Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2021/05/14 5:8 p.m.27 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting the all-virtual RSA Conference 2021, May 17-20, 2021. I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning via Zoom, July 8-9, 2021. I’ll be speaking at an Informa event on...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/10 11:21 a.m.27 views

Newly Declassified NSA Document on Cryptography in the 1970s

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: "NSA Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era," Cryptographic Quarterly, Spring 1996, author still classified...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/07 1:36 p.m.27 views

Teaching Cybersecurity to Children

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children -- an age at which Australian kids first attend school -- not to share information such as date of birth or full names with...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/06 11:5 a.m.27 views

Phone Cloning Scam

A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. Whats clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/12 10:3 p.m.27 views

Friday Squid Blogging: Flying Squid

How squid fly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/17 8:18 p.m.27 views

More on the SolarWinds Breach

The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update -­ a Trojan horse of sorts ­- that gave its hackers a foothold into victims systems, according to SolarWinds, the company whose software was compromised. Among those who use...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/15 8:13 p.m.27 views

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication

This is interesting: Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchan...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/09 12:36 p.m.27 views

FireEye Hacked

FireEye was hacked by -- they believe -- "a nation with top-tier offensive capabilities": During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/16 3:55 p.m.27 views

On Blockchain Voting

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze: Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesnt solve any problems civil elections actually have. Its basically incompatible with "software independence",...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/19 11:28 a.m.27 views

Split-Second Phantom Images Fool Autopilots

Researchers are tricking autopilots by inserting split-second images into roadside billboards. Researchers at Israels Ben Gurion University of the Negev … previously revealed that they could use split-second light projections on roads to successfully trick Teslas driver-assistance systems into...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/14 5:15 p.m.27 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Ill be speaking at Cyber Week Online, October 19-21, 2020. Ill be speaking at the IEEE Symposium on Technology and Society virtual conference, November 12-15, 2020. Ill be keynoting the 2020 Conference on Cyber Norms on November 12...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/30 11:19 a.m.27 views

Negotiating with Ransomware Gangs

Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws like anti-terrorist laws, FCPA, conspiracy and...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/24 11:23 a.m.27 views

DiceKeys

DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig, and then use an app to convert those dice into a key. You can then use that key for a variety of purposes, and regenerate it from the...

Exploits0
Schneier on Security
Schneier on Security
added 2020/08/17 11:22 a.m.27 views

Robocall Results from a Telephony Honeypot

A group of researchers set up a telephony honeypot and tracked robocall behavior: NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls -- even if they never made their phone numbers publ...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/04 11:2 a.m.27 views

Cybercrime in the Age of COVID-19

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic. EDITED TO ADD 8/12: Interpol report...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/13 11:21 a.m.27 views

A Peek into the Fake Review Marketplace

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/07 11:38 a.m.27 views

IoT Security Principles

The BSA -- also known as the Software Alliance, formerly the Business Software Alliance which explains the acronym -- is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things." They call for: Distinguishing between consumer and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/06 11:43 a.m.27 views

ThiefQuest Ransomware for the Mac

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/17 6:55 p.m.27 views

Zoom Will Be End-to-End Encrypted for All Users

Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. This is a change; I wrote about the initial decision here. ...we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/05 11:13 a.m.27 views

New Research: "Privacy Threats in Intimate Relationships"

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/28 11:50 a.m.27 views

Thermal Imaging as Security Theater

Seems like thermal imaging is the security theater technology of today. These features are so tempting that thermal cameras are being installed at an increasing pace. They're used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/29 5:29 p.m.27 views

How Did Facebook Beat a Federal Wiretap Demand?

This is interesting: Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Lawyers for the ACLU and t...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/17 3:35 p.m.27 views

The DoD Isn't Fixing Its Security Problems

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/27 12:3 p.m.27 views

Securing the Internet of Things through Class-Action Lawsuits

This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that 1 market realities will produce insecure IoT devices, and 2 political failures will leave that industry unregulated. Result: insecure IoT. It proposes...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/07 3:42 p.m.27 views

New Ransomware Targets Industrial Control Systems

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encry...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/13 12:37 p.m.27 views

Marriott Hack Reported as Chinese State-Sponsored

The New York Times and Reuters are reporting that China was behind the recent hack of Marriott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/23 12:11 p.m.27 views

Using Machine Learning to Create Fake Fingerprints

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctiv...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/11 11:29 a.m.27 views

Another Bloomberg Story about Supply-Chain Hardware Attacks from China

Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. I linked to other...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/24 11:52 a.m.27 views

New Variants of Cold-Boot Attack

If someone has physical access to your locked -- but still running -- computer, they can probably break the hard drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/21 10:58 a.m.27 views

"Two Stage" BMW Theft Attempt

Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disable...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/12 11:11 a.m.27 views

WPA3

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data fr...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/27 11:44 a.m.27 views

IEEE Statement on Strong Encryption vs. Backdoors

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms suc...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/21 12:9 p.m.27 views

Algeria Shut Down the Internet to Prevent Students from Cheating on Exams

Algeria shut the Internet down nationwide to prevent high-school students from cheating on their exams. The solution in New South Wales, Australia was to ban smartphones. EDITED TO ADD 6/22: Slashdot thread...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/12 11:23 a.m.27 views

New iPhone OS May Include Device-Unlocking Security

iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not bee...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/09 11:30 a.m.27 views

Obscure E-Mail Vulnerability

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so [email protected] is the same as [email protected] is the same as [email protected]. Note: I do not own any of those email addresse...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/29 11:23 a.m.27 views

Another Branch Prediction Attack

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/15 11:16 a.m.27 views

Artificial Intelligence and the Attack/Defense Balance

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies migh...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/26 11:59 a.m.27 views

The FAA Is Arguing for Security by Obscurity

In a proposed rule by the FAA, it argues that software in an Embraer S.A. Model ERJ 190-300 airplane is secure because it's proprietary: In addition, the operating systems for current airplane systems are usually and historically proprietary. Therefore, they are not as susceptible to corruption...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/25 7:30 p.m.27 views

Security and Human Behavior (SHB 2017)

I'm in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myself. The 50 or so people in the room include...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 9:12 p.m.27 views

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

It's rare: Fishermen caught a 19-foot-long giant squid off the coast of Ireland on Monday, only the fifth to be seen there since 1673. Also the first in 22 years. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/10 11:50 a.m.27 views

Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems

I've previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn't authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whateve...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/01 11:32 a.m.27 views

Who is Publishing NSA and CIA Secrets, and Why?

There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is. Consider these three data points. One: someone, probably a country's intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/14 4:7 p.m.26 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, an...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 11:10 a.m.26 views

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/29 9:2 p.m.26 views

Friday Squid Blogging: The Geopolitics of Eating Squid

New York Times op-ed on the Chinese dominance of the squid industry: Chinas domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/26 11:0 a.m.26 views

New NSA Information from (and About) Snowden

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/29 9:7 p.m.26 views

Friday Squid Blogging: Protecting Cephalopods in Medical Research

From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health NIH asked for feedback on proposed guidelines that, for the first time in the United States...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/18 11:4 a.m.26 views

Bots Are Better than Humans at Solving CAPTCHAs

Interesting research: "An Empirical Study & Evaluation of Modern CAPTCHAs": Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/04 11:7 a.m.26 views

Political Milestones for AI

ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance. But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/17 12:2 p.m.26 views

The FBI Identified a Tor User

No details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts "unofficial propaganda and photographs related to ISIS" multiple times on May 14, 2019. In virtue of being a dark web site--­that is, one hosted on the Tor anonymity network--­it...

1.2AI score
Exploits0
Total number of security vulnerabilities2981