Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2019/12/16 12:0 p.m.41 views

Security Vulnerabilities in the RCS Texting Protocol

Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/11 12:19 p.m.41 views

Extracting Data from Smartphones

Privacy International has published a detailed, technical examination of how data is extracted from smartphones...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/04 12:4 p.m.41 views

Becoming a Tech Policy Activist

Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It's a powerful call for public-interest technologists...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/22 3:12 p.m.41 views

Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance

Coming out of the Privacy Commissioners' Conference in Albania, Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance. You can sign on as an individual or an organization. I did. You should as well. No, I don't think that...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/09 11:34 a.m.41 views

Illegal Data Center Hidden in Former NATO Bunker

Interesting: German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. ... Thirteen people aged 20 to 59 are under investigation in all, including thr...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/09 11:29 a.m.41 views

NotPetya

Wired has a long article on NotPetya. EDITED TO ADD 9/12: Another good article on NotPetya...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/10 10:44 a.m.41 views

How the Anonymous Artist Banksy Authenticates His or Her Work

Interesting scheme: It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom. Exactly the sort of things that can be easily copied by someone on a mission to create the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/04 11:33 a.m.41 views

E-Mail Vulnerabilities and Disclosure

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/01 4:14 p.m.41 views

Damaging Hard Drives with an Ultrasonic Attack

Playing a sound over the speakers can cause computers to crash and possibly even physically damage the hard drive. Academic paper...

3.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/05 5:13 p.m.41 views

Intimate Partner Threat

Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/27 11:58 a.m.41 views

Cellebrite Unlocks iPhones for the US Government

Forbes reports that the Israeli company Cellebrite can probably unlock all iPhone models: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/26 12:12 p.m.41 views

The Effects of the Spectre and Meltdown Vulnerabilities

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/15 12:43 p.m.41 views

Fighting Ransomware

No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/08 12:34 p.m.41 views

Tourist Scams

A comprehensive list. Most are old and obvious, but there are some clever variants...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/02 10:1 a.m.41 views

Heart Size: Yet Another Biometric

Turns out that heart size doesn't change throughout your adult life, and you can use low-level Doppler radar to scan the size -- even at a distance -- as a biometric. Research paper to be available soon...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/31 11:52 a.m.41 views

Journalists Generally Do Not Use Secure Communication

This should come as no surprise: Alas, our findings suggest that secure communications haven't yet attracted mass adoption among journalists. We looked at 2,515 Washington journalists with permanent credentials to cover Congress, and we found only 2.5 percent of them solicit end-to-end encrypted...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/30 11:8 a.m.41 views

Who Are the Shadow Brokers?

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of NSA secrets. Since last summer, they've been dumping these secrets on the Internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/20 11:16 a.m.40 views

Textbook Rental Scam

Heres a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/14 9:6 p.m.40 views

Friday Squid Blogging: Far Side Squid Comic

A classic. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/13 2:39 p.m.40 views

New US Executive Order on Cybersecurity

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government. For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of ne...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/08 12:10 p.m.40 views

Hacking Digitally Signed PDF Files

Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs": Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/05 11:58 a.m.40 views

Presidential Cybersecurity and Pelotons

President Biden wants his Peloton in the White House. For those who have missed the hype, its an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that i...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/29 10:6 p.m.40 views

Friday Squid Blogging: Squids Don’t Like Pile-Driving Noises

New research: Pile driving occurs during construction of marine platforms, including offshore windfarms, producing intense sounds that can adversely affect marine animals. We quantified how a commercially and economically important squid Doryteuthis pealeii: Lesueur 1821 responded to pile driving...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/25 12:25 p.m.40 views

Cyber Public Health

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/19 3:37 p.m.40 views

The US Military Buys Commercial Location Data

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/20 11:26 a.m.40 views

Criminals and the Normalization of Masks

I was wondering about this: Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/23 5:1 p.m.40 views

Chinese COVID-19 Disinformation Campaign

The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/02 12:28 p.m.40 views

Facebook's Download-Your-Data Tool Is Incomplete

Privacy International has the details: Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/20 2:53 p.m.40 views

Clearview AI and Facial Recognition

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognitio...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/03 12:9 p.m.40 views

Chrome Extension Stealing Cryptocurrency Keys and Passwords

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds ETH coins and ERC0-based tokens managed directly inside the extension are at risk. Denley says that the extension sends the priva...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/12 11:4 a.m.40 views

Fabricated Voice Used in Financial Fraud

This seems to be an identity theft first: Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 $243,000 in March in what cybercrime experts described as an unusual case of artificial intelligence being used in...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/26 7:20 p.m.40 views

Interview of Me in Taiwan

Business Weekly in Taiwan interviewed me. Here's a translation courtesy of Google. It was a surprisingly intimate interview. I hope the Chinese reads better than the translation...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/13 11:51 a.m.40 views

Judging Facebook's Privacy Shift

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/20 12:44 p.m.40 views

The PCLOB Needs a Director

The US Privacy and Civil Liberties Oversight Board is looking for a director. Among other things, this board has some oversight role over the NSA. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/09 10:7 p.m.40 views

Friday Squid Blogging: Australian Fisherman Gets Inked

Pretty good video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/18 11:27 a.m.40 views

Government Perspective on Supply Chain Security

This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/25 11:50 a.m.40 views

Evidence for the Security of PKCS #1 Digital Signatures

This is interesting research: "On the Security of the PKCS1 v1.5 Signature Scheme": Abstract: The RSA PKCS1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/31 11:40 a.m.40 views

Hacking a Robot Vacuum

The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/30 11:2 a.m.40 views

Security Vulnerabilities in VingCard Electronic Locks

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/02 12:13 p.m.40 views

Malware from Space

Since you don't have enough to worry about, here's a paper postulating that space aliens could send us malware capable of destroying humanity. Abstract: A complex message from space may require the use of computers to display, analyze and understand. Such a message cannot be decontaminated with...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/29 11:38 a.m.40 views

Ross Anderson on the History of the Crypto Wars in the UK

Ross Anderson gave a talk on the history of the Crypto Wars in the UK. I am intimately familiar with the US story, but didn't know as much about Britain's verson. Hour-long video. Summary...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/10 6:54 p.m.40 views

Turning an Amazon Echo into an Eavesdropping Device

For once, the real story isn't as bad as it seems. A researcher has figured out how to install malware onto an Echo that causes it to stream audio back to a remote controller, but: The technique requires gaining physical access to the target Echo, and it works only on devices sold before 2017. Bu...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/26 12:6 p.m.39 views

LastPass Breach

Last August, LastPass reported a security breach, saying that no customer information--or passwords--were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our developmen...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/17 11:25 a.m.39 views

Paul van Oorschot’s Computer Security and the Internet

Paul van Oorschots webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. Its worth reading...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/19 11:21 a.m.39 views

Easy SMS Hijacking

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money -- in this case, $16 off an anonymous prepaid credit card -- and a few lies, you can forwar...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/19 12:16 p.m.39 views

Injecting a Backdoor into SolarWinds Orion

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticles malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/07 12:14 p.m.39 views

Extracting Personal Information from Large Language Models Like GPT-2

Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: "Extracting Training Data from Large Language Models." Abstract: It has become common to publish large...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/01 10:0 p.m.39 views

Friday Squid Blogging: Linguine allo Scoglio Recipe

Delicious seafood pasta dish -- includes squid -- from Americas Test Kitchen. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/07 12:32 p.m.39 views

Hiding Malware in Social Media Buttons

Clever tactic: This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming also known as Magecart attacks. The payment skimmer malware pulls its sleight of hand trick with the help of a double payload...

Exploits0
Schneier on Security
Schneier on Security
added 2020/11/06 10:1 p.m.39 views

Friday Squid Blogging: Peru Defends Its Waters against Chinese Squid Fishing Boats

Squid geopolitics. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Total number of security vulnerabilities2980