Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2024/05/03 11:10 a.m.26 views

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/29 9:2 p.m.26 views

Friday Squid Blogging: The Geopolitics of Eating Squid

New York Times op-ed on the Chinese dominance of the squid industry: Chinas domination in seafood has raised deep concerns among American fishermen, policymakers and human rights activists. They warn that China is expanding its maritime reach in ways that are putting domestic fishermen around the...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/29 9:7 p.m.26 views

Friday Squid Blogging: Protecting Cephalopods in Medical Research

From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health NIH asked for feedback on proposed guidelines that, for the first time in the United States...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/18 11:4 a.m.26 views

Bots Are Better than Humans at Solving CAPTCHAs

Interesting research: "An Empirical Study & Evaluation of Modern CAPTCHAs": Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/04 11:7 a.m.26 views

Political Milestones for AI

ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance. But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/17 12:2 p.m.26 views

The FBI Identified a Tor User

No details, though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts "unofficial propaganda and photographs related to ISIS" multiple times on May 14, 2019. In virtue of being a dark web site--­that is, one hosted on the Tor anonymity network--­it...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/13 12:17 p.m.26 views

Obligatory ChatGPT Post

Seems like absolutely everyone everywhere is playing with Chat GPT. So I did, too…. Write an essay in the style of Bruce Schneier on how ChatGPT will affect cybersecurity. As with any new technology, the development and deployment of ChatGPT is likely to have a significant impact on the field of...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/04 10:55 p.m.26 views

Facebook Is Down

Facebook -- along with Instagram and WhatsApp -- went down globally today. Basically, someone deleted their BGP records, which made their DNS fall apart. …at approximately 11:39 a.m. ET today 15:39 UTC, someone at Facebook caused an update to be made to the companys Border Gateway Protocol BGP...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 3:19 p.m.26 views

History of the HX-63 Rotor Machine

Jon D. Paul has written the fascinating story of the HX-63, a super-complicated electromechanical rotor cipher machine made by Crypto AG...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/20 1:54 p.m.26 views

More on Apple’s iPhone Backdoor

In this post, Ill collect links on Apples iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. Im not convinced that this secondary system was originally part of the design, since...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/06 11:11 a.m.26 views

The Story of Colossus

Nice video of a talk by Chris Shore on the history of Colossus...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/24 11:10 a.m.26 views

Determining Key Shape from Sound

Its not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used. Listen to Your Key: Towards Acoustics-based Physical Key Inference Abstract: Physical locks are one of the most prevalent mechanisms for securing...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/11 4:25 p.m.26 views

The Security Failures of Online Exam Proctoring

Proctoring an online exam is hard. Its hard to be sure that the student isnt cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but theyre uniformly...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/06 12:28 p.m.26 views

Detecting Phishing Emails

Research paper: Rick Wash, "How Experts Detect Phishing Scam Emails": Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/23 9:5 p.m.26 views

Friday Squid Blogging: Squid-like Nebula

Pretty astronomical photo. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/12 10:58 a.m.26 views

Hacking Apple for Profit

Five researchers hacked Apple Computers networks -- not their products -- and found fifty-five vulnerabilities. So far, they have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/24 11:18 a.m.26 views

Iranian Government Hacking Android

The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging ...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/21 11:6 a.m.26 views

Former NSA Director Keith Alexander Joins Amazon’s Board of Directors

This sounds like a bad idea...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/18 9:14 p.m.26 views

Friday Squid Blogging: Nano-Sized SQUIDS

SQUID news: Physicists have developed a small, compact superconducting quantum interference device SQUID that can detect magnetic fields. The team l focused on the instruments core, which contains two parallel layers of graphene. As usual, you can also use this squid post to talk about the securi...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/29 3:24 p.m.26 views

iPhone Apps Stealing Clipboard Data

iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a bann...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/19 11:38 a.m.26 views

New Hacking-for-Hire Company in India

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/09 11:26 a.m.26 views

Security Analysis of the Democracy Live Online Voting System

New research: "Security Analysis of the Democracy Live Online Voting System": Abstract: Democracy Live's OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and optionally online voting. Three states -- Delaware, West Virginia, and New Jersey -- recently announced...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/05 11:3 a.m.27 views

Malware in Google Apps

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam. At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/31 12:51 p.m.26 views

Clarifying the Computer Fraud and Abuse Act

A federal court has ruled that violating a website's terms of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/01 11:14 a.m.26 views

On Security Tokens

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the user needing to verify the site, the site has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of th...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/02 10:53 a.m.26 views

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

From Kashmir Hill: Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn't hand over at all, but that was collected from other...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/27 12:43 p.m.26 views

Counting People Through a Wall with WiFi

Interesting research: In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose receiv...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/27 11:16 a.m.26 views

Future Cyberwar

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling. It doesn't just map cyber onto today's tactics, but completely reimagines future tactics that include a cyber component quote starts on pag...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/03 11:21 a.m.26 views

How the US Military Can Better Keep Hackers

Interesting commentary: The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military need...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/05 12:14 p.m.26 views

Beating Facial Recognition Software with Face Makeup

At least right now, facial recognition algorithms don't work with Juggalo makeup...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/05 11:32 a.m.26 views

Regulating Bitcoin

Ross Anderson has a new paper on cryptocurrency exchanges. From his blog: Bitcoin Redux explains what's going wrong in the world of cryptocurrencies. The bitcoin exchanges are developing into a shadow banking system, which do not give their customers actual bitcoin but rather display a "balance"...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/10 11:11 a.m.26 views

DARPA Funding in AI-Assisted Cybersecurity

DARPA is launching a program aimed at vulnerability discovery via human-assisted AI. The new DARPA program is called CHESS Computers and Humans Exploring Software Security, and they're holding a proposers day in a week and a half. This is the kind of thing that can dramatically change the...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/08 5:55 p.m.26 views

Water Utility Infected by Cryptocurrency Mining Software

A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I've seen it infect SCADA systems, though. It seems that this mining software is...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/11 6:50 p.m.26 views

Fingerprinting Digital Documents

In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/20 2:17 p.m.26 views

Denuvo DRM Cracked within a Day of Release

Denuvo is probably the best digital-rights management system, used to protect computer games. It's regularly cracked within a day. If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers. But that...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/12 11:12 a.m.26 views

Securing a Raspberry Pi

A Raspberry Pi is a tiny computer designed for makers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/30 5:47 p.m.26 views

Inmates Secretly Build and Network Computers while in Prison

This is kind of amazing: Inmates at a medium-security Ohio prison secretly assembled two functioning computers, hid them in the ceiling, and connected them to the Marion Correctional Institution's network. The hard drives were loaded with pornography, a Windows proxy server, VPN, VOIP and...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/29 3:22 p.m.26 views

Tainted Leaks

Last year, I wrote about the potential for doxers to alter documents before they leaked them. It was a theoretical threat when I wrote it, but now Citizen Lab has documented this technique in the wild: This report describes an extensive Russia-linked phishing and disinformation campaign. It...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/16 11:8 a.m.26 views

Using Wi-Fi to Get 3D Images of Surrounding Location

Interesting research: The radio signals emitted by a commercial Wi-Fi router can act as a kind of radar, providing images of the transmitter's environment, according to new experiments. Two researchers in Germany borrowed techniques from the field of holography to demonstrate Wi-Fi imaging. They...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/14 11:6 a.m.25 views

Perfectl Malware

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security...

9.8CVSS7.4AI score0.96604EPSS
Exploits11
Schneier on Security
Schneier on Security
added 2024/05/31 11:4 a.m.25 views

How AI Will Change Democracy

I dont think its an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isnt necessarily interesting. But when an A...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/04 11:7 a.m.25 views

Surveillance by the New Microsoft Outlook App

The ProtonMail people are accusing Microsofts new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to:...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/12 11:9 a.m.26 views

Bounty to Recover NIST’s Elliptic Curve Seeds

This is a fun challenge: The NIST elliptic curves that power much of modern cryptography were generated in the late 90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/03 11:17 a.m.25 views

The Need for Trustworthy AI

If you ask Alexa, Amazons voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesnt know. It doesnt take much to make it lambaste the other tech giants, but its silent about its own corporate parents misdeeds. When Alexa responds in this way, its obvious that it is...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/19 11:11 a.m.25 views

Security Risks of New .zip and .mov Domains

Researchers are worried about Googles .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/25 10:9 a.m.25 views

Cyberweapons Manufacturer QuaDream Shuts Down

Following a report on its activities, the Israeli spyware company QuaDream has shut down. This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/25 12:0 p.m.25 views

US Cyber Command Operations During the 2022 Midterm Elections

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organizations offensive cyber operations during the runup to the 2022 midterm elections. He didnt name names, of course: We did conduct operations persistently to make sure that our foreign adversaries...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/22 11:38 a.m.25 views

Hyundai Uses Example Keys for Encryption System

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicles manufacturer had secured its system using keys that were not only publicly known but had been lifted from...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/17 10:1 p.m.25 views

Friday Squid Blogging: UK Recognizes Squid as Sentient Beings

This seems big: The UK government has officially included decapod crustaceans-including crabs, lobsters, and crayfish-and cephalopod mollusks-including octopuses, squid, and cuttlefish-in its Animal Welfare Sentience Bill. This means they are now recognized as "sentient beings" in the UK. As usua...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/15 9:18 p.m.25 views

Friday Squid Blogging: New Giant Squid Video

New video of a large squid in the Red Sea at about 2,800 feet. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Total number of security vulnerabilities2981