Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2018/04/02 11:23 a.m.29 views

Musical Ciphers

Interesting history...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/28 11:30 a.m.29 views

Tracing Stolen Bitcoin

Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post: Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then und...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/07 12:23 p.m.29 views

New DDoS Reflection-Attack Variant

This is worrisome: DDoS vandals have long intensified their attacks by sending a small number of specially designed data packets to publicly available services. The services then unwittingly respond by sending a much larger number of unwanted packets to a target. The best known vectors for these...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 11:42 a.m.29 views

Gaming Google News

Turns out that it's surprisingly easy to game: It appears that news sites deemed legitimate by Google News are being modified by third parties. These sites are then exploited to redirect to the spam content. It appears that the compromised sites are examining the referrer and redirecting visitors...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/26 7:13 p.m.29 views

Forbes Names Beyond Fear as One of the "13 Books Technology Executives Should Have On Their Shelves"

It's a weird list...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/19 11:9 a.m.28 views

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/27 9:13 p.m.28 views

Friday Squid Blogging: On the Ugliness of Squid Fishing

And seafood in general: A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanics garage where an oil change has gone terribly wrong. Scores of fishing lines extend into the water, each bearing specialized hooks operated by automated reels. When they pull a squid o...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/08 11:13 a.m.28 views

You Can’t Rush Post-Quantum-Computing Cryptography Standards

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understandi...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/29 2:37 p.m.28 views

Redacting Documents with a Black Sharpie Doesn’t Work

We have learned this lesson again: As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks li...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/09 12:15 p.m.28 views

Mary Queen of Scots Letters Decrypted

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo--all keen cryptographers--initially thought the batch of encoded documents related to Italy, because that was how they were filed at the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/07 12:23 p.m.28 views

Malware Delivered through Google Search

Criminals using Google search ads to deliver malware isnt new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past,...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/09 12:11 p.m.28 views

Security Vulnerabilities in Eufy Cameras

Eufy cameras claim to be local only, but upload data to the cloud. The company is basically lying to reporters, despite being shown evidence to the contrary. The companys behavior is so egregious that ReviewGeek is no longer recommending them. This will be interesting to watch. If Eufy can ignore...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/22 3:28 p.m.28 views

A New Cybersecurity “Social Contract”

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age -- one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/08 9:25 p.m.28 views

Friday Squid Blogging: Strawberry Squid

Pretty pictures of a strawberry squid Histioteuthis heteropsis. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/24 7:5 p.m.28 views

I Am Not Satoshi Nakamoto

This isnt the first time Ive received an e-mail like this: Hey! Ive done my research and looked at a lot of facts and old forgotten archives. I know that you are Satoshi, I do not want to tell anyone about this. I just wanted to say that you created weapons of mass destruction where niches remain...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/10 11:10 a.m.28 views

ProtonMail Now Keeps IP Logs

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that "we do not keep any IP logs." EDITED TO ADD 9/14: This seems to be more complicated. ProtonMail is not yet saying that they keep logs. Their privacy policy still states that they do n...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/01 11:14 a.m.28 views

Zero-Click iPhone Exploits

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they dont require to victim to do anything, like click on a link or open a file. The victim receiv...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/14 11:30 a.m.28 views

Ransomware Is Getting Ugly

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The DC police are the victims of this ransomware, and the criminals have just posted personnel records -- "including the results of psychological assessments and polygraph tests;...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/29 3:20 p.m.28 views

New iMessage Security Features

Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a "significant refactoring of iMessage processing" that severely cripples the usual...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/23 12:44 p.m.28 views

Investigating the Navalny Poisoning

Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian FSB back in August. The details display some impressive traffic analysis. Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Lots of interesting opsec details in...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/03 5:21 p.m.28 views

Open Source Does Not Equal Secure

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. S...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/13 12:25 p.m.28 views

New Zealand Election Fraud

It seems that this election season has not gone without fraud. In New Zealand, a vote for "Bird of the Year" has been marred by fraudulent votes: More than 1,500 fraudulent votes were cast in the early hours of Monday in the countrys annual bird election, briefly pushing the Little-Spotted Kiwi t...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/05 4:47 p.m.28 views

On Risk-Based Authentication

Interesting usability study: "More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication": Abstract: Risk-based Authentication RBA is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/29 11:16 a.m.28 views

Hacking a Coffee Maker

As expected, IoT devices are filled with vulnerabilities: As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite ...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/25 11:21 a.m.28 views

CEO of NS8 Charged with Securities Fraud

The founder and CEO of the Internet security company NS8 has been arrested and "charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud." I admit that Ive never even heard of the company before...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/10 11:26 a.m.28 views

The Third Edition of Ross Anderson’s Security Engineering

Ross Andersons fantastic textbook, Security Engineering, will have a third edition. The book wont be published until December, but Ross has been making drafts of the chapters available online as he finishes them. Now that the book is completed, I expect the publisher to make him take the drafts o...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/08 11:41 a.m.28 views

Half a Million IoT Passwords Leaked

It is amazing that this sort of thing can still happen: ...the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using 1 factory-set default usernames and passwords, or 2 custom, but easy-to-guess password combinations. Telne...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/28 3:38 p.m.28 views

Fooling NLP Systems Through Word Swapping

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/21 11:22 a.m.28 views

Another Story of Bad 1970s Encryption

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/20 8:23 p.m.28 views

Internet of Things Candle

There's a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong?...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/02 10:17 a.m.28 views

Why Isn't GDPR Being Enforced?

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of caterin...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/28 12:43 p.m.28 views

Massive Ad Fraud Scheme Relied on BGP Hijacking

This is a really interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol: Members of 3ve pronounced "eve" used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect. The scheme employed a...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/06 1:33 p.m.28 views

Your Personal Data is Already Stolen

In an excellent blog post, Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality 1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheles...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/31 11:53 a.m.28 views

ID Systems Throughout the 50 States

Jim Harper at CATO has a good survey of state ID systems in the US...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/03 12:11 p.m.28 views

Terahertz Millimeter-Wave Scanners

Interesting article on terahertz millimeter-wave scanners and their uses to detect terrorist bombers. The heart of the device is a block of electronics about the size of a 1990s tower personal computer. It comes housed in a musician's black case, akin to the one Spinal Tap might use on tour. At t...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/08 2:7 p.m.28 views

The US Is Unprepared for Election-Related Hacking in 2018

This survey and report is not surprising: The survey of nearly forty Republican and Democratic campaign operatives, administered through November and December 2017, revealed that American political campaign staff -- primarily working at the state and congressional levels -- are not only unprepare...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/16 10:8 p.m.28 views

Friday Squid Blogging: Squid Pin

There's a squid pin on Kickstarter. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/17 12:23 p.m.28 views

Article from a Former Chinese PLA General on Cyber Sovereignty

Interesting article by Major General Hao Yeli, Chinese People's Liberation Army ret., a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/12 11:43 a.m.28 views

Impersonating iOS Password Prompts

This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/15 11:28 a.m.28 views

Another iPhone Change to Frustrate the Police

I recently wrote about the new ability to disable the Touch ID login on iPhones. This is important because of a weirdness in current US law that protects people's passcodes from forced disclosure in ways it does not protect actions: being forced to place a thumb on a fingerprint reader. There's...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/02 9:5 p.m.28 views

Friday Squid Blogging: Squid as Prey

There's lots of video of squid as undersea predators. This is one of the few instances of squid as prey from a deep submersible in the Pacific: "We saw brittle stars capturing a squid from the water column while it was swimming. I didn't know that was possible. And then there was a tussle among t...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/16 11:40 a.m.28 views

NSA Brute-Force Keysearch Machine

The Intercept published a story about a dedicated NSA brute-force keysearch machine being built with the help of New York University and IBM. It's based on a document that was accidentally shared on the Internet by NYU. The article is frustratingly short on details: The WindsorGreen documents are...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/17 4:31 p.m.27 views

Ransomware Gang Files SEC Complaint

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/20 11:10 a.m.27 views

AI and US Election Rules

If an AI breaks the rules for you, does that count as breaking the rules? This is the essential question being taken up by the Federal Election Commission this month, and public input is needed to curtail the potential for AI to take US campaigns even more off the rails. At issue is whether...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/10 12:18 p.m.27 views

ChatGPT-Written Malware

I dont know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums--­some with little or no coding experience­--were using it to write software and emails that could be used fo...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/31 2:33 p.m.27 views

High-School Graduation Prank Hack

This is a fun story, detailing the hack a group of high school students perpetrated against an Illinois school district, hacking 500 screens across a bunch of schools. During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers;...

10CVSS9.5AI score0.01611EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2022/08/18 11:45 a.m.27 views

USB “Rubber Ducky” Attack Tool

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a users login credentials or causing Chrome to send all saved passwords to an attackers webserver. But these attacks had to ...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/01 11:12 a.m.27 views

Bypassing Two-Factor Authentication

These techniques are not new, but theyre increasingly popular: …some forms of MFA are stronger than others, and recent events show that these weaker forms arent much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/23 1:15 p.m.27 views

ROT8000

ROT8000 is the Unicode equivalent of ROT13. Whats clever about it is that normal English looks like Chinese, and not like ciphertext to a typical Westerner, that is...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/15 3:45 p.m.27 views

Andrew Appel on New Hampshire’s Election Audit

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of...

0.8AI score
Exploits0
Total number of security vulnerabilities2981