Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2023/06/09 11:12 a.m.32 views

Operation Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to th...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/02 2:21 p.m.32 views

Open-Source LLMs

In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didnt just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/04 11:56 a.m.32 views

SIKE Broken

SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken, really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie­-Hellman protocol SIDH, based on a "glue-and-split" theorem due to Kani. Our...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/31 11:37 a.m.32 views

More Military Cryptanalytics, Part III

Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahoss Military Cryptanalytics, Part III. We just got most of the index. Its hard to believe that there are any real secrets left in this 44-year-old volume...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/25 3:13 p.m.32 views

Surveillance of the Internet Backbone

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. Its useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/14 5:10 p.m.33 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Norbert Wiener in the 21st Century, a virtual conference hosted by The IEEE Society on Social Implications of Technology SSIT, July 23-25, 2021. I’m speaking at DEFCON 29, August 5-8, 2021. Im speaking via Internet ...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/07 11:9 a.m.32 views

The Supreme Court Narrowed the CFAA

In a 6-3 ruling, the Supreme Court just narrowed the scope of the Computer Fraud and Abuse Act: In a ruling delivered today, the court sided with Van Buren and overturned his 18-month conviction. In a 37-page opinion written and delivered by Justice Amy Coney Barrett, the court explained that the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/17 1:19 p.m.32 views

Mexican Drug Cartels with High-Tech Spyware

Sophisticated spyware, sold by surveillance tech companies to Mexican government agencies, are ending up in the hands of drug cartels: As many as 25 private companies -- including the Israeli company NSO Group and the Italian firm Hacking Team -- have sold surveillance software to Mexican federal...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/08 9:2 p.m.32 views

Oblivious DNS-over-HTTPS

This new protocol, called Oblivious DNS-over-HTTPS ODoH, hides the websites you visit from your ISP. Heres how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/30 3:22 p.m.32 views

Check Washing

I cant believe that check washing is still a thing: "Check washing" is a practice where thieves break into mailboxes or otherwise steal mail, find envelopes with checks, then use special solvents to remove the information on that check except for the signature and then change the payee and the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/30 9:7 p.m.32 views

Friday Squid Blogging: Interview with a Squid Researcher

Interview with Mike Vecchione, Curator of Cephalopoda -- now thats a job title -- at the Smithsonian Museum of National History. One reason theyre so interesting is they are intelligent invertebrates. Almost everything that we think of as being intelligent -- parrots, dolphins, etc. -- are...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/21 9:11 p.m.32 views

Friday Squid Blogging: Rhode Island's State Appetizer Is Calamari

Rhode Island has an official state appetizer, and it's calamari. Who knew? As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/14 1:59 p.m.32 views

Drovorub Malware

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/12 11:23 a.m.32 views

Facebook Helped Develop a Tails Exploit

This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI ha...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/02 11:27 a.m.32 views

"Sign in with Apple" Vulnerability

Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD 6/2: Another story...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/29 5:2 p.m.32 views

Bogus Security Technology: An Anti-5G USB Stick

The 5GBioShield sells for £339.60, and the description sounds like snake oil: ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/10 11:18 a.m.32 views

CIA Dirty Laundry Aired

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA's security that it wasn't...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/31 12:46 p.m.32 views

U.S. Department of Interior Grounding All Drones

The Department of Interior is grounding all non-emergency drones due to security concerns: The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/20 12:52 p.m.32 views

Iran Has Shut Off its Internet

Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns. TITLE EDITED TO REDUCE CONFUSION...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/10 11:21 a.m.32 views

Security Vulnerabilities in US Weapons Systems

The US Government Accounting Office just published a new report: "Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities" summary here. The upshot won't be a surprise to any of my regular readers: they're vulnerable. From the summary: Automation and connectivi...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/17 11:12 a.m.32 views

NSA Attacks Against Virtual Private Networks

A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems." It's...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/26 3:34 p.m.32 views

Acoustical Attacks against Hard Drives

Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs": Abstract: Among storage components, hard disk drives HDDs have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/06 2:45 p.m.31 views

Crashing iPhones with a Flipper Zero

The Flipper Zero is an incredibly versatile hacking device. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. The capabilitie...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/10 11:12 a.m.31 views

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

Cryptographic flaws still matter. Heres a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild. EDITED TO ADD 8/14: A good explainer...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/06 2:19 p.m.31 views

Syniverse Hack

This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 o...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/02 11:46 a.m.31 views

The European Space Agency Launches Hackable Satellite

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. … Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. … The satellite can detect and characterise any rog...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/19 11:8 a.m.31 views

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorists iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/20 12:0 p.m.31 views

Sophisticated Watering Hole Attack

Googles Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers both companies have since patched t...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/10 7:48 p.m.31 views

Finnish Data Theft and Extortion

The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the patients: Neither the company nor Finnish investigators have released many details about the nature of...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/01 12:13 p.m.31 views

Manipulating Systems Using Remote Lasers

Many systems are vulnerable: Researchers at the time said that they were able to launch inaudible commands by shining lasers -- from as far as 360 feet -- at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. … They...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/06 11:11 a.m.31 views

Swiss-Swedish Diplomatic Row Over Crypto AG

Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International, still based in Switzerland but owned by a Swedish company. Its back in the news: Late last week,...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/04 11:24 a.m.31 views

Zoom's Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well.... And now we have this: Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure ...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/27 11:13 a.m.31 views

Automatic Instacart Bots

Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/01 11:53 a.m.31 views

Dark Web Hosting Provider Hacked

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/23 11:19 a.m.31 views

Hacking Voice Assistants with Ultrasonic Waves

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves: Voice assistants -- the demo targeted Siri, Google Assistant, and Bixby -- are designed to respond when they detect the owner's voice after noticing a trigger phrase such as...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/09 11:36 a.m.31 views

Cybersecurity Law Casebook

Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/06 1:48 p.m.31 views

More on Crypto AG

One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end: ...in South America, for instance, many of the governments that were using Crypto...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/13 2:21 p.m.31 views

Artificial Personas and Public Discourse

Presidential campaign season is officially, officially, upon us now, which means it's time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: artificial personas are coming, and they're poised to take over political debate...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/06 12:20 p.m.31 views

Mailbox Master Keys

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/02 4:53 p.m.31 views

Disabling Security Cameras with Lasers

There's a really interesting video of protesters in Hong Kong using some sort of laser to disable security cameras. I know nothing more about the technologies involved...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/03 9:33 a.m.31 views

Cybersecurity for the Public Interest

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/08 2:50 p.m.31 views

Ghidra: NSA's Reverse-Engineering Tool

Last month, the NSA released Ghidra, a software reverse-engineering tool. Early reactions are uniformly positive. Three news articles...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/01 11:22 a.m.31 views

More on the Five Eyes Statement on Encryption and Backdoors

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. Short summary: they like them. One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/20 11:45 a.m.31 views

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't thin...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/05 11:5 a.m.31 views

Using a Smartphone's Microphone and Speakers to Eavesdrop on Passwords

It's amazing that this is even possible: "SonarSnoop: Active Acoustic Side-Channel Attacks": Abstract: We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a sma...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/04 11:20 a.m.31 views

New Book Announcement: Click Here to Kill Everybody

I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security. I argue that this changes everything about security. Attac...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/28 11:49 a.m.31 views

NotPetya

Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk. BoingBoing post...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/23 12:48 p.m.31 views

Yet Another Biometric: Ear Shape

This acoustic technology identifies individuals by their ear shapes. No information about either false positives or false negatives...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/21 12:13 p.m.31 views

New Spectre/Meltdown Variants

Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/22 12:38 p.m.31 views

Dark Caracal: Global Espionage Malware from Lebanon

The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting...

7AI score
Exploits0
Total number of security vulnerabilities2980