Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2020/12/17 8:18 p.m.27 views

More on the SolarWinds Breach

The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update -­ a Trojan horse of sorts ­- that gave its hackers a foothold into victims systems, according to SolarWinds, the company whose software was compromised. Among those who use...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/15 8:13 p.m.27 views

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication

This is interesting: Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchan...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/09 12:36 p.m.27 views

FireEye Hacked

FireEye was hacked by -- they believe -- "a nation with top-tier offensive capabilities": During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/16 3:55 p.m.27 views

On Blockchain Voting

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze: Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesnt solve any problems civil elections actually have. Its basically incompatible with "software independence",...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/19 11:28 a.m.27 views

Split-Second Phantom Images Fool Autopilots

Researchers are tricking autopilots by inserting split-second images into roadside billboards. Researchers at Israels Ben Gurion University of the Negev … previously revealed that they could use split-second light projections on roads to successfully trick Teslas driver-assistance systems into...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/14 5:15 p.m.27 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Ill be speaking at Cyber Week Online, October 19-21, 2020. Ill be speaking at the IEEE Symposium on Technology and Society virtual conference, November 12-15, 2020. Ill be keynoting the 2020 Conference on Cyber Norms on November 12...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/30 11:19 a.m.27 views

Negotiating with Ransomware Gangs

Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws like anti-terrorist laws, FCPA, conspiracy and...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/24 11:23 a.m.27 views

DiceKeys

DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig, and then use an app to convert those dice into a key. You can then use that key for a variety of purposes, and regenerate it from the...

Exploits0
Schneier on Security
Schneier on Security
added 2020/08/04 11:2 a.m.27 views

Cybercrime in the Age of COVID-19

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic. EDITED TO ADD 8/12: Interpol report...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/13 11:21 a.m.27 views

A Peek into the Fake Review Marketplace

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/07 11:38 a.m.27 views

IoT Security Principles

The BSA -- also known as the Software Alliance, formerly the Business Software Alliance which explains the acronym -- is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things." They call for: Distinguishing between consumer and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/06 11:43 a.m.27 views

ThiefQuest Ransomware for the Mac

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/17 6:55 p.m.27 views

Zoom Will Be End-to-End Encrypted for All Users

Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. This is a change; I wrote about the initial decision here. ...we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/05 11:13 a.m.27 views

New Research: "Privacy Threats in Intimate Relationships"

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/28 11:50 a.m.27 views

Thermal Imaging as Security Theater

Seems like thermal imaging is the security theater technology of today. These features are so tempting that thermal cameras are being installed at an increasing pace. They're used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/29 5:29 p.m.27 views

How Did Facebook Beat a Federal Wiretap Demand?

This is interesting: Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Lawyers for the ACLU and t...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/17 3:35 p.m.27 views

The DoD Isn't Fixing Its Security Problems

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/27 12:3 p.m.27 views

Securing the Internet of Things through Class-Action Lawsuits

This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that 1 market realities will produce insecure IoT devices, and 2 political failures will leave that industry unregulated. Result: insecure IoT. It proposes...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/07 3:42 p.m.27 views

New Ransomware Targets Industrial Control Systems

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encry...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/02 10:17 a.m.27 views

Why Isn't GDPR Being Enforced?

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of caterin...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/13 12:37 p.m.27 views

Marriott Hack Reported as Chinese State-Sponsored

The New York Times and Reuters are reporting that China was behind the recent hack of Marriott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/23 12:11 p.m.27 views

Using Machine Learning to Create Fake Fingerprints

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctiv...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/24 11:52 a.m.27 views

New Variants of Cold-Boot Attack

If someone has physical access to your locked -- but still running -- computer, they can probably break the hard drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/21 10:58 a.m.27 views

"Two Stage" BMW Theft Attempt

Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disable...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/27 11:44 a.m.27 views

IEEE Statement on Strong Encryption vs. Backdoors

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms suc...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/12 11:23 a.m.27 views

New iPhone OS May Include Device-Unlocking Security

iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not bee...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/09 11:30 a.m.27 views

Obscure E-Mail Vulnerability

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so [email protected] is the same as [email protected] is the same as [email protected]. Note: I do not own any of those email addresse...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/29 11:23 a.m.27 views

Another Branch Prediction Attack

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/15 11:16 a.m.27 views

Artificial Intelligence and the Attack/Defense Balance

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies migh...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/16 10:8 p.m.27 views

Friday Squid Blogging: Squid Pin

There's a squid pin on Kickstarter. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/26 11:59 a.m.27 views

The FAA Is Arguing for Security by Obscurity

In a proposed rule by the FAA, it argues that software in an Embraer S.A. Model ERJ 190-300 airplane is secure because it's proprietary: In addition, the operating systems for current airplane systems are usually and historically proprietary. Therefore, they are not as susceptible to corruption...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/25 7:30 p.m.27 views

Security and Human Behavior (SHB 2017)

I'm in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myself. The 50 or so people in the room include...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 9:12 p.m.27 views

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

It's rare: Fishermen caught a 19-foot-long giant squid off the coast of Ireland on Monday, only the fifth to be seen there since 1673. Also the first in 22 years. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/10 11:50 a.m.27 views

Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems

I've previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn't authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whateve...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/14 4:7 p.m.26 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, an...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 11:10 a.m.26 views

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/29 9:2 p.m.26 views

Friday Squid Blogging: The Geopolitics of Eating Squid

New York Times op-ed on the Chinese dominance of the squid industry: Chinas domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/26 11:0 a.m.26 views

New NSA Information from (and About) Snowden

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/29 9:7 p.m.26 views

Friday Squid Blogging: Protecting Cephalopods in Medical Research

From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health NIH asked for feedback on proposed guidelines that, for the first time in the United States...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/18 11:4 a.m.26 views

Bots Are Better than Humans at Solving CAPTCHAs

Interesting research: "An Empirical Study & Evaluation of Modern CAPTCHAs": Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/04 11:7 a.m.26 views

Political Milestones for AI

ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance. But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/17 12:2 p.m.26 views

The FBI Identified a Tor User

No details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts "unofficial propaganda and photographs related to ISIS" multiple times on May 14, 2019. In virtue of being a dark web site--­that is, one hosted on the Tor anonymity network--­it...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/10 12:18 p.m.26 views

ChatGPT-Written Malware

I dont know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums--­some with little or no coding experience­--were using it to write software and emails that could be used fo...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/13 12:17 p.m.26 views

Obligatory ChatGPT Post

Seems like absolutely everyone everywhere is playing with Chat GPT. So I did, too…. Write an essay in the style of Bruce Schneier on how ChatGPT will affect cybersecurity. As with any new technology, the development and deployment of ChatGPT is likely to have a significant impact on the field of...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/31 2:33 p.m.26 views

High-School Graduation Prank Hack

This is a fun story, detailing the hack a group of high school students perpetrated against an Illinois school district, hacking 500 screens across a bunch of schools. During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers;...

10CVSS9.5AI score0.01611EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2021/10/04 10:55 p.m.26 views

Facebook Is Down

Facebook -- along with Instagram and WhatsApp -- went down globally today. Basically, someone deleted their BGP records, which made their DNS fall apart. …at approximately 11:39 a.m. ET today 15:39 UTC, someone at Facebook caused an update to be made to the companys Border Gateway Protocol BGP...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 3:19 p.m.26 views

History of the HX-63 Rotor Machine

Jon D. Paul has written the fascinating story of the HX-63, a super-complicated electromechanical rotor cipher machine made by Crypto AG...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/20 1:54 p.m.26 views

More on Apple’s iPhone Backdoor

In this post, Ill collect links on Apples iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. Im not convinced that this secondary system was originally part of the design, since...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/10 11:37 a.m.26 views

Apple Adds a Backdoor to iMessage and iCloud Storage

Apples announcement that its going to start scanning photos for child abuse material is a big deal. Here are five news stories. I have been following the details, and discussing it in several different email lists. I dont have time right now to delve into the details, but wanted to post something...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/07 1:36 p.m.26 views

Teaching Cybersecurity to Children

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children -- an age at which Australian kids first attend school -- not to share information such as date of birth or full names with...

1.3AI score
Exploits0
Total number of security vulnerabilities2981