Lucene search
K
SchneierMost viewed

2984 matches found

Schneier on Security
Schneier on Security
added 2021/06/04 11:5 a.m.43 views

Security and Human Behavior (SHB) 2021

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but were all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/28 11:20 a.m.43 views

The Misaligned Incentives for Cloud Security

Russias Sunburst cyberespionage campaign, discovered late last year, impacted more than 100 large companies and US federal agencies, including the Treasury, Energy, Justice, and Homeland Security departments. A crucial part of the Russians success was their ability to move through these...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/27 11:57 a.m.43 views

Security Vulnerabilities in Cellebrite

Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages and a whole lot of connecting cables. According to Moxie, the software is...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/18 11:17 a.m.43 views

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, were sharing proof-of-concept PoC code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/12 10:10 p.m.43 views

Friday Squid Blogging: On SQUIDS

A good tutorial: But we can go beyond the polarization of electrons and really leverage the electron waviness. By interleaving thin layers of superconducting and normal materials, we can make the quantum electronic equivalents of transistors and diodes such as Superconducting Tunnel Junctions SJT...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/01 12:12 p.m.43 views

National Security Risks of Late-Stage Capitalism

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/18 8:14 p.m.43 views

WEIS 2021 Call for Papers

The 20th Annual Workshop on the Economics of Information Security WEIS 2021 will be held online in June. We just published the call for papers...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/15 7:11 p.m.43 views

Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermo...

Exploits0
Schneier on Security
Schneier on Security
added 2020/06/24 5:32 p.m.43 views

COVID-19 Risks of Flying

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled. This is all a prelude to saying that I have be...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/29 9:7 p.m.43 views

Friday Squid Blogging: Humboldt Squid Communication

Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/09 11:45 a.m.43 views

Microsoft Buys Corp.com

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as "namespace collision," a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains th...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/31 7:36 p.m.43 views

NSA Security Awareness Posters

From a FOIA request, over a hundred old NSA security awareness posters. Here are the BBC's favorites. Here are Motherboard's favorites. I have a related personal story. Back in 1993, during the first Crypto Wars, I and a handful of other academic cryptographers visited the NSA for some meeting or...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/24 11:21 a.m.43 views

Mapping Security and Privacy Research across the Decades

This is really interesting: "A Data-Driven Reflection on 36 Years of Security and Privacy Research," by Aniqua Baset and Tamara Denning: Abstract: Meta-research---research about research---allows us, as a community, to examine trends in our research and make informed decisions regarding the cours...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/06 11:20 a.m.43 views

Phone Pharming for Ad Fraud

Interesting article on people using banks of smartphones to commit ad fraud for profit. No one knows how prevalent ad fraud is on the Internet. I believe it is surprisingly high -- here's an article that places losses between $6.5 and $19 billion annually -- and something companies like Google an...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/05 2:14 p.m.43 views

Regulating International Trade in Commercial Spyware

Siena Anstis, Ronald J. Deibert, and John Scott-Railton of Citizen Lab published an editorial calling for regulating the international trade in commercial surveillance systems until we can figure out how to curb human rights abuses. Any regime of rigorous human rights safeguards that would make a...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/14 11:11 a.m.43 views

Cryptanalysis of SIMON-32/64

A weird paper was posted on the Cryptology ePrint Archive working link is via the Wayback Machine, claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/17 11:6 p.m.43 views

Friday Squid Blogging: Firefly Squid Museum

The Hotaruika Museum is a museum devoted to firefly squid in Toyama, Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/24 11:29 a.m.43 views

Nicholas Weaver on Cryptocurrencies

This is well-worth reading non-paywalled version. Here's the opening: Cryptocurrencies, although a seemingly interesting idea, are simply not fit for purpose. They do not work as currencies, they are grossly inefficient, and they are not meaningfully distributed in terms of trust. Risks involving...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/04 11:33 a.m.43 views

E-Mail Vulnerabilities and Disclosure

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/21 2:54 p.m.43 views

Japan's Directorate for Signals Intelligence

The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/10 2:11 p.m.43 views

Supply-Chain Security

Earlier this month, the Pentagon stopped selling phones made by the Chinese companies ZTE and Huawei on military bases because they might be used to spy on their users. It's a legitimate fear, and perhaps a prudent action. But it's just one instance of the much larger issue of securing our supply...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/23 11:28 a.m.43 views

GreyKey iPhone Unlocker

Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/05 5:13 p.m.43 views

Intimate Partner Threat

Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/27 11:58 a.m.43 views

Cellebrite Unlocks iPhones for the US Government

Forbes reports that the Israeli company Cellebrite can probably unlock all iPhone models: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/25 12:47 p.m.43 views

WhatsApp Vulnerability

A new vulnerability in WhatsApp has been discovered: ...the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/08 12:34 p.m.43 views

Tourist Scams

A comprehensive list. Most are old and obvious, but there are some clever variants...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/02 10:1 a.m.43 views

Heart Size: Yet Another Biometric

Turns out that heart size doesn't change throughout your adult life, and you can use low-level Doppler radar to scan the size -- even at a distance -- as a biometric. Research paper to be available soon...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/26 10:9 a.m.43 views

The Science of Interrogation

Fascinating article about two psychologists who are studying interrogation techniques. Now, two British researchers are quietly revolutionising the study and practice of interrogation. Earlier this year, in a meeting room at the University of Liverpool, I watched a video of the Diola interview...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/11 7:54 p.m.43 views

More on Kaspersky and the Stolen NSA Attack Tools

Both the New York Times and the Washington Post are reporting that Israel has penetrated Kaspersky's network and detected the Russian operation. From the New York Times: Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russia...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/18 11:58 a.m.43 views

Bluetooth Vulnerabilities

A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensiv...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/05 5:48 p.m.43 views

Dubai Deploying Autonomous Robotic Police Cars

It's hard to tell how much of this story is real and how much is aspirational, but it really is only a matter of time: About the size of a child's electric toy car, the driverless vehicles will patrol different areas of the city to boost security and hunt for unusual activity, all the while...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/30 11:5 a.m.43 views

Good Article About Google's Project Zero

Fortune magazine just published a good article about Google's Project Zero, which finds and publishes exploits in other companies' software products. I have mixed feeling about it. The project does great work, and the Internet has benefited enormously from these efforts. But as long as it is...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/13 11:16 a.m.42 views

Using AI to Scale Spear Phishing

The problem with spear phishing is that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAIs GPT-3 platform in conjunction with other AI-as-a-service products focused on personali...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/11 11:32 a.m.42 views

FBI/AFP-Run Encrypted Phone

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything -- I dont even know if this qualifies as a...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/11 2:53 p.m.42 views

AI Security Risk Assessment Tool

Microsoft researchers just released an open-source automation tool for security testing AI systems: "Counterfit." Details on their blog...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/07 9:13 p.m.42 views

Friday Squid Blogging: COVID Relief Funds

A town in Japan built a giant squid statue with its COVID relief grant. One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for "urgent support," such as for medical staff and long-term care facilities. But a...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/16 11:36 a.m.42 views

On the Insecurity of ES&S Voting Machines’ Hash Code

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&Ss software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the "reference hashcode" is completely missing, then itll say "yes, boss, everything is fine" instead of reporting an error...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/14 6:16 p.m.42 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Australian Cyber Conference 2021 on March 17 and 18, 2021. I’m keynoting the all-virtual RSA Conference 2021, May 17-20, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. The lis...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/12 12:8 p.m.42 views

Attack against Florida Water Treatment Facility

A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide -- thats lye -- by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadnt noticed the...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/15 12:36 p.m.42 views

Cell Phone Location Privacy

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” PGPP protects both user identity and user location using the existing cellular networks. ...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/14 5:42 p.m.42 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking online as part of Western Washington Universitys Internet Studies Lecture Series on January 20, 2021. Im speaking online at ITU Denmark on February 2, 2021. Details to come. Im being interviewed by Keith Cronin as part ...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/14 12:7 p.m.42 views

DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers a minimum of three and up to seven from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper,...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/05 12:10 p.m.42 views

Tree Code

Artist Katie Holten has developed a tree code basically, a font in trees, and New York City is using it to plant secret messages in parks...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/09 11:56 a.m.42 views

Failure Modes in Machine Learning

Interesting taxonomy of machine-learning failures pdf that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for threat modeling...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/09 11:34 a.m.42 views

Illegal Data Center Hidden in Former NATO Bunker

Interesting: German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. ... Thirteen people aged 20 to 59 are under investigation in all, including thr...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/10 10:44 a.m.42 views

How the Anonymous Artist Banksy Authenticates His or Her Work

Interesting scheme: It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom. Exactly the sort of things that can be easily copied by someone on a mission to create the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/09 11:54 a.m.42 views

Hey Secret Service: Don't Plug Suspect USB Sticks into Random Computers

I just noticed this bit from the incredibly weird story of the Chinese woman arrested at Mar-a-Lago: Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhang's thumb drive into his computer, it...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/21 10:52 a.m.42 views

First Look Media Shutting Down Access to Snowden NSA Archives

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. I...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/15 12:24 p.m.42 views

Chip Cards Fail to Reduce Credit Card Fraud in the US

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold. One, the US uses chip-and-signature instead of chip-and-PIN, obviating the...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/22 10:51 a.m.42 views

Good Primer on Two-Factor Authentication Security

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it's often an important security measure, it's not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system...

1.4AI score
Exploits0
Total number of security vulnerabilities2984