Welcome to Dead Drop number 12, a look at what's happening in the worlds of computer security, privacy, and internet freedom. All source links mentioned are below.

- Youtube link
- mirror
- Torrent
- Keybase mirror


Starting off with a new remotely exploitable 0-day for the NETGEAR WNR2000 router. Researcher Pedro Ribeiro found that a remote admin feature commonly used for local area networks can also be exploited through the internet, due to a process which allows unauthenticated users access.

And in response to this and other NETGEAR related vulnerabilities, the company has now started a bug bounty program, offering up to $15k for disclosing bugs and exploits.

In other news, if you recently downloaded Super Mario Run for Android, then you probably downloaded malware, since at the time of this video, the official app is only available on iOS, and not on the Google Play Store, or other third party stores.


Dubai's police force recently began using a crime prediction AI, which takes various dispirate pieces of information and analyzes the likelihood of crimes occuring. The idea is then to send police into specific areas as a deterrence, before any actual crimes happen. Sounds like a way to quell protests before they even start.


Cory Doctorow wrote a brief review of the upcoming book, The Hardware Hacker, by Bunnie Huang. It deals with hardware hacking, reverse engineering, chinese manufacturing and more, and needless to say, looks very good. It's due to be released later this month.


Artist and researcher Adam Harvey is developing HyperFace, a new project which aims to help ordinary people against mass surveillance, and specifically mess up facial recognition systems. It does this by creating a sort of camo-design, which to machines, looks like many faces, sending them into overdrive.

In other surveillance news, authorities in Singapore will now begin collecting iris scans from citizens whenever they apply for, or renew certain services like passports. This is also in addition to photos and fingerprints that are currently used on these documents. What could possibly go wrong?


Talking of fingerprints of a different kind, Mozilla have scheduled an update for the upcoming Firefox 52 release which will prevent websites from fingerprinting users using system fonts, a feature which is already active in the Tor browser. It's due in March this year.

And speaking of the Tor browser, researchers have shown a way to de-anonymize users, by using ultrasound. Javascript embedded on pages or in ads can emit sounds outside human hearing range, which can then be picked up by other devices within microphone distance, sending personally identifiable information back. The attack is fairly convoluted, but it's something to be aware of.


Absolutely tonnes of new videos this week. Seems like all the hacker-cons uploaded at the same time.

First we have all the latest talks from the Chaos Computer Congress 33 in Germany. As always, an eclectic mix covering many facets of hacker culture.

2600 also created a new playlist for the latest HOPE conference too. This one alone contains over 100 new videos.

And finally we have a bunch of new videos from DEFCON 24's Social Engineering Village, covering a variety of issues related to the human side of hacking, and security.

Alright, that's it for this week, if you find any interesting links let me know, and thanks for watching.