Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2021/02/05 10:13 p.m.34 views

Friday Squid Blogging: Live Giant Squid Found in Japan

A giant squid was found alive in the port of Izumo, Japan. Not a lot of news, just this Twitter thread with a couple of videos. If confirmed, I believe this will be the THIRD time EVER a giant squid was filmed alive! As usual, you can also use this squid post to talk about the security stories in...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/16 1:1 p.m.34 views

Zodiac Killer Cipher Solved

The SF Chronicle is reporting more details here, and the FBI is confirming, that a Melbourne mathematician and team has decrypted the 1969 message sent by the Zodiac Killer to the newspaper. Theres no paper yet, but there are a bunch of details in the news articles. Heres an interview with one of...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/12 12:22 p.m.34 views

“Privacy Nutrition Labels” in Apple’s App Store

Apple will start requiring standardized privacy labels for apps in its app store, starting in December: Apple allows data disclosure to be optional if all of the following conditions apply: if its not used for tracking, advertising or marketing; if its not shared with a data broker; if collection...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/09 9:2 p.m.34 views

Friday Squid Blogging: Saving the Humboldt Squid

Genetic research finds the Humboldt squid is vulnerable to overfishing. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/23 11:3 a.m.34 views

Documented Death from a Ransomware Attack

A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. I think this is the first documented case of a cyberattack causing a fatality. UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack, but...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 9:53 p.m.34 views

Friday Squid Blogging: Morning Squid

Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/12 11:9 a.m.34 views

Attack Against PC Thunderbolt Port

The attack requires physical access to the computer, but it's pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/13 11:48 a.m.34 views

Contact Tracing COVID-19 Infections via Smartphone Apps

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Details, such as we have them, are here. It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/17 12:35 p.m.34 views

Voatz Internet Voting App Is Insecure

This paper describes the flaws in the Voatz Internet voting app: "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections." Abstract: In the 2018 midterm elections, West Virginia became the first state in the...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/07 12:3 p.m.34 views

USB Cable Kill Switch for Laptops

BusKill is designed to wipe your laptop Linux only if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/30 2:36 p.m.34 views

WhatsApp Sues NSO Group

WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. I...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/01 11:18 a.m.34 views

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easie...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/30 11:38 a.m.34 views

Cell Phone Security and Heads of State

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potenti...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/24 11:29 a.m.34 views

Font Steganography

Interesting research in steganography at the font level...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/25 11:7 a.m.34 views

CSE Releases Malware Analysis Tool

The Communications Security Establishment of Canada -- basically, Canada's version of the NSA -- has released a suite of malware analysis tools: Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/30 11:37 a.m.34 views

Proof that HMAC-DRBG has No Back Doors

New research: "Verified Correctness and Security of mbedTLS HMAC-DRBG," by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG NIST 800-90A, and we have proved its...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/01 3:59 p.m.34 views

Passwords at the Border

The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesn't make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode that only gives you access to thos...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 11:10 a.m.34 views

WannaCry Ransomware

Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware. It's a simple scam. Encrypt the victim's hard drive, then extract a fee to decrypt it. The scammers can't charge too much, because they want the victim to pay rather than give up on th...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/17 7:45 p.m.34 views

The US Senate Is Using Signal

The US Senate just approved Signal for staff use. Signal is a secure messaging app with no backdoor, and no large corporate owner who can be pressured to install a backdoor. Susan Landau comments. Maybe I'm being optimistic, but I think we just won the Crypto War. A very important part of the US...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/09 11:12 a.m.33 views

Operation Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to th...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/01 9:22 p.m.33 views

Friday Squid Blogging: Squid Game

Netflix has a new series called Squid Game, about people competing in a deadly game for money. It has nothing to do with actual squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/31 11:37 a.m.33 views

More Military Cryptanalytics, Part III

Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahoss Military Cryptanalytics, Part III. We just got most of the index. Its hard to believe that there are any real secrets left in this 44-year-old volume...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/25 3:13 p.m.33 views

Surveillance of the Internet Backbone

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. Its useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/07 11:9 a.m.33 views

The Supreme Court Narrowed the CFAA

In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act: In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/07 11:24 a.m.33 views

Signal Adds Cryptocurrency Support

According to Wired, Signal is adding support for the cryptocurrency MobileCoin, "a form of digital cash designed to work efficiently on mobile devices while protecting users privacy and even their anonymity." Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describe...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/30 3:0 p.m.33 views

System Update: New Android Malware

Researchers have discovered a new Android app called "System Update" that is a sophisticated Remote-Access Trojan RAT. From a news article: The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/15 11:16 a.m.33 views

Security Analysis of Apple’s “Find My…” Protocol

Interesting research: "Who Can Find My Devices? Security and Privacy of Apples Crowd-Sourced Bluetooth Location Tracking System": Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the worlds largest crowd-sourced location tracking network called offline finding O...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/26 12:28 p.m.33 views

The Problem with Treating Data as a Commodity

Excellent Brookings paper: "Why data ownership is the wrong approach to protecting privacy." From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/30 3:22 p.m.33 views

Check Washing

I cant believe that check washing is still a thing: "Check washing" is a practice where thieves break into mailboxes or otherwise steal mail, find envelopes with checks, then use special solvents to remove the information on that check except for the signature and then change the payee and the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/13 10:9 p.m.33 views

Friday Squid Blogging: Underwater Robot Uses Squid-Like Propulsion

This is neat: By generating powerful streams of water, UCSDs squid-like robot can swim untethered. The "squidbot" carries its own power source, and has the room to hold more, including a sensor or camera for underwater exploration. As usual, you can also use this squid post to talk about the...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/28 11:21 a.m.33 views

On Executive Order 12333

Mark Jaycox has written a long article on the US Executive Order 12333: "No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333": Abstract: Executive Order 12,333 "EO 12333" is a 1980s Executive Order signed by President Ronald Reagan that, among other...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/15 2:15 a.m.33 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Cybersecurity Law & Policy Scholars Virtual Conference on September 17, 2020. I’m keynoting the Canadian Internet Registration Authority’s online symposium, Canadians Connected, on Wednesday, September 23, 2020...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/31 9:3 p.m.33 views

Twitter Hacker Arrested

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments. EDITED TO ADD 8/1: Two others have been charged as well. EDITED TO ADD 8/1...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/30 7:56 p.m.33 views

Fake Stories in Real News Sites

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story: The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NA...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/12 11:23 a.m.33 views

Facebook Helped Develop a Tails Exploit

This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI ha...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/20 7:8 p.m.33 views

Bart Gellman on Snowden

Bart Gellman's long-awaited at least by me book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State, will finally be published in a couple of weeks. There is an adapted excerpt in the Atlantic. It's an interesting read, mostly about the government surveillance of hi...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/19 11:18 a.m.33 views

AI and Cybersecurity

Ben Buchanan has written "A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It's really good -- well worth reading...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/24 11:1 a.m.33 views

Internet Voting in Puerto Rico

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/10 11:18 a.m.33 views

CIA Dirty Laundry Aired

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA's security that it wasn't...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/26 12:8 p.m.33 views

Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigatio...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/12 4:26 p.m.33 views

Companies that Scrape Your Email

Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/04 12:21 p.m.33 views

New Research on the Adtech Industry

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space. From a Twitter summary: 1. thread We are filing legal complaints against six...

Exploits0
Schneier on Security
Schneier on Security
added 2020/01/30 2:39 p.m.33 views

Collating Hacked Data Sets

Two Harvard undergraduates completed a project where they went out on the dark web and found a bunch of stolen datasets. Then they correlated all the information, and combined it with additional, publicly available, information. No surprise: the result was much more detailed and personal. "What w...

Exploits0
Schneier on Security
Schneier on Security
added 2020/01/27 12:3 p.m.33 views

Smartphone Election in Washington State

This year: King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, the...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/21 12:30 p.m.33 views

SIM Hijacking

SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take ov...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/08 3:38 p.m.33 views

New SHA-1 Attack

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: ...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/06 12:55 p.m.33 views

Andy Ellis on Risk Assessment

Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I've written about this before. One quote of mine: "The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/01 11:51 a.m.33 views

Facebook Plans on Backdooring WhatsApp

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/04 12:28 p.m.33 views

Bad Consumer Security Advice

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public unsecured Wi-Fi such as the Wi-Fi in a café, hotel or airport. To...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 2:7 p.m.33 views

Three-Rotor Enigma Machine Up for Auction Today

Sotheby's is auctioning off a working, I think three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors...

3.9AI score
Exploits0
Total number of security vulnerabilities2981