the attack, and Matthew Green's excellent blog post on the research....
Continue reading...

Attack on Old ANSI Random Number Generator

31 October 2017
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here's the research paper, the website -- complete with cute logo -- for the attack, and Matthew Green's excellent blog post on the research....
Continue reading...