Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2018/06/14 11:28 a.m.50 views

Thomas Dullien on Complexity and Security

For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/05 8:22 p.m.50 views

Replacing Social Security Numbers

In the wake of the Equifax break, I've heard calls to replace Social Security numbers. Steve Bellovin explains why this is hard...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/18 11:40 a.m.50 views

Unfixable Automobile Computer Security Vulnerability

There is an unpatchable vulnerability that affects most modern cars. It's buried in the Controller Area Network CAN: Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/14 11:3 a.m.50 views

Bank Robbery Tactic

This video purports to be a bank robbery in Kiev. He first threatens a teller, who basically ignores him because she's behind bullet-proof glass. But then the robber threatens one of her co-workers, who is on his side of the glass. Interesting example of a security system failing for an unexpecte...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/18 11:38 a.m.50 views

Many of My E-Books for Cheap

Humble Bundle is selling a bunch of cybersecurity books very cheaply. You can get copies of Applied Cryptography, Secrets and Lies, and Cryptography Engineering -- and also Ross Anderson's Security Engineering, Adam Shostack's Threat Modeling, and many others. This is the cheapest you'll ever see...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/30 9:13 p.m.49 views

Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial

Often it feels like squid just evolved better than us mammals. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/02 9:10 p.m.49 views

Friday Squid Blogging: 500-Million-Year-Old Cephalopod

The oldest known cephalopod -- the ancestor of all modern octopuses, squid, cuttlefish and nautiluses -- is 500 million years old. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/23 12:18 p.m.49 views

Dependency Confusion: Another Supply-Chain Vulnerability

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article: Today, developers at small or large companies use package managers to download and import libraries that are...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/21 11:54 a.m.49 views

Policy vs Technology

Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. He didn'...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/14 10:11 p.m.49 views

Friday Squid Blogging: Squids Are as Intelligent as Dogs

More news based on the squid brain MRI scan: the complexity of their brains are comparable to dogs. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/29 12:20 p.m.49 views

Customer Tracking at Ralphs Grocery Store

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here's an article about Ralphs, a California supermarket chain owned by Kroger: ...the form proceeds to state...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/22 10:56 a.m.49 views

Calculating the Benefits of the Advanced Encryption Standard

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey...

Exploits0
Schneier on Security
Schneier on Security
added 2019/10/17 11:8 a.m.49 views

Using Machine Learning to Detect IP Hijacking

This is interesting research: In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/15 3:38 p.m.49 views

Cracking the Passwords of Early Internet Pioneers

Lots of them weren't very good: BSD co-inventor Dennis Ritchie, for instance, used "dmac" his middle name was MacAlistair; Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/10 11:23 a.m.49 views

On Cybersecurity Insurance

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/27 11:37 a.m.49 views

Programmers Who Don't Understand Security Are Poor at Security

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/27 12:22 p.m.49 views

"Insider Threat" Detection Software

Notice this bit from an article on the arrest of Christopher Hasson: It was only after Hasson's arrest last Friday at his workplace that the chilling plans prosecutors assert he was crafting became apparent, detected by an internal Coast Guard program that watches for any "insider threat." The...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/11 11:33 a.m.49 views

The Digital Security Exchange Is Live

Last year I wrote about the Digital Security Exchange. The project is live: The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/07 11:5 a.m.49 views

Research on What Motivates ISIS -- and Other -- Fighters

Interesting research from Nature Human Behaviour: "The devoted actor's will to fight and the spiritual dimension of human conflict": Abstract: Frontline investigations with fighters against the Islamic State ISIL or ISIS, combined with multiple online studies, address willingness to fight and die...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/28 11:3 a.m.48 views

De-anonymization Story

This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops USCCB, effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work,...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/25 1:53 p.m.48 views

AI-Piloted Fighter Jets

News from Georgetowns Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report, the system had shot down...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/21 9:2 p.m.48 views

Friday Squid Blogging: Picking up Squid on the Beach

Make sure theyre dead. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/12 12:3 p.m.48 views

Metadata Left in Security Agency PDFs

Really interesting research: "Exploitation and Sanitization of Hidden Data in PDF Files" Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like author...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/15 10:3 p.m.48 views

Friday Squid Blogging: China Launches Six New Squid Jigging Vessels

From Pingtan Marine Enterprise: The 6 large-scale squid jigging vessels are normally operating vessels that returned to China earlier this year from the waters of Southwest Atlantic Ocean for maintenance and repair. These vessels left the port of Mawei on December 17, 2020 and are sailing to the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/25 10:19 p.m.48 views

Friday Squid Blogging: Small Giant Squid Washes Ashore in Japan

A ten-foot giant squid has washed ashore on the Western coast of Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/25 12:13 p.m.48 views

Glitter Bomb against Package Thieves

Stealing packages from unattended porches is a rapidly rising crime, as more of us order more things by mail. One person hid a glitter bomb and a video recorder in a package, posting the results when thieves opened the box. At least, that's what might have happened. At least some of the video was...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/14 2:3 p.m.48 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018. I'm appearing on IBM Resilient's End of Year Review webinar on "The Top Cyber Security Trends in 2018 and Predictions for the Year Ahead," December 6, 2018 at...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/09 7:52 p.m.48 views

The Pentagon Is Publishing Foreign Nation-State Malware

This is a new thing: The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain a better understanding of the threat...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/28 9:11 p.m.48 views

Friday Squid Blogging: Squid Protein Used in Variable Thermal Conductivity Material

This is really neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/19 11:17 a.m.48 views

Suing South Carolina Because Its Election Machines Are Insecure

A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote. Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/19 10:24 p.m.48 views

On the Security of Walls

Interesting history of the security of walls: Dún Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles, 17th century star-shaped artillery fortifications, and even "defense in depth" security architecture promoted today by the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/18 1:12 p.m.48 views

Student Cracks Inca Knot Code

Interesting...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/16 12:53 p.m.48 views

Motherboard Digital Security Guide

This digital security guide by Motherboard is very good. I put alongside EFF's "Surveillance Self-Defense" and John Scott-Railton's "Digital Security Low Hanging Fruit." There's also "Digital Security and Privacy for Human Rights Defenders." There are too many of these...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/14 12:8 p.m.48 views

Long Article on NSA and the Shadow Brokers

The New York Times just published a long article on the Shadow Brokers and their effects on NSA operations. Summary: it's been an operational disaster, the NSA still doesn't know who did it or how, and NSA morale has suffered considerably. This is me on the Shadow Brokers from last May...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/31 5:19 p.m.48 views

Robot Safecracking

Robots can crack safes faster than humans -- and differently: So Seidle started looking for shortcuts. First he found that, like many safes, his SentrySafe had some tolerance for error. If the combination includes a 12, for instance, 11 or 13 would work, too. That simple convenience measure meant...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/12 11:32 a.m.48 views

More on the NSA's Use of Traffic Shaping

"Traffic shaping" -- the practice of tricking data to flow through a particular route on the Internet so it can be more easily surveiled -- is an NSA technique that has gotten much less attention than it deserves. It's a powerful technique that allows an eavesdropper to get access to communicatio...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/09 9:3 p.m.47 views

Friday Squid Blogging: Squid-Related Game

Its called "Squid Fishering." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/08 8:19 p.m.47 views

APT Horoscope

This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten also known as APT 35 or OilRig is a skilled navigator of vast online networks, maneuvering...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/20 10:13 p.m.47 views

Friday Squid Blogging: Ram’s Horn Squid Video

This is the first video footage of a rams horn squid Spirula spirula . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/19 9:15 p.m.47 views

Friday Squid Blogging: Giant Squid Washes Up on South African Beach

Fourteen feet long and 450 pounds. It was dead before it washed up. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/24 9:15 p.m.47 views

Friday Squid Blogging: Humboldt Squid Backlight Themselves to Communicate More Clearly

This is neat: Deep in the Pacific Ocean, six-foot-long Humboldt squid are known for being aggressive, cannibalistic and, according to new research, good communicators. Known as "red devils," the squid can rapidly change the color of their skin, making different patterns to communicate, something...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/18 11:34 a.m.47 views

Attacker Causes Epileptic Seizure over the Internet

This isn't a first, but I think it will be the first conviction: The GIF set off a highly unusual court battle that is expected to equip those in similar circumstances with a new tool for battling threatening trolls and cyberbullies. On Monday, the man who sent Eichenwald the moving image, John...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/12 12:11 p.m.47 views

Scaring People into Supporting Backdoors

Back in 1998, Tim May warned us of the "Four Horsemen of the Infocalypse": "terrorists, pedophiles, drug dealers, and money launderers." I tended to cast it slightly differently. This is me from 2005: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, an...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/18 12:33 p.m.47 views

Security Vulnerabilities in Android Firmware

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and ...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/14 7:17 p.m.47 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking on "Securing a World of Physically Capable Computers" at the Indian Institute of Science in Bangalore, India on December 12, 2019. The list is maintained on this page...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/30 11:36 a.m.47 views

Supply-Chain Security and Trust

The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem ­ which is...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/28 11:14 a.m.47 views

The Myth of Consumer-Grade Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/20 11:45 a.m.47 views

Surveillance as a Condition for Humanitarian Aid

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing fo...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/04 11:18 a.m.47 views

Adversarial Machine Learning against Tesla's Autopilot

Researchers have been able to fool Tesla's autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road. Abstract: Keen Security Lab has maintained the security research work on Tesla vehicle and shared our research...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/09 1:5 p.m.47 views

EU Offering Bug Bounties on Critical Open-Source Software

The EU is offering "bug bounties on Free Software projects that the EU institutions rely on." Slashdot thread...

2.4AI score
Exploits0
Total number of security vulnerabilities2981