Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2021/03/16 11:36 a.m.41 views

On the Insecurity of ES&S Voting Machines’ Hash Code

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&Ss software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the "reference hashcode" is completely missing, then itll say "yes, boss, everything is fine" instead of reporting an error...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/04 8:34 p.m.41 views

Military Cryptanalytics, Part III

The NSA has just declassified and released a redacted version of Military Cryptanalytics, Part III, by Lambros D. Callimahos, October 1977. Parts I and II, by Lambros D. Callimahos and William F. Friedman, were released decades ago -- I believe repeatedly, in increasingly unredacted form -- and...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/14 6:35 p.m.41 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the ISC² Security Congress 2020, November 16, 2020. I’ll be on a panel at the OECD Global Blockchain Policy Forum 2020 on November 17, 2020. The panel is called "Deep Dive: Digital Security and Distributed Ledger...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/25 7:39 p.m.41 views

Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging

I thought the virus doesnt survive well on food packaging: Authorities in China’s northeastern Jilin province have found the novel coronavirus on the packaging of imported squid, health authorities in the city of Fuyu said on Sunday, urging anyone who may have bought it to get themselves tested. ...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/17 9:13 p.m.41 views

Friday Squid Blogging: Squid Found on Provincetown Sandbar

Headline: "Dozens of squid found on Provincetown sandbar." Slow news day. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/08 11:13 a.m.41 views

Phishing Attacks against Trump and Biden Campaigns

Google's threat analysts have identified state-level attacks from China. I hope both campaigns are working under the assumption that everything they say and do will be dumped on the Internet before the election. That feels like the most likely outcome...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/29 11:37 a.m.41 views

Facebook Announces Messenger Security Features that Don't Compromise Privacy

Note that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provid...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/14 12:7 p.m.41 views

DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers a minimum of three and up to seven from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper,...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/05 12:10 p.m.41 views

Tree Code

Artist Katie Holten has developed a tree code basically, a font in trees, and New York City is using it to plant secret messages in parks...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/17 12:5 p.m.41 views

Iranian Attacks on Industrial Control Systems

New details: At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company's threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium,...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/16 12:0 p.m.41 views

Security Vulnerabilities in the RCS Texting Protocol

Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/11 12:19 p.m.41 views

Extracting Data from Smartphones

Privacy International has published a detailed, technical examination of how data is extracted from smartphones...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/04 12:4 p.m.41 views

Becoming a Tech Policy Activist

Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It's a powerful call for public-interest technologists...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/22 3:12 p.m.41 views

Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance

Coming out of the Privacy Commissioners' Conference in Albania, Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance. You can sign on as an individual or an organization. I did. You should as well. No, I don't think that...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/09 11:34 a.m.41 views

Illegal Data Center Hidden in Former NATO Bunker

Interesting: German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. ... Thirteen people aged 20 to 59 are under investigation in all, including thr...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/09 11:29 a.m.41 views

NotPetya

Wired has a long article on NotPetya. EDITED TO ADD 9/12: Another good article on NotPetya...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/10 10:44 a.m.41 views

How the Anonymous Artist Banksy Authenticates His or Her Work

Interesting scheme: It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom. Exactly the sort of things that can be easily copied by someone on a mission to create the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/30 11:2 a.m.41 views

Security Vulnerabilities in VingCard Electronic Locks

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/02 12:13 p.m.41 views

Malware from Space

Since you don't have enough to worry about, here's a paper postulating that space aliens could send us malware capable of destroying humanity. Abstract: A complex message from space may require the use of computers to display, analyze and understand. Such a message cannot be decontaminated with...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/29 11:38 a.m.41 views

Ross Anderson on the History of the Crypto Wars in the UK

Ross Anderson gave a talk on the history of the Crypto Wars in the UK. I am intimately familiar with the US story, but didn't know as much about Britain's verson. Hour-long video. Summary...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/10 6:54 p.m.41 views

Turning an Amazon Echo into an Eavesdropping Device

For once, the real story isn't as bad as it seems. A researcher has figured out how to install malware onto an Echo that causes it to stream audio back to a remote controller, but: The technique requires gaining physical access to the target Echo, and it works only on devices sold before 2017. Bu...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/20 11:16 a.m.40 views

Textbook Rental Scam

Heres a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/14 9:6 p.m.40 views

Friday Squid Blogging: Far Side Squid Comic

A classic. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/13 2:39 p.m.40 views

New US Executive Order on Cybersecurity

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government. For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of ne...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/08 12:10 p.m.40 views

Hacking Digitally Signed PDF Files

Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs": Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/05 11:58 a.m.40 views

Presidential Cybersecurity and Pelotons

President Biden wants his Peloton in the White House. For those who have missed the hype, its an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that i...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/29 10:6 p.m.40 views

Friday Squid Blogging: Squids Don’t Like Pile-Driving Noises

New research: Pile driving occurs during construction of marine platforms, including offshore windfarms, producing intense sounds that can adversely affect marine animals. We quantified how a commercially and economically important squid Doryteuthis pealeii: Lesueur 1821 responded to pile driving...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/25 12:25 p.m.40 views

Cyber Public Health

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/19 3:37 p.m.40 views

The US Military Buys Commercial Location Data

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/06 10:1 p.m.40 views

Friday Squid Blogging: Peru Defends Its Waters against Chinese Squid Fishing Boats

Squid geopolitics. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/20 11:26 a.m.40 views

Criminals and the Normalization of Masks

I was wondering about this: Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/23 5:1 p.m.40 views

Chinese COVID-19 Disinformation Campaign

The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/02 12:28 p.m.40 views

Facebook's Download-Your-Data Tool Is Incomplete

Privacy International has the details: Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/20 2:53 p.m.40 views

Clearview AI and Facial Recognition

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognitio...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/03 12:9 p.m.40 views

Chrome Extension Stealing Cryptocurrency Keys and Passwords

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds ETH coins and ERC0-based tokens managed directly inside the extension are at risk. Denley says that the extension sends the priva...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/12 11:4 a.m.40 views

Fabricated Voice Used in Financial Fraud

This seems to be an identity theft first: Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 $243,000 in March in what cybercrime experts described as an unusual case of artificial intelligence being used in...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/26 7:20 p.m.40 views

Interview of Me in Taiwan

Business Weekly in Taiwan interviewed me. Here's a translation courtesy of Google. It was a surprisingly intimate interview. I hope the Chinese reads better than the translation...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/13 11:51 a.m.40 views

Judging Facebook's Privacy Shift

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/20 12:44 p.m.40 views

The PCLOB Needs a Director

The US Privacy and Civil Liberties Oversight Board is looking for a director. Among other things, this board has some oversight role over the NSA. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/09 10:7 p.m.40 views

Friday Squid Blogging: Australian Fisherman Gets Inked

Pretty good video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/18 11:27 a.m.40 views

Government Perspective on Supply Chain Security

This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/25 11:50 a.m.40 views

Evidence for the Security of PKCS #1 Digital Signatures

This is interesting research: "On the Security of the PKCS1 v1.5 Signature Scheme": Abstract: The RSA PKCS1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/31 11:40 a.m.40 views

Hacking a Robot Vacuum

The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/25 11:29 a.m.40 views

On Financial Fraud

There are some good lessons in this article on financial fraud: That's how we got it so wrong. We were looking for incidental breaches of technical regulations, not systematic crime. And the thing is, that's normal. The nature of fraud is that it works outside your field of vision, subverting the...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/20 9:34 p.m.40 views

Friday Squid Blogging: Dead Squid on Prince Edward Island

A beach on Prince Edward Island is littered with dead squid. No one knows why. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/13 11:55 a.m.40 views

Russian Censorship of Telegram

Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/09 11:40 a.m.40 views

More on the Vulnerabilities Equities Process

Richard Ledgett -- a former Deputy Director of the NSA -- argues against the US government disclosing all vulnerabilities: Proponents argue that this would allow patches to be developed, which in turn would help ensure that networks are secure. On its face, this argument might seem to make sense ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/26 12:6 p.m.39 views

LastPass Breach

Last August, LastPass reported a security breach, saying that no customer information--or passwords--were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our developmen...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/24 2:44 p.m.39 views

Banning Surveillance-Based Advertising

The Norwegian Consumer Council just published a fantastic new report: "Time to Ban Surveillance-Based Advertising." From the Introduction: The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements opaque...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/17 11:25 a.m.39 views

Paul van Oorschot’s Computer Security and the Internet

Paul van Oorschots webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. Its worth reading...

2.8AI score
Exploits0
Total number of security vulnerabilities2981