Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2018/09/21 11:37 a.m.33 views

AES Resulted in a $250-Billion Economic Benefit

NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I d...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/17 10:26 a.m.33 views

New Ways to Track Internet Browsing

Interesting research on web tracking: "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies: Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/26 3:34 p.m.33 views

Acoustical Attacks against Hard Drives

Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs": Abstract: Among storage components, hard disk drives HDDs have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/01 3:59 p.m.33 views

Passwords at the Border

The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesn't make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode that only gives you access to thos...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/13 12:3 p.m.32 views

DOGE as a National Cyberattack

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history--not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/14 11:1 a.m.32 views

Another Chrome Vulnerability

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and...

6.8CVSS6.7AI score0.08348EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/10 11:12 a.m.32 views

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

Cryptographic flaws still matter. Heres a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild. EDITED TO ADD 8/14: A good explainer...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/02 2:21 p.m.32 views

Open-Source LLMs

In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didnt just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/04 11:56 a.m.32 views

SIKE Broken

SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken, really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie­-Hellman protocol SIDH, based on a "glue-and-split" theorem due to Kani. Our...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/06 2:19 p.m.32 views

Syniverse Hack

This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 o...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/14 5:10 p.m.33 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Norbert Wiener in the 21st Century, a virtual conference hosted by The IEEE Society on Social Implications of Technology SSIT, July 23-25, 2021. I’m speaking at DEFCON 29, August 5-8, 2021. Im speaking via Internet ...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/17 1:19 p.m.32 views

Mexican Drug Cartels with High-Tech Spyware

Sophisticated spyware, sold by surveillance tech companies to Mexican government agencies, are ending up in the hands of drug cartels: As many as 25 private companies -- including the Israeli company NSO Group and the Italian firm Hacking Team -- have sold surveillance software to Mexican federal...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/08 9:2 p.m.32 views

Oblivious DNS-over-HTTPS

This new protocol, called Oblivious DNS-over-HTTPS ODoH, hides the websites you visit from your ISP. Heres how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/01 12:13 p.m.32 views

Manipulating Systems Using Remote Lasers

Many systems are vulnerable: Researchers at the time said that they were able to launch inaudible commands by shining lasers -- from as far as 360 feet -- at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. … They...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/30 3:22 p.m.32 views

Check Washing

I cant believe that check washing is still a thing: "Check washing" is a practice where thieves break into mailboxes or otherwise steal mail, find envelopes with checks, then use special solvents to remove the information on that check except for the signature and then change the payee and the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/30 9:7 p.m.32 views

Friday Squid Blogging: Interview with a Squid Researcher

Interview with Mike Vecchione, Curator of Cephalopoda -- now thats a job title -- at the Smithsonian Museum of National History. One reason theyre so interesting is they are intelligent invertebrates. Almost everything that we think of as being intelligent -- parrots, dolphins, etc. -- are...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/21 9:11 p.m.32 views

Friday Squid Blogging: Rhode Island's State Appetizer Is Calamari

Rhode Island has an official state appetizer, and it's calamari. Who knew? As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/14 1:59 p.m.32 views

Drovorub Malware

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/04 11:24 a.m.32 views

Zoom's Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well.... And now we have this: Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure ...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/02 11:27 a.m.32 views

"Sign in with Apple" Vulnerability

Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD 6/2: Another story...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/29 5:2 p.m.32 views

Bogus Security Technology: An Anti-5G USB Stick

The 5GBioShield sells for £339.60, and the description sounds like snake oil: ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/10 11:18 a.m.32 views

CIA Dirty Laundry Aired

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA's security that it wasn't...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/31 12:46 p.m.32 views

U.S. Department of Interior Grounding All Drones

The Department of Interior is grounding all non-emergency drones due to security concerns: The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/06 12:20 p.m.32 views

Mailbox Master Keys

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/20 12:52 p.m.32 views

Iran Has Shut Off its Internet

Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns. TITLE EDITED TO REDUCE CONFUSION...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/10 11:21 a.m.32 views

Security Vulnerabilities in US Weapons Systems

The US Government Accounting Office just published a new report: "Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities" summary here. The upshot won't be a surprise to any of my regular readers: they're vulnerable. From the summary: Automation and connectivi...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/17 11:12 a.m.32 views

NSA Attacks Against Virtual Private Networks

A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems." It's...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/04 11:20 a.m.32 views

New Book Announcement: Click Here to Kill Everybody

I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security. I argue that this changes everything about security. Attac...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/25 10:0 a.m.32 views

Secure Speculative Execution

We're starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems. Here's one. I don't know if this particular design secure. My guess is that we're going to see several iterations of design and attack before we settle on something...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/23 12:48 p.m.32 views

Yet Another Biometric: Ear Shape

This acoustic technology identifies individuals by their ear shapes. No information about either false positives or false negatives...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/21 12:13 p.m.32 views

New Spectre/Meltdown Variants

Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/22 12:38 p.m.32 views

Dark Caracal: Global Espionage Malware from Lebanon

The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/12 12:29 p.m.32 views

Facial Recognition Is Coming to Retail

Summary article...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/11 1:5 p.m.32 views

Yet Another FBI Proposal for Insecure Communications

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/10 1:27 p.m.32 views

Cybersecurity and the 2017 US National Security Strategy

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/13 5:49 p.m.32 views

On the Equifax Data Breach

Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/24 11:39 a.m.32 views

US Army Researching Bot Swarms

The US Army Research Agency is funding research into autonomous bot swarms. From the announcement: The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of large heterogeneous teams of intelligent...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 7:5 p.m.32 views

NSA Abandons "About" Searches

Earlier this month, the NSA said that it would no longer conduct "about" searches of bulk communications data. This was the practice of collecting the communications of Americans based on keywords and phrases in the contents of the messages, not based on who they were from or to. The NSA's own...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/16 2:32 p.m.32 views

Did North Korea Write WannaCry?

The New York Times is reporting that evidence is pointing to North Korea as the author of the WannaCry ransomware. Note that there is no proof at this time, although it would not surprise me if the NSA knows the origins of this malware attack...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/21 12:5 p.m.31 views

Email Security Flaw Found in the Wild

Googles Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this...

5.8CVSS7.3AI score0.59041EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/06 2:45 p.m.31 views

Crashing iPhones with a Flipper Zero

The Flipper Zero is an incredibly versatile hacking device. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. The capabilitie...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/02 11:46 a.m.31 views

The European Space Agency Launches Hackable Satellite

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. … Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. … The satellite can detect and characterise any rog...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/19 11:8 a.m.31 views

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorists iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/14 2:56 p.m.31 views

The FBI Is Now Securing Networks Without Their Owners’ Permission

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/20 12:0 p.m.31 views

Sophisticated Watering Hole Attack

Googles Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers both companies have since patched t...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/10 7:48 p.m.31 views

Finnish Data Theft and Extortion

The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the patients: Neither the company nor Finnish investigators have released many details about the nature of...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/06 11:11 a.m.31 views

Swiss-Swedish Diplomatic Row Over Crypto AG

Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International, still based in Switzerland but owned by a Swedish company. Its back in the news: Late last week,...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/22 12:35 p.m.31 views

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police c...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/27 11:13 a.m.31 views

Automatic Instacart Bots

Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/01 11:53 a.m.31 views

Dark Web Hosting Provider Hacked

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up...

1.3AI score
Exploits0
Total number of security vulnerabilities2981