Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2021/04/26 11:6 a.m.55 views

When AIs Start Hacking

If you dont have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activit...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/22 12:17 p.m.55 views

GPS Vulnerabilities

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming -- and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/01 11:22 a.m.55 views

Me on COVID-19 Contact Tracing Apps

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mea...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/20 9:18 p.m.55 views

Friday Squid Blogging: Squid Orders Down in Italy

COVID-19 is depressing the demand for squid in Italy. The article is a week old, and already seems almost comically quaint. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/08 4:11 p.m.55 views

Supply-Chain Attack against the Electron Development Platform

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference o...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/21 4:12 p.m.54 views

Backdoor Found in Codecov Bash Uploader

Developers have discovered a backdoor in the Codecov bash uploader. Its been there for four months. We dont know who put it there. Codecov said the breach allowed the attackers to export information stored in its users continuous integration CI environments. This information was then sent to a...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/19 12:0 p.m.54 views

Router Security

This report is six months old, and I dont know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very o...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/06 1:1 a.m.54 views

Schneier.com is Moving

I'm switching my website software from Movable Type to Wordpress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/05 10:58 a.m.54 views

The Doghouse: Crown Sterling

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil." I dropped it both because it stopped being fun and because almost everyone converged on...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/12 11:25 a.m.54 views

New Version of Flame Malware Discovered

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. It has recently been linked to more modern malware through new analysis tools that find linkages between different software. Seems that Flame did not disappear after it was discovered, as was previously though...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/07 12:25 p.m.54 views

Letterlocking

Really good article on the now-lost art of letterlocking...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/14 10:21 p.m.54 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference MCSC on February 14, 2019. The list is maintained on this page...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/16 4:43 p.m.54 views

Speculation Attack Against Intel's SGX

Another speculative-execution attack against Intel's SGX. At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/01 7:7 p.m.54 views

GCHQ on Quantum Key Distribution

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services such as verifying identities and data integrity, establishing network sessions, providing access contro...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/30 11:11 a.m.54 views

Unlocking iPhones with Dead People's Fingerprints

It's routine for US police to unlock iPhones with the fingerprints of dead people. It seems only to work with recently dead people...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/28 12:30 p.m.54 views

The "Extended Random" Feature in the BSAFE Crypto Library

Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUALECPRNG random number generator to weaken TLS...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/24 10:31 p.m.54 views

Friday Squid Blogging: Fake Squid Seized in Cambodia

Falsely labeled squid snacks were seized in Cambodia. I don't know what food product it really was. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/13 9:28 p.m.53 views

Friday Squid Blogging: A Good Year for Squid?

Improved ocean conditions are leading to optimism about this years squid catch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/02 9:6 p.m.53 views

Friday Squid Blogging: Best Squid-Related Headline

From the New York Times: "When an Eel Climbs a Ramp to Eat Squid From a Clamp, Thats a Moray." The article is about the eel; the squid is just eel food. But still…. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posti...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/08 11:6 a.m.53 views

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Googles Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by "Western government operatives actively conducting a counterterrorism operation": The exploits, which went back to early 202...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/05 11:15 a.m.53 views

Wi-Fi Devices as Physical Object Sensors

The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals. "When 802.11bf will be...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/26 1:41 p.m.53 views

Hacking Weapons Systems

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/05 10:7 p.m.53 views

Friday Squid Blogging: Vampire Squid Fossil

A 30-million-year-old vampire squid fossil was found, lost, and then re-found in Hungary. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/08 12:34 p.m.53 views

NoxPlayer Android Emulator Supply-Chain Attack

It seems to be the season of sophisticated supply-chain attacks. This one is in the NoxPlayer Android emulator: ESET says that based on evidence its researchers gathered, a threat actor compromised one of the companys official API api.bignox.com and file-hosting servers res06.bignox.com. Using th...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/01 4:9 p.m.53 views

Georgia’s Ballot-Marking Devices

Andrew Appel discusses Georgias voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked enough to change the outcome. Then this would have been detected in the audit, and in...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/03 9:30 p.m.53 views

Friday Squid Blogging: On Squid Communication

They can communicate using bioluminescent flashes: New research published this week in Proceedings of the National Academy of Sciences presents evidence for a previously unknown semantic-like ability in Humboldt squid. What's more, these squid can enhance the visibility of their skin patterns by...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/23 11:19 a.m.53 views

License Plate "NULL"

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets ar...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/21 11:46 a.m.53 views

Google Finds 20-Year-Old Microsoft Windows Vulnerability

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/19 11:14 a.m.53 views

Influence Operations Kill Chain

Influence operations are elusive to define. The Rand Corp.'s definition is as good as any: "the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent." Basically, we know it when we see it, from bots...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/02 11:16 a.m.53 views

Hacking Instagram to Get Free Meals in Exchange for Positive Reviews

This is a fascinating hack: In today's digital age, a large Instagram audience is considered a valuable currency. I had also heard through the grapevine that I could monetize a large following -- or in my desired case -- use it to have my meals paid for. So I did just that. I created an Instagram...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/20 2:2 p.m.53 views

Details on Recent DNS Hijacking

At the end of January, the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/12 1:14 p.m.53 views

Security in a World of Physically Capable Computers

It's no secret that computers are insecure. Stories like the recent Facebook hack, the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg. Th...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/24 8:37 p.m.53 views

Friday Squid Blogging: Clubhook Squid Washes Up on Oregon Beach

This seems to have happened twice in two weeks. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/16 9:10 p.m.53 views

Friday Squid Blogging: New Squid Species Discovered in Australia

A new species of pygmy squid was discovered in Western Australia. It's pretty cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/15 3:14 p.m.53 views

Election Security

Good Washington Post op-ed on the need to use voter-verifiable paper ballots to secure elections, as well as risk-limiting audits...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/08 12:33 p.m.53 views

Me on the Equifax Breach

Testimony and Statement for the Record of Bruce Schneier Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet and Society at Harvard Law School Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerc...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/10 11:19 a.m.53 views

Changes in Password Best Practices

NIST recently published its four-volume SP800-63b Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: 1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/11 11:12 a.m.53 views

A Hardware Privacy Monitor for iPhones

Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/11 11:31 a.m.53 views

Confusing Self-Driving Cars by Altering Road Signs

Researchers found that they could confuse the road sign detection algorithms of self-driving cars by adding stickers to the signs on the road. They could, for example, cause a car to think that a stop sign is a 45 mph speed limit sign. The changes are subtle, though -- look at the photo from the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/27 11:25 a.m.52 views

Hiding Malware in ML Models

Interesting research: "EvilModel: Hiding Malware Inside of Neural Network Models". Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/03 2:36 p.m.52 views

Identifying the Person Behind Bitcoin Fog

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of peoples bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years. Identifying the person behind Bitcoin Fog serve...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/16 7:13 p.m.52 views

Cybersecurity Experts to Follow on Twitter

Security Boulevard recently listed the "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021." I came in at 7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. If you are one of the 134K people who read me from Twitter, "hi."...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/28 12:2 p.m.52 views

Police Have Disrupted the Emotet Botnet

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/26 12:15 p.m.52 views

Massive Brazilian Data Breach

I think this is the largest data breach of all time: 220 million people. Lots more stories are in Portuguese...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/13 9:2 p.m.52 views

Friday Squid Blogging: New Report on Squid Markets

This report costs $2,000. Please don't buy it for me. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/22 10:19 p.m.52 views

Friday Squid Blogging: T-Shirt

"Squid Pro Quo" T-shirt. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/13 12:16 p.m.52 views

NTSB Investigation of Fatal Driverless Car Accident

Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/11 11:17 a.m.52 views

Workshop on the Economics of Information Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/07 10:0 p.m.52 views

Friday Squid Blogging: Problems with the Squid Emoji

The Monterey Bay Aquarium has some problems with the squid emoji. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/12 12:17 p.m.52 views

Hiding Secret Messages in Fingerprints

This is a fun steganographic application: hiding a message in a fingerprint image. Can't see any real use for it, but that's okay...

1.5AI score
Exploits0
Total number of security vulnerabilities2980