Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2017/07/11 1:22 p.m.30 views

Hacking Spotify

Some of the ways artists are hacking the music-streaming service Spotify...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/03 3:25 p.m.30 views

Security of St. Jude Pacemakers

This is a good summary article about the horrible security of St. Jude pacemakers, and the history of the company not doing anything about it...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/27 11:3 a.m.29 views

Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model ...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 4:1 p.m.29 views

How AI Could Write Our Laws

Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there ...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/24 10:17 p.m.29 views

Friday Squid Blogging: Squid-Headed Statue Appears in Dallas

Someone left it in a cemetery. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/20 9:18 p.m.29 views

Friday Squid Blogging: On Squid Brains

Interesting National Geographic article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/24 11:20 a.m.29 views

AIs and Fake Comments

This month, the New York state attorney general issued a report on a scheme by "U.S. Companies and Partisans to Hack Democracy." This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/30 12:38 p.m.29 views

Serious MacOS Vulnerability Patched

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance thats barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/20 11:19 a.m.29 views

Biden Administration Imposes Sanctions on Russia for SolarWinds

On April 15, the Biden administration both formally attributed the SolarWinds espionage campaign to the Russian Foreign Intelligence Service SVR, and imposed a series of sanctions designed to punish the country for the attack and deter future attacks. I will leave it to those with experience in...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/27 2:59 p.m.29 views

Dutch Insider Attack on COVID-19 Data

Insider data theft: Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministrys COVID-19 systems on the criminal underground. … According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/24 12:44 p.m.29 views

How China Uses Stolen US Personnel Data

Interesting analysis of Chinas efforts to identify US spies: By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. "We looked...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/18 11:8 p.m.29 views

Friday Squid Blogging: Christmas Squid Memories

Stuffed squid for Christmas Eve. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/15 12:44 p.m.29 views

Another Massive Russian Hack of US Government Networks

The press is reporting a massive hack of US government networks by sophisticated Russian hackers. Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/11 12:57 p.m.29 views

A Cybersecurity Policy Agenda

The Aspen Institutes Aspen Cybersecurity Group -- Im a member -- has released its cybersecurity policy agenda for the next four years. The next administration and Congress cannot simultaneously address the wide array of cybersecurity risks confronting modern society. Policymakers in the White...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/23 12:44 p.m.29 views

More on the Security of the 2020 US Election

Last week I signed on to two joint letters about the security of the 2020 election. The first was as one of 59 election security experts, basically saying that while the election seems to have been both secure and accurate voter suppression notwithstanding, we still need to work to secure our...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/18 7:8 p.m.29 views

Nihilistic Password Security Questions

Posted three years ago, but definitely appropriate for the times...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/14 5:15 p.m.29 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving a keynote address at the Cybersecurity and Data Privacy Law virtual conference on September 9, 2020. The list is maintained on this page...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/24 9:7 p.m.29 views

Friday Squid Blogging: Introducing the Seattle Kraken

The Kraken is the name of Seattle's new NFL franchise. I have always really liked collective nouns as sports team names like the Utah Jazz or the Minnesota Wild, mostly because it's hard to describe individual players. As usual, you can also use this squid post to talk about the security stories ...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/10 11:12 a.m.29 views

Business Email Compromise (BEC) Criminal Ring

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/17 11:21 a.m.29 views

Bank Card "Master Key" Stolen

South Africa's Postbank experienced a catastrophic security failure. The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/26 11:54 a.m.29 views

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability called BIAS that allows someone to impersonate a trusted device: Abstract: Bluetooth BR/EDR is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/11 3:58 p.m.29 views

Another California Data Privacy Law

The California Consumer Privacy Act is a lesson in missed opportunities. It was passed in haste, to stop a ballot initiative that would have been even more restrictive: In September 2017, Alastair Mactaggart and Mary Ross proposed a statewide ballot initiative entitled the "California Consumer...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/26 11:27 a.m.29 views

On Cyber Warranties

Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk as envisioned by Ackerlof's "market for lemons" or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome t...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/11 3:52 p.m.29 views

LA Covers Up Bad Cybersecurity

This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor...

4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/25 3:15 p.m.29 views

Firefox Enables DNS over HTTPS

This is good news: Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/06 12:14 p.m.29 views

A New Clue for the Kryptos Sculpture

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/23 12:10 p.m.29 views

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/16 4:1 p.m.29 views

Securing Tiffany's Move

Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/30 4:20 p.m.29 views

Hacking School Surveillance Systems

Lance Vick suggesting that students hack their schools' surveillance systems. "This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said. Of course, there are a lot more laws in place against this sort of thing than there...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/16 11:39 a.m.29 views

Another Side Channel in Intel Chips

Not that serious, but interesting: In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard and significantly longer path through t...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/11 11:25 a.m.29 views

Using Hacked IoT Devices to Disrupt the Power Grid

This is really interesting research: "BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid": Abstract: We demonstrate that an Internet of Things IoT botnet of high wattage devices -- such as air conditioners and heaters -- gives a unique ability to adversaries to launch...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/15 11:4 a.m.29 views

Hacking Police Bodycams

Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/06 10:57 a.m.29 views

Hacking the McDonald's Monopoly Sweepstakes

Long and interesting story -- now two decades old -- of massive fraud perpetrated against the McDonald's Monopoly sweepstakes. The central fraudster was the person in charge of securing the winning tickets...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/13 11:18 a.m.29 views

Gas Pump Hack

This is weird: Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart th...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/22 10:52 a.m.29 views

Domain Name Stealing at Gunpoint

I missed this story when it came around last year: someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/06 11:21 a.m.29 views

The Habituation of Security Warnings

We all know that it happens: when we see a security warning too often -- and without effect -- we start tuning it out. A new paper uses fMRI, eye tracking, and field studies to prove it. EDITED TO ADD 6/6: This blog post summarizes the findings...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/23 11:11 a.m.29 views

Supermarket Shoplifting

The rise of self-checkout has caused a corresponding rise in shoplifting...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/13 11:43 a.m.29 views

COPPA Compliance

Interesting research: "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/23 6:31 p.m.29 views

Mozilla's Guide to Privacy-Aware Christmas Shopping

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/15 12:54 p.m.29 views

Apple FaceID Hacked

It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlockin...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 11:42 a.m.29 views

Gaming Google News

Turns out that it's surprisingly easy to game: It appears that news sites deemed legitimate by Google News are being modified by third parties. These sites are then exploited to redirect to the spam content. It appears that the compromised sites are examining the referrer and redirecting visitors...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/26 7:13 p.m.29 views

Forbes Names Beyond Fear as One of the "13 Books Technology Executives Should Have On Their Shelves"

It's a weird list...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/18 10:48 p.m.29 views

Human Rights Watch Needs an Information Security Director

I'm sure it pays less than the industry average, and the stakes are much higher than the average. But if you want to be a Director of Information Security that makes a difference, Human Rights Watch is hiring...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/19 11:9 a.m.28 views

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/16 12:10 p.m.28 views

Leaving Authentication Credentials in Public Code

Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/27 9:13 p.m.28 views

Friday Squid Blogging: On the Ugliness of Squid Fishing

And seafood in general: A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanics garage where an oil change has gone terribly wrong. Scores of fishing lines extend into the water, each bearing specialized hooks operated by automated reels. When they pull a squid o...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/08 11:5 a.m.28 views

LLMs and Tool Use

Last March, just two weeks after GPT-4 was released, researchers at Microsoft quietly announced a plan to compile millions of APIs--tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room--into a compendium that would be made...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/08 11:13 a.m.28 views

You Can’t Rush Post-Quantum-Computing Cryptography Standards

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understandi...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/29 2:37 p.m.28 views

Redacting Documents with a Black Sharpie Doesn’t Work

We have learned this lesson again: As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks li...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/09 12:15 p.m.28 views

Mary Queen of Scots Letters Decrypted

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo--all keen cryptographers--initially thought the batch of encoded documents related to Italy, because that was how they were filed at the...

1.2AI score
Exploits0
Total number of security vulnerabilities2980