Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2021/01/26 12:15 p.m.52 views

Massive Brazilian Data Breach

I think this is the largest data breach of all time: 220 million people. Lots more stories are in Portuguese...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/13 9:2 p.m.52 views

Friday Squid Blogging: New Report on Squid Markets

This report costs $2,000. Please don't buy it for me. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/22 10:19 p.m.52 views

Friday Squid Blogging: T-Shirt

"Squid Pro Quo" T-shirt. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/13 12:16 p.m.52 views

NTSB Investigation of Fatal Driverless Car Accident

Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/11 11:17 a.m.52 views

Workshop on the Economics of Information Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/07 10:0 p.m.52 views

Friday Squid Blogging: Problems with the Squid Emoji

The Monterey Bay Aquarium has some problems with the squid emoji. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/12 12:17 p.m.52 views

Hiding Secret Messages in Fingerprints

This is a fun steganographic application: hiding a message in a fingerprint image. Can't see any real use for it, but that's okay...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/05 9:19 p.m.52 views

Friday Squid Blogging: Watch Squid Change Colors

This is an amazing short video of a squid -- I don't know the species -- changing its color instantly. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/04 4:30 p.m.52 views

Chinese Supply Chain Hardware Attack

Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China. I've written about alternate link this threat more generally. Supply-chain security is an insurmountably hard problem. Our IT industry is inexorably international, and...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/07 2:32 p.m.52 views

Ray Ozzie's Encryption Backdoor

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It's a weird article. It paints Ozzie's proposal as something that "attains the impossible" and "satisfies both law enforcement and privacy purists," when 1 it's bare...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/31 8:37 p.m.52 views

Israeli Scientists Accidentally Reveal Classified Information

According to this story non-paywall English version here, Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/05 10:42 p.m.52 views

Friday Squid Blogging: How the Optic Lobe Controls Squid Camouflage

Experiments on the oval squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/04 12:28 p.m.52 views

Spectre and Meltdown Attacks

After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute cod...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/07 12:37 p.m.52 views

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

There's a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company's or realty agent's email account, track upcoming...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/25 1:23 p.m.52 views

GPS Spoofing Attacks

Wired has a story about a possible GPS spoofing attack by Russia: After trawling through AIS data from recent years, evidence of spoofing becomes clear. Goward says GPS data has placed ships at three different airports and there have been other interesting anomalies. "We would find very large oil...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/30 6:22 p.m.52 views

A Framework for Cyber Security Insurance

New paper: "Policy measures and cyber insurance: a framework," by Daniel Woods and Andrew Simpson, Journal of Cyber Policy, 2017. Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/24 11:30 a.m.52 views

Massive Government Data Leak in Sweden

Seems to be incompetence rather than malice, but a good example of the dangers of blindly trusting the cloud...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/07 11:20 a.m.52 views

DNI Wants Research into Secure Multiparty Computation

The Intelligence Advanced Research Projects Activity IARPA is soliciting proposals for research projects in secure multiparty computation: Specifically of interest is computing on data belonging to different -- potentially mutually distrusting -- parties, which are unwilling or unable e.g., due t...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/03 3:27 p.m.51 views

New Open SSH Vulnerability

Its a serious one: The vulnerability, which is a signal handler race condition in OpenSSHs server sshd, allows unauthenticated remote code execution RCE as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. ...

8.1CVSS8.7AI score0.99506EPSS
Exploits68
Schneier on Security
Schneier on Security
added 2023/12/08 12:5 p.m.51 views

New Bluetooth Attack

New attack breaks forward secrecy in Bluetooth. Three news articles: BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions forward and future secrecy, compromising the confidentiality of past and future communications between devices. This is achieved by exploitin...

3.2CVSS7AI score0.01297EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2021/07/06 2:27 p.m.51 views

Vulnerability in the Kaspersky Password Manager

A vulnerability just patched in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/18 9:6 p.m.51 views

Friday Squid Blogging: Video of Giant Squid Hunting Prey

Fantastic video of a giant squid hunting at depths between 1,827 and 3,117 feet. This is a follow-on from this post. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/30 9:14 p.m.51 views

Friday Squid Blogging: On Squid Coloration

Nice excerpt from Martin Wallins book Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/15 11:13 a.m.51 views

DNI’s Annual Threat Assessment

The office of the Director of National Intelligence released its "Annual Threat Assessment of the U.S. Intelligence Community." Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States increasing use of cyber...

Exploits0
Schneier on Security
Schneier on Security
added 2020/06/05 9:19 p.m.51 views

Friday Squid Blogging: Shark vs. Squid

National Geographic has a photo of a 7-foot long shark that fought a giant squid and lived to tell the tale. Or, at least, lived to show off the suction marks on his skin. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blo...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/14 7:3 p.m.51 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/04 12:6 p.m.51 views

Homemade TEMPEST Receiver

Tom's Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing. Elliott, a researcher at Boston-based...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/03 9:15 p.m.51 views

Friday Squid Blogging: Squid Skin "Inspires" New Thermal Sheeting

Researchers are making space blankets using technology based on squid skin. Honestly, it's hard to tell how much squid is actually involved in this invention. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/11 11:24 a.m.51 views

TajMahal Spyware

Kaspersky has released details about a sophisticated nation-state spyware it calls TajMahal: The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept document...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/19 12:36 p.m.51 views

Estonia's Volunteer Cyber Militia

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia. Padar's militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian border, and in the capital,...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/09 7:32 p.m.51 views

Access Now Is Looking for a Chief Security Officer

The international digital human rights organization Access Now I am on the board is looking to hire a Chief Security Officer. I believe that, somewhere, there is a highly qualified security person who has had enough of corporate life and wants instead to make a difference in the world. If that's...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/09 11:17 a.m.51 views

Detecting Phishing Sites with Machine Learning

Really interesting article: A trained eye or even a not-so-trained one can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io, that allow humans to specifically search through the massive pile of certificate log entries for sites...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/12 9:3 p.m.51 views

Friday Squid Blogging: Antifungal Squid-Egg Coating

The Hawaiian bobtail squid coats its eggs with antifungal bacteria. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/19 11:51 a.m.51 views

Lifting a Fingerprint from a Photo

Police in the UK were able to read a fingerprint from a photo of a hand: Staff from the unit's specialist imaging team were able to enhance a picture of a hand holding a number of tablets, which was taken from a mobile phone, before fingerprint experts were able to positively identify that the ha...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/09 12:24 p.m.51 views

OURSA Conference

Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It's in San Francisco, and it's during RSA, so you can attend both...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/08 12:29 p.m.51 views

History of the US Army Security Agency

Interesting history.pdf of the US Army Security Agency in the early years of Cold War Germany...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/16 3:17 p.m.51 views

New National Academies Report on Crypto Policy

The National Academies has just published "Decrypting the Encryption Debate: A Framework for Decision Makers." It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/22 11:40 a.m.51 views

Insider Attack on Lottery Software

Eddie Tipton, a programmer for the Multi-State Lottery Association, secretly installed software that allowed him to predict jackpots. What's surprising to me is how many lotteries don't use real random number generators. What happened to picking golf balls out of wind-blown steel cages on...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/04 11:22 a.m.51 views

Penetrating a Casino's Network through an Internet-Connected Fish Tank

Attackers used a vulnerability in an Internet-connected fish tank to successfully penetrate a casino's network. BoingBoing post...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/19 3:35 p.m.51 views

Password Masking

Slashdot asks if password masking -- replacing password characters with asterisks as you type them -- is on the way out. I don't know if that's true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/06 11:44 a.m.50 views

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Fascinating research: "Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution." Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/09 9:8 p.m.50 views

Friday Squid Blogging: Jurassic Squid and Prey

A 180-million-year-old Vampire squid ancestor was fossilized along with its prey. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/11 12:15 p.m.50 views

Fast Random Bit Generation

Science has a paper and commentary on generating 250 random terabits per second with a laser. I dont know how cryptographically secure they are, but that can be cleaned up with something like Fortuna. EDITED TO ADD 3/12: Here are free versions of the paper and the commentary...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/15 12:14 p.m.50 views

On Vulnerability-Adjacent Vulnerabilities

At the virtual Enigma Conference, Googles Project Zeros Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they...

Exploits0
Schneier on Security
Schneier on Security
added 2020/05/07 2:56 p.m.50 views

iOS XML Bug

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS and MacOS...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/30 11:18 a.m.50 views

Attacking the Intel Secure Enclave

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/07 3:48 p.m.50 views

Brazilian Cell Phone Hack

I know there's a lot of politics associated with this story, but concentrate on the cybersecurity aspect for a moment. The cell phones of a thousand Brazilians, including senior government officials, were hacked -- seemingly by actors much less sophisticated than rival governments. Brazil's...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/20 11:3 a.m.50 views

An Argument that Cybersecurity Is Basically Okay

Andrew Odlyzko's new essay is worth reading -- "Cybersecurity is not very important": Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/19 10:19 a.m.50 views

Pegasus Spyware Used in 45 Countries

Citizen Lab has published a new report about the Pegasus spyware. From a ZDNet article: The malware, known as Pegasus or Trident, was created by Israeli cyber-security firm NSO Group and has been around for at least three years -- when it was first detailed in a report over the summer of 2016. Th...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/06 2:16 p.m.50 views

The NSA's Domestic Surveillance Centers

The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents...

3.4AI score
Exploits0
Total number of security vulnerabilities2981