Kim Zetter

Kim Zetter

Reporter covering cybersecurity/privacy. Author of COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. Signal user.

48235 followers  •  2290 follow  •  Pacific Time (US & Canada)  •

@qhardy  When the other woman says “you’re safe here” it sounds like the Peloton woman is a victim of domestic violence - which is not something a liquor company should want to be reminding people of, since alcohol often fuels violence.

This story makes a number of incorrect and dangerous assertions. Such as this one: "The EAC test essentially searches for vulns in a machine, and if none can be found, certification is granted"

And this one : "the mass implementation of postelection audits where randomly selected precincts hand-count paper voting records has the potential to lessen the need for strict federal certification of voting systems altogether."

The federal testing labs aren't looking for vulns. They do a source code review, but it's a cursory review. And they don't do penetration testing. The tests are primarily meant to determine if the machines do what the vendors say they do and meet a basic standard for operability.

As for post-election audits, these can only tell you something might have gone wrong w/an election. That's not a security solution or an excuse to have lax certification testing/standards. The goal should be to prevent something from going wrong in first place.

What happens in cyber doesn't stay in cyber

This is the best/most comprehensive story I’ve seen on Uber’s sexual assaults report. “The numbers are jarring and hard to digest,” @_TonyWest_ , Uber’s chief legal officer, said. “What it says is that Uber is a reflection of the society it serves.”

Elon Musk is going to be even more insufferable now than he already was.

It's so great to have a real rainy afternoon after so many sunny days.


ASUS, one of world’s largest computer makers, installed backdoor on thousands of customer computers last yr after hackers compromised its software update tool. The file was signed w/ ASUS digital certificates to make it look like authentic software update.

Exclusive: For yrs ES&S, top voting machine maker in US, has been saying its vote tabulators and election-management systems are not connected to the internet. That appears not to be true. Researchers say they found what appear to be 35 online.

Every night, several times a night, Uber and Lyft drivers at Reagan National Airport simultaneously turn off their ride share apps for a minute or two to trick the app into thinking there are no drivers available---creating a price surge.

WhatsApp discovered in early May that attackers were using zero day exploit developed by NSO Group that installed malware on a user's iPhone or Android phone simply by calling them. Target did not have to answer phone to be infected, and calls often disappeared from call logs

Does Reality Winner deserve a more severe punishment for exposing Russian hacking operations than Russian agent Maria Butina who was an active participant in the Russian influence campaign?

For months, ES&S refused to tell me or how many of its customers had remote-access software pcAnywhere installed on their election-management systems. ES&S would only say "a small number” Today, NPR reports ES&S has finally revealed 300 jurisdictions had it installed.

Facebook tracks former employees deemed a threat by using location data collected thru Facebook's apps/websites. "Other companies keep similar lists of threats, but Facebook is unique because it can use its own products to...track the location of people"

Google workers gave $5 gift cards to get people to provide scan of their face, but didn’t say it was for developing facial recognition of dark-skinned faces

The Swiss are launching a new online voting system. They want YOU to try to hack it. They'll pay 20,000 Swiss francs if you manage to manipulate votes; 30,000-50,000 if you can manipulate votes without detection. Starts Feb 25. Rules/register: