Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2017/12/29 10:23 p.m.36 views

Friday Squid Blogging: Squid Populations Are Exploding

New research: "Global proliferation of cephalopods" Summary: Human activities have substantially changed the world's oceans in recent decades, altering marine food webs, habitats and biogeochemical processes. Cephalopods squid, cuttlefish and octopuses have a unique set of biological traits,...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/29 12:34 p.m.36 views

Profile of Reality Winner

New York Magazine published an excellent profile of the single-document leaker Reality Winner...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/10 12:6 p.m.36 views

New Research in Invisible Inks

It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly if only you could see them in the data-encryption/decryption arena lately.... But some of the materials are costly or difficult to prepare, and many of these inks remain...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/09 12:23 p.m.36 views

Facebook Fingerprinting Photos to Prevent Revenge Porn

This is a pilot project in Australia: Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner or ex-partner might distribute them without their consent can use Messenger to send the images to be "hashed." This means that the company converts the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/28 9:0 p.m.36 views

Friday Squid Blogging: Giant Squids Have Small Brains

New research: In this study, the optic lobe of a giant squid Architeuthis dux, male, mantle length 89 cm, which was caught by local fishermen off the northeastern coast of Taiwan, was scanned using high-resolution magnetic resonance imaging in order to examine its internal structure. It was evide...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/20 2:12 p.m.36 views

Ethereum Hacks

The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they're not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency -- in this case, digital wallets. This is the second Ethereum...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/17 11:32 a.m.36 views

Keylogger Found in HP Laptop Audio Drivers

This is a weird story: researchers have discovered that an audio driver installed in some HP laptops includes a keylogger, which records all keystrokes to a local file. There seems to be nothing malicious about this, but it's a vivid illustration of how hard it is to secure a modern computer. The...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/28 11:9 a.m.35 views

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we dont know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/19 11:17 a.m.35 views

T-Mobile Data Breach

Its a big one: As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobiles servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/29 2:12 p.m.35 views

Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence a Breathalyzer is probably the most obvious example. Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examin...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/19 11:31 a.m.35 views

Apple Censorship and Surveillance in China

Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/10 7:17 p.m.35 views

Ransomware Shuts Down US Pipeline

This is a major story: a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/09 12:16 p.m.35 views

On Not Fixing Old Vulnerabilities

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. "The most frequent vulnerabilities detected during automated assessment date back to 2013-­2017, which indicates a lack of...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/11 12:17 p.m.35 views

Changes in WhatsApp’s Privacy Policy

If youre a WhatsApp user, pay attention to the changes in the privacy policy that youre being forced to agree with. In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users wi...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/30 12:33 p.m.35 views

On the Evolution of Ransomware

Good article on the evolution of ransomware: Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and, unfortunately, predictable devolution. After years spent honing their...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/04 8:21 p.m.35 views

The 2020 Workshop on Economics and Information Security (WEIS)

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Heres the program. Registration is free...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/23 12:4 p.m.35 views

Indistinguishability Obfuscation

Quanta magazine recently published a breathless article on indistinguishability obfuscation -- calling it the "crown jewel of cryptography" -- and saying that it had finally been achieved, based on a recently published paper. I want to add some caveats to the discussion. Basically, obfuscation...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/23 1:47 p.m.35 views

New Report on Police Decryption Capabilities

There is a new report on police decryption capabilities: specifically, mobile device forensic tools MDFTs. Short summary: its not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/07 9:8 p.m.35 views

Friday Squid Blogging: New SQUID

There's a new SQUID: A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Devi...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/18 11:15 a.m.35 views

Ramsey Malware

A new malware, called Ramsey, can jump air gaps: ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 Ramsay v1, and two others in early and late March 2020 Ramsay v2.a and v2.b. Each version was different and infected victims...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/15 11:43 a.m.35 views

On Marcus Hutchins

Long and nuanced story about Marcus Hutchins, the British hacker who wrote most of the Kronos malware and also stopped WannaCry in real time. Well worth reading...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/03 11:21 a.m.35 views

Bug Bounty Programs Are Being Used to Buy Silence

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/19 11:49 a.m.35 views

Work-from-Home Security Advice

SANS has made freely available its "Work-from-Home Awareness Kit." When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/16 2:31 p.m.35 views

TSA Admits Liquid Ban Is Security Theater

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/12 11:30 a.m.35 views

The Whisper Secret-Sharing App Exposed Locations

This is a big deal: Whisper, the secret-sharing app that called itself the "safest place on the Internet," left years of users' most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/11 4:42 p.m.35 views

Crypto AG Was Owned by the CIA

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. They were owned by the CIA: But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/27 6:21 p.m.35 views

Modern Mass Surveillance: Identify, Correlate, Discriminate

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts a statewide ban may follow. In December, San Dieg...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/03 8:12 p.m.35 views

RSA-240 Factored

This just in: We are pleased to announce the factorization of RSA-240, from RSA's challenge list, and the computation of a discrete logarithm of the same size 795 bits: RSA-240 = 12462036678171878406583504460810659043482037465167880575481878888328...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/07 11:22 a.m.35 views

Locked Computers

This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn't talk about is RAM theft. When RAM was expensive, stealing it was a problem...

4.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/26 11:9 a.m.35 views

Towards an Information Operations Kill Chain

Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to something called the "cybersecurity kill chain": a way of thinking about cyber defense in terms of disrupting the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/14 12:46 p.m.35 views

Oracle and "Responsible Disclosure"

I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software vendors. Researchers agree to withhold their work until software companies fix the vulnerabilities, and software vendors agree not to...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/13 1:4 p.m.35 views

New IoT Security Regulations

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communicatio...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/06 12:51 p.m.35 views

Security of Solid-State-Drive Encryption

Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives SSDs": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/09 11:13 a.m.35 views

PROPagate Code Injection Seen in the Wild

Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/11 11:24 a.m.35 views

Airline Ticket Fraud

New research: "Leaving on a jet plane: the trade in fraudulently obtained airline tickets:" Abstract: Every day, hundreds of people fly on airline tickets that have been obtained fraudulently. This crime script analysis provides an overview of the trade in these tickets, drawing on interviews wit...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/14 11:24 a.m.35 views

The 600+ Companies PayPal Shares Your Data With

One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/29 8:17 p.m.35 views

Locating Secret Military Bases via Fitness Data

In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. New...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/03 12:17 p.m.35 views

Tamper-Detection App for Android

Edward Snowden and Nathan Freitas have created an Android app that detects when it's being tampered with. The basic idea is to put the app on a second phone and put the app on or near something important, like your laptop. The app can then text you -- and also record audio and video -- when...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/01 12:23 p.m.35 views

Security Vulnerabilities in Star Wars

A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/21 12:16 p.m.35 views

Amazon Creates Classified US Cloud

Amazon has a cloud for US classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/30 5:23 p.m.35 views

Google Login Security for High-Risk Users

Google has a new login service for high-risk users. It's good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into yo...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/17 2:24 p.m.35 views

Security Flaw in Infineon Smart Cards and TPMs

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith's attack: While all keys generated with the library are much weaker than they...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/29 9:27 p.m.35 views

Friday Squid Blogging: Squid Empire Is a New Book

Regularly I receive mail from people wanting to advertise on, write for, or sponsor posts on my blog. My rule is that I say no to everyone. There is no amount of money or free stuff that will get me to write about your security product or service. With regard to squid, however, I have no such...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/15 11:0 a.m.35 views

Hacking a Gene Sequencer by Encoding Malware in a DNA Strand

One of the common ways to hack a computer is to mess with its input data. That is, if you can feed the computer data that it interprets -- or misinterprets -- in a particular way, you can trick the computer into doing things that it wasn't intended to do. This is basically what a buffer overflow...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/29 5:40 p.m.35 views

The Women of Bletchley Park

Really good article about the women who worked at Bletchley Park during World War II, breaking German Enigma-encrypted messages...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/18 4:51 p.m.34 views

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

Apples NeuralHash algorithm -- the one its using for client-side scanning on the iPhone -- has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/16 11:17 a.m.34 views

VPNs and Trust

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies. Express VPN is incorporated i...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/08 10:32 a.m.34 views

Vulnerabilities in Weapons Systems

"If you think any of these systems are going to work as expected in wartime, youre fooling yourself." That was Bruces response at a conference hosted by US Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the Internet. That...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/26 2:33 p.m.34 views

New Disk Wiping Malware Targets Israel

Apostle seems to be a new strain of malware that destroys data. In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/14 5:30 p.m.34 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting the all-virtual RSA Conference 2021, May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning via Zoom, July 8-9, 2021. I’ll be speaking at an Informa event on...

3AI score
Exploits0
Total number of security vulnerabilities2981