Lucene search
K
SchneierMost viewed

2976 matches found

Schneier on Security
Schneier on Security
added 2019/06/13 11:21 a.m.141 views

Report on the Stalkerware Industry

Citizen Lab just published an excellent report on the stalkerware industry. Boing Boing post...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/15 2:44 p.m.140 views

Critical Flaw in Swiss Internet Voting System

Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted -- and that this system in particular should never be deployed, even if the found flaw is fixed...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/30 9:4 p.m.138 views

Friday Squid Blogging: Economic Fallout from Falklands Halting Squid Fishing

Details. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/11 8:48 p.m.138 views

Friday Squid Blogging: New Giant Squid Video

This is a fantastic video of a young giant squid named Heck swimming around Toyama Bay near Tokyo. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/10 11:52 a.m.138 views

Security Vulnerabilities in Cell Phone Systems

Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/09 9:12 p.m.137 views

Friday Squid Blogging: Sinuous Asperoteuthis Mangoldae Squid

Great video of the Sinuous Asperoteuthis Mangoldae Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/13 9:5 p.m.135 views

Friday Squid Blogging: How Scientists Captured the Giant Squid Video

In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/25 9:48 p.m.135 views

Friday Squid Blogging: Prehistoric Dolphins that Ate Squid

Paleontologists have discovered a prehistoric toothless dolphin that fed by vacuuming up squid: There actually are modern odontocetes that don't really use their teeth either. Male beaked whales, for example, usually have one pair of teeth that is only used to fight for females, whose teeth stay...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/08 10:36 p.m.134 views

Friday Squid Blogging: Squid Proteins Can Be an Alternative to Plastic

Is there anything squids aren't good for? Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/13 9:18 p.m.132 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thursday, August 8, 2019. I'm speaking on "Information Security in the Public Interest" at DefCon 27 in Las Vegas on Saturday, August 10, 2019. The list is...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/01 10:24 p.m.131 views

Friday Squid Blogging: Chinese Squid-Processing Facility

China is building the largest squid processing center in the world. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/10 9:18 p.m.129 views

Friday Squid Blogging: Cephalopod Appreciation Society Event

Last Wednesday was a Cephalopod Appreciation Society event in Seattle. I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/01 6:25 p.m.127 views

Clever — and Exploitable — Windows Zero-Day

Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Heres the advisory, which includes a work-around until a patch is available...

9.3CVSS3.2AI score0.99374EPSS
Exploits62
Schneier on Security
Schneier on Security
added 2019/10/04 9:23 p.m.126 views

Friday Squid Blogging: Hawaiian Bobtail Squid Squirts Researcher

Cute video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/22 10:9 p.m.126 views

Friday Squid Blogging: A Tracking Device for Squid

Really: After years of "making do" with the available technology for his squid studies, Mooney created a versatile tag that allows him to research squid behavior. With the help of Kakani Katija, an engineer adapting the tag for jellyfish at California's Monterey Bay Aquarium Research Institute...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/04 11:38 a.m.124 views

US Journalist Detained When Returning to US

Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/06 9:21 p.m.124 views

Friday Squid Blogging: Baby Ichthyosaurus Fed on Squid

New discovery: paper and article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/23 11:19 p.m.123 views

Friday Squid Blogging: Vulnerabilities in Squid Server

It's always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service DoS attacks triggered by the exploitation of a heap buffer overflow security flaw...

6.8CVSS9.8AI score0.50454EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/03 11:42 a.m.123 views

LC4: Another Pen-and-Paper Cipher

Interesting symmetric cipher: LC4: Abstract: ElsieFour LC4 is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/20 5:50 p.m.122 views

Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago

Earlier this month, I made fun of a company called Crown Sterling, for...for...for being a company that deserves being made fun of. This morning, the company announced that they "decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer." Really. The...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/18 12:53 p.m.121 views

US Schools Are Buying Cell Phone Unlocking Systems

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/11 11:54 a.m.121 views

Russia Is Testing Online Voting

This is a bad idea: A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital's city counci...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/18 11:25 a.m.121 views

Defeating the iPhone Restricted Mode

Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/31 9:15 p.m.120 views

Friday Squid Blogging: Hundred-Million-Year-Old Squid Relative Found in Amber

This is a really interesting find. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/22 11:24 a.m.120 views

Fingerprinting iPhones

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/08 8:24 p.m.119 views

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. Video here. I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologist...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/21 10:14 p.m.119 views

Friday Squid Blogging: Illegal North Korean Squid Fishing

North Korea is engaged in even more illegal squid fishing than previously. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/18 7:14 p.m.119 views

More on My LinkedIn Account

I have successfully gotten the fake LinkedIn account in my name deleted. To prevent someone from doing this again, I signed up for LinkedIn. This is my first -- and only -- post on that account: My Only LinkedIn Post Yes, Really Welcome to my LinkedIn page. It looks empty because I'm never here. ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/11 9:24 p.m.119 views

Friday Squid Blogging: Squid Eyeballs

Details on how a squid's eye corrects for underwater distortion: Spherical lenses, like the squids', usually can't focus the incoming light to one point as it passes through the curved surface, which causes an unclear image. The only way to correct this is by bending each ray of light differently...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/19 6:26 p.m.116 views

Risks of Password Managers

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security an...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/14 11:28 a.m.116 views

Video Surveillance by Computer

The ACLU's Jay Stanley has just published a fantastic report: "The Dawn of Robot Surveillance" blog post here Basically, it lays out a future of ubiquitous video cameras watched by increasingly sophisticated video analytics software, and discusses the potential harms to society. I'm not going to...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/25 11:25 a.m.116 views

Detecting Lies through Mouse Movements

Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/14 4:2 p.m.115 views

Real-Time Attacks Against Two-Factor Authentication

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/18 9:27 p.m.115 views

Friday Squid Blogging: Brittle Star Catches a Squid

Watch a brittle star catch a squid, and then lose it to another brittle star. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/17 9:13 p.m.114 views

Friday Squid Blogging: On Squid Intelligence

Two links. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/07 9:18 p.m.113 views

Friday Squid Blogging: Possible New Squid Species

NOAA video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/01 2:44 p.m.113 views

Recovering Smartphone Typing from Microphone Sounds

Yet another side-channel attack on smartphones: "Hearing your touch: A new acoustic side channel on smartphones," by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/19 12:6 p.m.112 views

Security Breaches Don't Affect Stock Price

Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/19 10:21 a.m.110 views

Maciej Cegłowski on Privacy in the Information Age

Maciej Cegłowski has a really good essay explaining how to think about privacy today: For the purposes of this essay, I'll call it "ambient privacy" -- the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/05 8:23 p.m.110 views

Security Flaw in Estonian National ID Card

We have no idea how bad this really is: On 30 August, an international team of researchers informed the Estonian Information System Authority RIA of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/01 9:28 p.m.109 views

Friday Squid Blogging: Bioluminescent Squid

There's a beautiful picture of a tiny squid in this New York Times article on bioluminescence -- and a dramatic one of a vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/03 12:43 p.m.108 views

Wi-Fi Chip Vulnerability

There's a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices,...

2.9CVSS1.1AI score0.07709EPSS
Exploits7
Schneier on Security
Schneier on Security
added 2019/05/10 11:30 a.m.107 views

Cryptanalyzing a Pair of Russian Encryption Algorithms

A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/03 3:10 p.m.106 views

Security and Privacy Implications of Zoom

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom. Over that same period, the company has been exposed for...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/26 10:46 a.m.106 views

Person in Latex Mask Impersonated French Minister

Forget deep fakes. Someone wearing a latex mask fooled people on video calls for a period of two years, successfully scamming 80 million euros from rich French citizens...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/06 12:4 p.m.106 views

Chinese Military Wants to Develop Custom OS

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system: Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/12 9:19 p.m.106 views

Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery

Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/05 4:24 p.m.106 views

Troy Hunt on Passwords

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why insert thing here isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/23 10:20 p.m.106 views

Friday Squid Blogging: The Symbiotic Relationship Between the Bobtail Squid and a Particular Microbe

This is the story of the Hawaiian bobtail squid and Vibrio fischeri. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/03 11:28 a.m.105 views

Digital License Plates

They're a thing: Developers say digital plates utilize "advanced telematics" -- to collect tolls, pay for parking and send out Amber Alerts when a child is abducted. They also help recover stolen vehicles by changing the display to read "Stolen," thereby alerting everyone within eyeshot. This mak...

1.2AI score
Exploits0
Total number of security vulnerabilities2976