Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
•added 2018/01/12 12:29 p.m.•31 views

Facial Recognition Is Coming to Retail

Summary article...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/11 1:5 p.m.•31 views

Yet Another FBI Proposal for Insecure Communications

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/10 1:27 p.m.•31 views

Cybersecurity and the 2017 US National Security Strategy

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/09/13 5:49 p.m.•31 views

On the Equifax Data Breach

Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/07/24 11:39 a.m.•31 views

US Army Researching Bot Swarms

The US Army Research Agency is funding research into autonomous bot swarms. From the announcement: The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of large heterogeneous teams of intelligent...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/06/12 2:6 p.m.•31 views

Healthcare Industry Cybersecurity Report

New US government report: "Report on Improving Cybersecurity in the Health Care Industry." It's pretty scathing, but nothing in it will surprise regular readers of this blog. It's worth reading the executive summary, and then skimming the recommendations. Recommendations are in six areas. The Tas...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/05/19 7:5 p.m.•31 views

NSA Abandons "About" Searches

Earlier this month, the NSA said that it would no longer conduct "about" searches of bulk communications data. This was the practice of collecting the communications of Americans based on keywords and phrases in the contents of the messages, not based on who they were from or to. The NSA's own...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/05/16 2:32 p.m.•31 views

Did North Korea Write WannaCry?

The New York Times is reporting that evidence is pointing to North Korea as the author of the WannaCry ransomware. Note that there is no proof at this time, although it would not surprise me if the NSA knows the origins of this malware attack...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2025/03/14 11:2 a.m.•30 views

TP-Link Router Botnet

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution RCE possible so that the malware can spread itself across the internet automatically. This high severity security flaw tracked as CVE-2023-1389 has also been us...

8.8CVSS9.3AI score0.99999EPSS
Exploits7
Schneier on Security
Schneier on Security
•added 2023/11/21 12:5 p.m.•30 views

Email Security Flaw Found in the Wild

Googles Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this...

5.8CVSS7.3AI score0.59041EPSS
Exploits0
Schneier on Security
Schneier on Security
•added 2022/12/09 8:2 p.m.•30 views

Hacking Trespass Law

This article talks about public land in the US that is completely surrounded by private land, which in some cases makes it inaccessible to the public. But theres a hack: Some hunters have long believed, however, that the publicly owned parcels on Elk Mountain can be legally reached using a practi...

1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/10/04 2:40 p.m.•30 views

Cheating on Tests

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test. Whats interesting is how this cheating was discovered. Its not that someone noticed the communication devices. Its that the proctors noticed that cheating test taker...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/09/17 9:14 p.m.•30 views

Friday Squid Blogging: Ram’s Horn Squid Shells

You can find rams horn squid shells on beaches in Texas and presumably elsewhere. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/07/16 9:12 p.m.•30 views

Friday Squid Blogging: Giant Squid Model

Pretty wooden model. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/05/05 3:35 p.m.•30 views

New Spectre-Like Attacks

Theres new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details: The new line of attacks exploits the micro-op...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/04/14 2:56 p.m.•30 views

The FBI Is Now Securing Networks Without Their Owners’ Permission

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/04/01 2:39 p.m.•30 views

Fugitive Identified on YouTube By His Distinctive Tattoos

A mafia fugitive hiding out in the Dominican Republic was arrested when investigators found his YouTube cooking channel and identified him by his distinctive arm tattoos...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/03/03 12:0 p.m.•30 views

Encoded Message in the Perseverance Mars Lander’s Parachute

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander s parachute. More information...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/02/26 10:8 p.m.•30 views

Friday Squid Blogging: Far Side Cartoon

The Far Side on squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/02/10 1:39 p.m.•30 views

Ransomware Profitability

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the companys data, among last years top earners, there were groups like Ryuk, Maze now-defunct, Doppelpaymer, Netwalker disrupted by...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/01/29 6:3 p.m.•30 views

Including Hackers in NATO Wargames

This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2021/01/22 10:19 p.m.•30 views

Friday Squid Blogging: Vegan Chili Squid

The restaurant chain Wagamama is selling a vegan version of its Chilli Squid side dish made from king oyster mushrooms. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/08/20 11:22 a.m.•30 views

Copying a Key by Listening to It in Action

Researchers are using recordings of keys being used in locks to create copies. Once they have a key-insertion audio file, SpiKey's inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock's pins and you can hear those filtered clicks...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/08/06 5:15 p.m.•30 views

The NSA on the Risks of Exposing Location Data

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action bas...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/06/22 12:35 p.m.•30 views

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police c...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/06/01 11:8 a.m.•30 views

Password Changing After a Breach

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other...

1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/04/30 3:24 p.m.•30 views

Securing Internet Videoconferencing Apps: Zoom and Others

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/04/24 11:2 a.m.•30 views

Global Surveillance in the Wake of COVID-19

OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/04/14 12:48 p.m.•30 views

Ransomware Now Leaking Stolen Documents

Originally, ransomware didn't involve any data theft. Malware would encrypt the data on your computer, and demand a ransom for the encryption key. Now ransomware is increasingly involving both encryption and exfiltration. Brian Krebs wrote about this in December. It's a further incentive for the...

2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/02/24 12:27 p.m.•30 views

Russia Is Trying to Tap Transatlantic Cables

The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financi...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2020/02/10 12:6 p.m.•30 views

Apple's Tracking-Prevention Feature in Safari has a Privacy Bug

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the we...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2019/11/21 12:26 p.m.•30 views

GPS Manipulation

Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand. The Shanghai "crop circles," which somehow spoof each vessel to a different false location, are something new. "I'm still puzzled by this," says Humphreys. "I...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2019/09/18 12:42 p.m.•30 views

Cracking Forgotten Passwords

Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2019/08/13 11:17 a.m.•30 views

Exploiting GDPR to Get Private Information

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation GDPR, which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2019/04/25 11:31 a.m.•30 views

Fooling Automated Surveillance Cameras with Patchwork Color Printout

Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2019/04/22 1:45 p.m.•30 views

Excellent Analysis of the Boeing 737 Max Software Problems

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/12/05 12:30 p.m.•30 views

Security Risks of Chatbots

Good essay on the security risks -- to democratic discourse -- of chatbots...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/11/07 12:39 p.m.•30 views

Consumer Reports Reviews Wireless Home-Security Cameras

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead, the camera has i...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/10/29 11:18 a.m.•30 views

Security Vulnerability in Internet-Connected Construction Cranes

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. "These devices...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/07/10 11:18 a.m.•30 views

Recovering Keyboard Inputs through Thermal Imaging

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we huma...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/06/25 10:0 a.m.•30 views

Secure Speculative Execution

We're starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems. Here's one. I don't know if this particular design secure. My guess is that we're going to see several iterations of design and attack before we settle on something...

2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/06/20 11:51 a.m.•30 views

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, bu...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/06/01 9:24 p.m.•30 views

Friday Squid Blogging: Do Cephalopods Contain Alien DNA?

Maybe not DNA, but biological somethings. "Cause of Cambrian explosion -- Terrestrial or Cosmic?": Abstract: We review the salient evidence consistent with or predicted by the Hoyle-Wickramasinghe H-W thesis of Cometary Cosmic Biology. Much of this physical and biological evidence is...

1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/17 11:23 a.m.•30 views

White House Eliminates Cybersecurity Position

The White House has eliminated the cybersecurity coordinator position. This seems like a spectacularly bad idea...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/24 11:4 a.m.•30 views

Computer Alarm that Triggers When Lid Is Opened

"Do Not Disturb" is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering. Wired article: Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/12 11:36 a.m.•30 views

Cybersecurity Insurance

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Companies like retailers, banks, and healthcare providers began seeking out cyberinsurance in the early 2000s, when states first passed data breach notification laws. But...

1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/03/21 11:27 a.m.•30 views

Hijacking Computers for Cryptocurrency Mining

Interesting paper "A first look at browser-based cryptojacking": Abstract: In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download ...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/08/03 11:29 a.m.•30 views

Splitting the NSA and US Cyber Command

Rumor is that the Trump administration will separate the NSA and US Cyber Command. I have long thought this was a good idea. Here's a good discussion of what it does and doesn't mean...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/07/28 7:20 p.m.•30 views

Me on Restaurant Surveillance Technology

I attended the National Restaurant Association exposition in Chicago earlier this year, and looked at all the ways modern restaurant IT is spying on people. But there's also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Interne...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/07/11 1:22 p.m.•30 views

Hacking Spotify

Some of the ways artists are hacking the music-streaming service Spotify...

7.1AI score
Exploits0
Total number of security vulnerabilities2980