Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2024/04/11 11:1 a.m.23 views

Backdoor in XZ Utils That Almost Happened

Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention--but it should. There’s an important moral to the story of the attack and its discovery: The...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/08 11:3 a.m.23 views

Security Vulnerability of HTML Emails

This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/01 2:19 p.m.23 views

Magic Security Dust

Adam Shostack is selling magic security dust. Its about time someone is commercializing this essential technology...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/05 4:10 p.m.23 views

Deepfake Fraud

A deepfake video conference call--with everyone else on the call a fake--fooled a finance worker into sending $25M to the criminals account...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/19 10:7 p.m.23 views

Friday Squid Blogging: New Foods from Squid Fins

We only eat about half of a squid, ignoring the fins. A group of researchers is working to change that. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/22 8:8 p.m.23 views

Ben Rothke’s Review of A Hacker’s Mind

Ben Rothke chose A Hackers Mind as "the best information security book of 2023."...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/10 12:7 p.m.23 views

The Privacy Disaster of Modern Smart Cars

Article based on a Mozilla report...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/23 11:8 a.m.23 views

Child Exploitation and the Crypto Wars

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation CSAE. She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isnt the solution...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/21 11:3 a.m.23 views

New Revelations from the Snowden Documents

Jake Appelbaums PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/22 11:4 a.m.23 views

Applying AI to License Plate Surveillance

License plate scanners arent new. Neither is using them for bulk surveillance. Whats new is that AI is being used on the data, identifying "suspicious" vehicle behavior: Typically, Automatic License Plate Recognition ALPR technology is used to search for plates linked to specific crimes. But in...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/15 11:3 a.m.23 views

Zoom Can Spy on Your Calls and Use the Conversation to Train AI, But Says That It Won’t

This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that theres no need to worry about that. Zoom execs swear the compa...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/03 10:13 a.m.23 views

SolarWinds Detected Six Months Earlier

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didnt realize what it detected--and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/10 1:33 a.m.23 views

Another Malware with Persistence

Heres a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/27 12:6 p.m.23 views

Banning TikTok

Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and si...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/08 12:8 p.m.23 views

Leaked Signing Keys Are Being Used to Sign Malware

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Googles Android Security Team, has a post on the Android Partner Vulnerability Initiative AVPI issue tracker detailing leaked platform certificate keys...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/18 3:4 p.m.23 views

Successful Hack of Time-Triggered Ethernet

Time-triggered Ethernet TTE is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it: On Tuesday, researchers published findings that, for the first time, break TTEs isolation guarantees. The result is PCspooF...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/04 2:16 p.m.23 views

NSA on Supply Chain Security

The NSA together with CISA has published a long report on supply-chain security: "Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.": Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code,...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/14 5:8 p.m.23 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security, online, on September 22, 2022. Im speaking at IT-Security INSIDE 2022 in Zurich, Switzerland, on Septembe...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/19 9:5 p.m.23 views

Friday Squid Blogging: The Language of the Jumbo Flying Squid

The jumbo flying squid Dosidicus gigas uses its color-changing ability as a language: In 2020, however, marine biologists discovered that jumbo flying squid are surprisingly coordinated. Despite their large numbers, the squid rarely bumped into each other or competed for the same prey. The...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/22 9:12 p.m.23 views

Friday Squid Blogging: Bathyteuthis berryi Holding Eggs

Image and video of a Bathyteuthis berryi carrying a few hundred eggs, taken at a depth of 4,650 feet. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/12 12:23 p.m.23 views

Security Vulnerabilities in Honda’s Keyless Entry System

Honda vehicles from 2021 to 2022 are vulnerable to this attack: On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin260...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/04 12:19 p.m.23 views

Samsung Encryption Flaw

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/20 3:17 p.m.23 views

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Groups Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We havent heard a lot about Cytrox and its Predator...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/26 10:5 p.m.23 views

Friday Squid Blogging: Bobtail Squid and Vibrio Bacteria

Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/14 6:1 p.m.23 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking on "Securing a World of Physically Capable Computers" at @Hack on November 29, 2021. The list is maintained on this page...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/14 5:2 p.m.23 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I’m speaking at the Infosecurity Magazine EMEA Autumn Online Summit on September 21, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/13 11:41 a.m.23 views

Designing Contact-Tracing Apps

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/18 11:23 a.m.23 views

Tetris: Chinese Espionage Tool

Im starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/13 2:13 p.m.23 views

More Biden Cybersecurity Nominations

News: President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John "Chris" Inglis as the first ever national cyber director NCD. I know them both, and think theyre both good...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/27 12:10 p.m.23 views

Undermining Democracy

Last Thursday, Rudy Giuliani, a Trump campaign lawyer, alleged a widespread voting conspiracy involving Venezuela, Cuba, and China. Another lawyer, Sidney Powell, argued that Mr. Trump won in a landslide, the entire election in swing states should be overturned and the legislatures should make su...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/04 4:28 p.m.23 views

Determining What Video Conference Participants Are Typing from Watching Shoulder Movements

Accuracy isnt great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants. Specifically, they focused on the movement of...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/13 11:20 a.m.23 views

Google Responds to Warrants for “About” Searches

One of the things we learned from the Snowden documents is that the NSA conducts "about" searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number. An about search would something like "show me anyone that has used this...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/11 11:15 a.m.23 views

Ranking National Cyber Power

Harvard Kennedy Schools Belfer Center published the "National Cyber Power Index 2020: Methodology and Analytical Considerations." The rankings: 1. US, 2. China, 3. UK, 4. Russia, 5. Netherlands, 6. France, 7. Germany, 8. Canada, 9. Japan, 10. Australia, 11. Israel. More countries are in the...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 11:2 a.m.23 views

Hacking AI-Graded Tests

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/19 7:9 p.m.23 views

Security and Human Behavior (SHB) 2020

Today is the second day of the thirteenth Workshop on Security and Human Behavior. It's being hosted by the University of Cambridge, which in today's world means we're all meeting on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/13 1:49 p.m.23 views

New US Electronic Warfare Platform

The Army is developing a new electronic warfare pod capable of being put on drones and on trucks. ...the Silent Crow pod is now the leading contender for the flying flagship of the Army's rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/02 9:20 p.m.23 views

Friday Squid Blogging: Piglet Squid Video

Really neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/01 10:55 a.m.23 views

Yubico Security Keys with a Crypto Flaw

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness ...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/03 12:37 p.m.23 views

The DoJ's Secret Legal Arguments to Break Cryptography

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 12:28 p.m.23 views

That Bloomberg Supply-Chain-Hack Story

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it including the US DHS and the UK NCSC. Bloomberg has stood by its story -- and is...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/09 12:4 p.m.24 views

Privacy and Security of Data at Universities

Interesting paper: "Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier," by Christine Borgman: Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/05 11:44 a.m.23 views

Detecting Credit Card Skimmers

Interesting research paper: "Fear the Reaper: Characterization and Fast Detection of Card Skimmers": Abstract: Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card data using skimmers, which are attached to legitimate payment devices includin...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/30 11:34 a.m.23 views

Cheating in Bird Racing

I've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved training the pigeons to believe they had tw...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/23 10:54 a.m.23 views

John Mueller and Mark Stewart on the Risks of Terrorism

Another excellent paper by the Mueller/Stewart team: "Terrorism and Bathtubs: Comparing and Assessing the Risks": Abstract: The likelihood that anyone outside a war zone will be killed by an Islamist extremist terrorist is extremely small. In the United States, for example, some six people have...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/23 11:17 a.m.23 views

1Password's Travel Mode

The 1Password password manager has just introduced "travel mode," which allows you to delete your stored passwords when you're in other countries or crossing borders: Your vaults aren't just hidden; they're completely removed from your devices as long as Travel Mode is on. That includes every ite...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/17 11:29 a.m.23 views

Hijacking Emergency Sirens

Turns out it's easy to hijack emergency sirens with a radio transmitter...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/10 11:11 a.m.23 views

DARPA Funding in AI-Assisted Cybersecurity

DARPA is launching a program aimed at vulnerability discovery via human-assisted AI. The new DARPA program is called CHESS Computers and Humans Exploring Software Security, and they're holding a proposers day in a week and a half. This is the kind of thing that can dramatically change the...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/19 11:27 a.m.23 views

Israeli Security Attacks AMD by Publishing Zero-Day Exploits

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website, detailed whitepaper, cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA -- and logos we've come to expect from these sorts of things...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/12 11:27 a.m.23 views

Two New Papers on the Encryption Debate

Seems like everyone is writing about encryption and backdoors this season. "Policy Approaches to the Encryption Debate," R Street Policy Study 133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. "Encryption Policy in Democratic Regimes," East West Institute. I recently blogged about...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/12 12:36 p.m.23 views

Internet Security Threats at the Olympics

There are a lot: The cybersecurity company McAfee recently uncovered a cyber operation, dubbed Operation GoldDragon, attacking South Korean organizations related to the Winter Olympics. McAfee believes the attack came from a nation state that speaks Korean, although it has no definitive proof tha...

6.8AI score
Exploits0
Total number of security vulnerabilities2980