Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2020/11/23 12:4 p.m.34 views

Indistinguishability Obfuscation

Quanta magazine recently published a breathless article on indistinguishability obfuscation -- calling it the "crown jewel of cryptography" -- and saying that it had finally been achieved, based on a recently published paper. I want to add some caveats to the discussion. Basically, obfuscation...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/12 12:22 p.m.34 views

“Privacy Nutrition Labels” in Apple’s App Store

Apple will start requiring standardized privacy labels for apps in its app store, starting in December: Apple allows data disclosure to be optional if all of the following conditions apply: if its not used for tracking, advertising or marketing; if its not shared with a data broker; if collection...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/09 9:2 p.m.34 views

Friday Squid Blogging: Saving the Humboldt Squid

Genetic research finds the Humboldt squid is vulnerable to overfishing. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/23 11:3 a.m.34 views

Documented Death from a Ransomware Attack

A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. I think this is the first documented case of a cyberattack causing a fatality. UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack, but...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 9:53 p.m.34 views

Friday Squid Blogging: Morning Squid

Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/12 11:9 a.m.34 views

Attack Against PC Thunderbolt Port

The attack requires physical access to the computer, but it's pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/13 11:48 a.m.34 views

Contact Tracing COVID-19 Infections via Smartphone Apps

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Details, such as we have them, are here. It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/17 12:35 p.m.34 views

Voatz Internet Voting App Is Insecure

This paper describes the flaws in the Voatz Internet voting app: "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections." Abstract: In the 2018 midterm elections, West Virginia became the first state in the...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/07 12:3 p.m.34 views

USB Cable Kill Switch for Laptops

BusKill is designed to wipe your laptop Linux only if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/30 2:36 p.m.34 views

WhatsApp Sues NSO Group

WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. I...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/01 11:18 a.m.34 views

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easie...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/30 11:38 a.m.34 views

Cell Phone Security and Heads of State

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potenti...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/24 11:29 a.m.34 views

Font Steganography

Interesting research in steganography at the font level...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/25 11:7 a.m.34 views

CSE Releases Malware Analysis Tool

The Communications Security Establishment of Canada -- basically, Canada's version of the NSA -- has released a suite of malware analysis tools: Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/30 11:37 a.m.34 views

Proof that HMAC-DRBG has No Back Doors

New research: "Verified Correctness and Security of mbedTLS HMAC-DRBG," by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG NIST 800-90A, and we have proved its...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 11:10 a.m.34 views

WannaCry Ransomware

Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware. It's a simple scam. Encrypt the victim's hard drive, then extract a fee to decrypt it. The scammers can't charge too much, because they want the victim to pay rather than give up on th...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/17 7:45 p.m.34 views

The US Senate Is Using Signal

The US Senate just approved Signal for staff use. Signal is a secure messaging app with no backdoor, and no large corporate owner who can be pressured to install a backdoor. Susan Landau comments. Maybe I'm being optimistic, but I think we just won the Crypto War. A very important part of the US...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/01 9:22 p.m.33 views

Friday Squid Blogging: Squid Game

Netflix has a new series called Squid Game, about people competing in a deadly game for money. It has nothing to do with actual squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/08 10:32 a.m.33 views

Vulnerabilities in Weapons Systems

"If you think any of these systems are going to work as expected in wartime, youre fooling yourself." That was Bruces response at a conference hosted by US Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the Internet. That...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/07 11:24 a.m.33 views

Signal Adds Cryptocurrency Support

According to Wired, Signal is adding support for the cryptocurrency MobileCoin, "a form of digital cash designed to work efficiently on mobile devices while protecting users privacy and even their anonymity." Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describe...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/30 3:0 p.m.33 views

System Update: New Android Malware

Researchers have discovered a new Android app called "System Update" that is a sophisticated Remote-Access Trojan RAT. From a news article: The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/15 11:16 a.m.33 views

Security Analysis of Apple’s “Find My…” Protocol

Interesting research: "Who Can Find My Devices? Security and Privacy of Apples Crowd-Sourced Bluetooth Location Tracking System": Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the worlds largest crowd-sourced location tracking network called offline finding O...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/26 12:28 p.m.33 views

The Problem with Treating Data as a Commodity

Excellent Brookings paper: "Why data ownership is the wrong approach to protecting privacy." From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/13 10:9 p.m.33 views

Friday Squid Blogging: Underwater Robot Uses Squid-Like Propulsion

This is neat: By generating powerful streams of water, UCSDs squid-like robot can swim untethered. The "squidbot" carries its own power source, and has the room to hold more, including a sensor or camera for underwater exploration. As usual, you can also use this squid post to talk about the...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/28 11:21 a.m.33 views

On Executive Order 12333

Mark Jaycox has written a long article on the US Executive Order 12333: "No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333": Abstract: Executive Order 12,333 "EO 12333" is a 1980s Executive Order signed by President Ronald Reagan that, among other...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/15 2:15 a.m.33 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Cybersecurity Law & Policy Scholars Virtual Conference on September 17, 2020. I’m keynoting the Canadian Internet Registration Authority’s online symposium, Canadians Connected, on Wednesday, September 23, 2020...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/31 9:3 p.m.33 views

Twitter Hacker Arrested

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments. EDITED TO ADD 8/1: Two others have been charged as well. EDITED TO ADD 8/1...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/30 7:56 p.m.33 views

Fake Stories in Real News Sites

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story: The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NA...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/20 7:8 p.m.33 views

Bart Gellman on Snowden

Bart Gellman's long-awaited at least by me book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State, will finally be published in a couple of weeks. There is an adapted excerpt in the Atlantic. It's an interesting read, mostly about the government surveillance of hi...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/19 11:18 a.m.33 views

AI and Cybersecurity

Ben Buchanan has written "A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It's really good -- well worth reading...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/24 11:1 a.m.33 views

Internet Voting in Puerto Rico

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/26 12:8 p.m.33 views

Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigatio...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/12 4:26 p.m.33 views

Companies that Scrape Your Email

Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/04 12:21 p.m.33 views

New Research on the Adtech Industry

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space. From a Twitter summary: 1. thread We are filing legal complaints against six...

Exploits0
Schneier on Security
Schneier on Security
added 2020/01/30 2:39 p.m.33 views

Collating Hacked Data Sets

Two Harvard undergraduates completed a project where they went out on the dark web and found a bunch of stolen datasets. Then they correlated all the information, and combined it with additional, publicly available, information. No surprise: the result was much more detailed and personal. "What w...

Exploits0
Schneier on Security
Schneier on Security
added 2020/01/27 12:3 p.m.33 views

Smartphone Election in Washington State

This year: King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, the...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/21 12:30 p.m.33 views

SIM Hijacking

SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take ov...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/08 3:38 p.m.33 views

New SHA-1 Attack

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: ...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/06 12:55 p.m.33 views

Andy Ellis on Risk Assessment

Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I've written about this before. One quote of mine: "The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/01 11:51 a.m.33 views

Facebook Plans on Backdooring WhatsApp

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/04 12:28 p.m.33 views

Bad Consumer Security Advice

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public unsecured Wi-Fi such as the Wi-Fi in a café, hotel or airport. To...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 2:7 p.m.33 views

Three-Rotor Enigma Machine Up for Auction Today

Sotheby's is auctioning off a working, I think three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/09 11:1 a.m.33 views

The US National Cyber Strategy

Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and dat...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/04 11:32 a.m.33 views

Helen Nissenbaum on Data Privacy and Consent

This is a fantastic Q with Cornell Tech Professor Helen Nissenbaum on data privacy and why it's wrong to focus on consent. I'm not going to pull a quote, because you should read the whole thing...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/28 6:19 p.m.33 views

Major Tech Companies Finally Endorse Federal Privacy Regulation

The major tech companies, scared that states like California might impose actual privacy regulations, have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. I'm sure they'll still do all they can to...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/21 11:37 a.m.33 views

AES Resulted in a $250-Billion Economic Benefit

NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I d...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/17 10:26 a.m.33 views

New Ways to Track Internet Browsing

Interesting research on web tracking: "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies: Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/26 3:34 p.m.33 views

Acoustical Attacks against Hard Drives

Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs": Abstract: Among storage components, hard disk drives HDDs have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/01 3:59 p.m.33 views

Passwords at the Border

The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesn't make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode that only gives you access to thos...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/13 12:3 p.m.32 views

DOGE as a National Cyberattack

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history--not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the...

7.6AI score
Exploits0
Total number of security vulnerabilities2981