Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2018/01/23 12:41 p.m.38 views

New Malware Hijacks Cryptocurrency Mining

This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/25 12:11 p.m.38 views

"Santa Claus is Coming to Town" Parody

Funny...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/23 11:16 a.m.38 views

Hacking Back

Hacking back is a terrible idea that just will not die. Josephine Wolff takes apart the new hacking back bill that was introduced in the House recently...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/01 4:1 p.m.37 views

Insurance and Ransomware

As ransomware becomes more common, Im seeing more discussions about the ethics of paying the ransom. Heres one more contribution to that issue: a research paper that the insurance industry is hurting more than its helping. However, the most pressing challenge currently facing the industry is...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/17 11:0 a.m.37 views

Is 85% of US Critical Infrastructure in Private Hands?

Most US critical infrastructure is run by private corporations. This has major security implications, because its putting a random power company in -- say -- Ohio -- up against the Russian cybercommand, which isnt a fair fight. When this problem is discussed, people regularly quote the statistic...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/04 2:41 p.m.37 views

Tesla Remotely Hacked from a Drone

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component ConnMan used in Tesla automobiles that allowed them to compromise parked ca...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/04 7:3 p.m.37 views

Four Microsoft Exchange Zero-Days Exploited by China

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. EDITED TO ADD 3/12: Exchange Online is not affected...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/03 12:10 p.m.37 views

More SolarWinds News

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/02 7:55 p.m.37 views

Impressive iPhone Exploit

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ -- over Wi-Fi, with no user interaction required at all. Oh, and...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/24 12:1 p.m.37 views

On That Dusseldorf Hospital Ransomware Attack and the Resultant Death

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 9:10 p.m.37 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/21 11:29 a.m.37 views

Ann Mitchell, Bletchley Park Cryptanalyst, Dies

Obituary...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/20 11:22 a.m.37 views

Vulnerability Finding Using Machine Learning

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply mo...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/06 4:26 p.m.37 views

Emotet Malware Causes Physical Damage

Microsoft is reporting that an Emotet malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/28 12:53 p.m.37 views

Google Receives Geofence Warrants

Sometimes it's hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants, where the police go to...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/22 12:9 p.m.37 views

Half a Million IoT Device Passwords Published

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT Internet of...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/12 12:15 p.m.37 views

Identifying and Arresting Ransomware Criminals

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's vid...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/20 2:34 p.m.37 views

A Feminist Take on Information Privacy

Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/15 11:28 a.m.37 views

International Spy Museum Reopens

The International Spy Museum has reopened in Washington, DC...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/16 11:4 a.m.37 views

Privacy for Tigers

Ross Anderson has some new work: As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/30 11:4 a.m.37 views

Numbers Stations

On numbers stations...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/06 12:12 p.m.37 views

Daphne Caruana Galizia's Murder and the Security of WhatsApp

Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/31 3:29 p.m.37 views

Attack on Old ANSI Random Number Generator

Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here's the research paper, the website -- complete with cute logo -- for the attack, and Matthew...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/24 11:1 a.m.37 views

Reaper Botnet

It's based on the Mirai code, but much more virulent: While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/06 11:17 a.m.36 views

Snowden Ten Years Later

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/14 11:4 a.m.36 views

China Taking Control of Zero-Day Exploits

China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to "overseas organizations or individuals"...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/28 11:53 a.m.36 views

NFC Flaws in POS Devices and ATMs

Its a series of vulnerabilities: Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC syste...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/18 11:18 a.m.36 views

Peloton Vulnerability Found and Fixed

Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires physical access to the Peloton, so its not really a practical attack. President Bidens Peloton was not in danger...

4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/19 9:14 p.m.36 views

Friday Squid Blogging: Squid Cartoon

Squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/12 12:16 p.m.36 views

Cloning Google Titan 2FA keys

This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/17 11:18 a.m.36 views

New Bluetooth Vulnerability

Theres a new unpatched Bluetooth vulnerability: The issue is with a protocol called Cross-Transport Key Derivation or CTKD, for short. When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKDs role is to set up two separate authentication keys for that phone: one for a...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/31 9:0 p.m.36 views

Friday Squid Blogging: Squid Proteins for a Better Face Mask

Researchers are synthesizing squid proteins to create a face mask that better survives cleaning. And you thought there was no connection between squid and COVID-19. The military thinks this might have applications for self-healing robots. As usual, you can also use this squid post to talk about t...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/03 3:39 p.m.36 views

EncroChat Hacked by Police

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/22 2:12 p.m.36 views

New iPhone Zero-Day Discovered

Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/08 11:37 a.m.37 views

RSA-250 Factored

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference 2.1GHz: RSA-250 sieving: 2450 physical core-years RSA-25...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/25 11:33 a.m.36 views

Facial Recognition for People Wearing Masks

The Chinese facial recognition company Hanwang claims it can recognize people wearing masks: The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/20 11:25 a.m.36 views

Emergency Surveillance During COVID-19 Crisis

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With th...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/22 12:16 p.m.36 views

The NSA Warns of TLS Inspection

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection TLSI, also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/01 11:27 a.m.36 views

Resources for Measuring Cybersecurity

Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/25 11:1 a.m.36 views

Ineffective Package Tracking Facilitates Fraud

This article discusses an e-commerce fraud technique in the UK. Because the Royal Mail only tracks packages to the postcode -- and not to the address - it's possible to commit a variety of different frauds. Tracking systems that rely on signature are not similarly vulnerable...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/14 5:15 p.m.36 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at the Code for America Summit in Oakland, California on May 30, 2019. I'm speaking on "Securing a World of Physically Capable Computers" at Oxford University on Monday, June 17, 2019. The list is maintained on this pa...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/06 12:8 p.m.36 views

Protecting Yourself from Identity Theft

I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections,...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/30 11:35 a.m.36 views

Identifying People by Metadata

Interesting research: "You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/16 11:30 a.m.36 views

Reasonably Clever Extortion E-mail Based on Password Theft

Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail that ties the password to a porn site. The...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/14 2:33 p.m.36 views

Critical PGP Vulnerability

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/18 11:29 a.m.36 views

Oblivious DNS

Interesting idea: ...we present Oblivious DNS ODNS, which is a new design of the DNS ecosystem that allows current DNS servers to remain unchanged and increases privacy for data in motion and at rest. In the ODNS system, both the client is modified with a local resolver, and there is a new...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/30 12:26 p.m.36 views

Subway Elevators and Movie-Plot Threats

Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awf...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/02 12:51 p.m.36 views

Fake Santa Surveillance Camera

Reka makes a "decorative Santa cam," meaning that it's not a real camera. Instead, it just gets children used to being under constant surveillance. Our Santa Cam has a cute Father Christmas and mistletoe design, and a red, flashing LED light which will make the most logical kids suspend their...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/29 10:23 p.m.36 views

Friday Squid Blogging: Squid Populations Are Exploding

New research: "Global proliferation of cephalopods" Summary: Human activities have substantially changed the world's oceans in recent decades, altering marine food webs, habitats and biogeochemical processes. Cephalopods squid, cuttlefish and octopuses have a unique set of biological traits,...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/29 12:34 p.m.36 views

Profile of Reality Winner

New York Magazine published an excellent profile of the single-document leaker Reality Winner...

7.1AI score
Exploits0
Total number of security vulnerabilities2981