Lucene search
K
SchneierMost viewed

2978 matches found

Schneier on Security
Schneier on Security
added 2018/10/31 5:44 p.m.105 views

Was the Triton Malware Attack Russian in Origin?

The conventional story is that Iran targeted Saudi Arabia with Triton in 2017. New research from FireEye indicates that it might have been Russia. I don't know. FireEye likes to attribute all sorts of things to Russia, but the evidence here looks pretty good...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/22 3:41 p.m.104 views

Nasty Windows Printer Driver Vulnerability

From SentinelLabs, a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers also used by Samsung and Xerox, which impacts hundreds of millions of Windows machines. If exploited, cyberattackers...

4.6CVSS7.5AI score0.02902EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2019/10/04 5:4 p.m.104 views

More Cryptanalysis of Solitaire

In 1999, I invented the Solitaire encryption algorithm, designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon, and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I mad...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/20 5:27 p.m.104 views

How Apple's "Find My" Feature Works

Matthew Green intelligently speculates about how Apple's new "Find My" feature works. If you haven't already been inspired by the description above, let me phrase the question you ought to be asking: how is this system going to avoid being a massive privacy nightmare? Let me count the concerns: I...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/17 10:52 a.m.104 views

Data, Surveillance, and the AI Arms Race

According to foreign policy experts and the defense establishment, the United States is caught in an artificial intelligence arms race with China -- one with serious implications for national security. The conventional version of this story suggests that the United States is at a disadvantage...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/21 12:47 p.m.104 views

Clever Smartphone Malware Concealment Technique

This is clever: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/18 7:12 p.m.104 views

Worst-Case Thinking Breeds Fear and Irrationality

Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center. Instead of thinking "it must be a father and daughter, which happens millions of times a day and is perfectly normal," he thinks "this is obviously a case of child abduction and I must ale...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/19 9:0 p.m.104 views

Friday Squid Blogging: Roasted Squid with Tomatillo Salsa

Recipe and commentary. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/12 9:1 p.m.104 views

Friday Squid Blogging: Eat Less Squid

The UK's Marine Conservation Society is urging people to eat less squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/11 7:34 p.m.102 views

I Have a New Book: We Have Root

I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. The first two are Schneier on Security and Carry On. There is nothing in this book is that is not available for free on my website; but if you'd like these essays in an easy-to-carry paperback...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/19 7:38 p.m.102 views

A Harlequin Romance Novel about Hackers

Really...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/12 11:22 a.m.102 views

Rock-Paper-Scissors Robot

How in the world did I not know about this for three years? Researchers at the University of Tokyo have developed a robot that always wins at rock-paper-scissors. It watches the human player's hand, figures out which finger position the human is about to deploy, and reacts quickly enough to alway...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/22 9:12 p.m.101 views

Friday Squid Blogging: Squid Can Edit Their Own Genomes

This is new news: Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon -- the long, slender neural projections that transmit electrical...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/05 11:15 a.m.100 views

Research on Human Honesty

New research from Science: "Civic honesty around the globe": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/31 11:13 a.m.99 views

Chrome Zero-Day from North Korea

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for...

6.8CVSS0.4AI score0.23546EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/18 10:54 a.m.99 views

Adding a Hardware Backdoor to a Networked Computer

Interesting proof of concept: At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minima...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/27 11:41 a.m.99 views

Spanish Soccer League App Spies on Fans

The Spanish Soccer League's smartphone app spies on fans in order to find bars that are illegally streaming its games. The app listens with the microphone for the broadcasts, and then uses geolocation to figure out where the phone is. The Spanish data protection agency has ordered the league to...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/26 12:27 p.m.99 views

Human Rights by Design

Good essay: "Advancing Human-Rights-By-Design In The Dual-Use Technology Industry," by Jonathon Penney, Sarah McKune, Lex Gill, and Ronald J. Deibert: But businesses can do far more than these basic measures. They could adopt a "human-rights-by-design" principle whereby they commit to designing...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/07 11:0 a.m.99 views

Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Interesting story: The venture is built on Alex's talent for reverse engineering the algorithms -- known as pseudorandom number generators, or PRNGs -- that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money­insight...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/04 12:25 p.m.98 views

Chinese Hackers Stole an NSA Windows Exploit in 2014

Check Point has evidence that probably government affiliated Chinese hackers stole and cloned an NSA Windows hacking tool years before probably government affiliated Russian hackers stole and then published the same tool. Heres the timeline: The timeline basically seems to be, according to Check...

6.9CVSS2.9AI score0.11022EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2019/09/14 11:16 p.m.98 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society in London on September 24, 2019. I'm speaking at Cyber Security Nordic in Helsinki, Finland on...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/07 9:13 p.m.98 views

Friday Squid Blogging: 100-kg Squid Caught Off the Coast of Madeira

News. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/26 10:23 p.m.98 views

Friday Squid Blogging: Squid that Mate, Die, and Then Sink

The mating and death characteristics of some squid are fascinating. Research paper. EDITED TO ADD 2/5: Additional info and photos. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/19 9:4 p.m.97 views

Friday Squid Blogging: Squid Mural

Large squid mural in the Bushwick neighborhood of Brooklyn. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/25 11:35 a.m.97 views

iPhone Apps Surreptitiously Communicated with Unknown Servers

Long news article alternate source on iPhone privacy, specifically the enormous amount of data your apps are collecting without your knowledge. A lot of this happens in the middle of the night, when you're probably not otherwise using your phone: IPhone apps I discovered tracking me by passing...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/07 11:24 a.m.97 views

iOS Shortcut for Recording the Police

"Hey Siri; I'm getting pulled over" can be a shortcut: Once the shortcut is installed and configured, you just have to say, for example, "Hey Siri, I'm getting pulled over." Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on "do not disturb"...

Exploits0
Schneier on Security
Schneier on Security
added 2019/06/25 5:39 p.m.96 views

Florida City Pays Ransomware

Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/24 11:5 a.m.96 views

Election Security

Stanford University's Cyber Policy Center has published a long report on the security of US elections. Summary: it's not good...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/01 11:59 a.m.96 views

Data Leakage from Encrypted Databases

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/21 12:33 p.m.96 views

Reverse Location Search Warrants

The police are increasingly getting search warrants for information about all cell phones in a certain location at a certain time: Police departments across the country have been knocking at Google's door for at least the last two years with warrants to tap into the company's extensive stores of...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/15 12:38 p.m.95 views

Critical Windows Vulnerability Discovered by NSA

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a...

5.8CVSS0.2AI score0.89436EPSS
Exploits14
Schneier on Security
Schneier on Security
added 2019/11/15 10:13 p.m.95 views

Friday Squid Blogging: Planctotuethis Squid

Neat video, and an impressive-looking squid. I can't figure out how long it is. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/15 3:36 p.m.95 views

TPM-Fail Attacks Against Cryptographic Coprocessors

Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks, by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module TPM serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/26 6:3 p.m.95 views

MongoDB Offers Field Level Encryption

MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side"...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/21 12:24 p.m.94 views

Drone Denial-of-Service Attack against Gatwick Airport

Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen. He told BBC News: "There are 110,000...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/20 11:56 a.m.93 views

Hacking Hardware Security Modules

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module HSM talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It wi...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/16 8:3 p.m.92 views

REvil is Off-Line

This is an interesting development: Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. … Gone was the publicly available "happy blog" th...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/08 12:8 p.m.92 views

Ransomware Recovery Firms Who Secretly Pay Hackers

ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/08 4:30 p.m.92 views

Leaked NSA Hacking Tools

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/08 12:13 p.m.92 views

Machine Learning to Detect Software Vulnerabilities

No one doubts that artificial intelligence AI and machine learning ML will transform cybersecurity. We just don't know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders ­ and the resultant arms race between the two ­ I want to talk about...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/28 6:11 p.m.92 views

Click Here to Kill Everybody Available as an Audiobook

Click Here to Kill Everybody is finally available on Audible.com. I have ten download codes. Not having anything better to do with them, here they are: 1. HADQSSFC98WCQ 2. LDLMC6AJLBDJY 3. YWSY8CXYMQNJ6 4. JWM7SGNUXX7DB 5. UPKAJ6MHB2LEF 6. M85YN36UR926H 7. 9ULE4NFAH2SLF 8. GU7A79GSDCXAT 9...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/01 9:12 p.m.91 views

Friday Squid Blogging: Triassic Kraken

Research paper: "Triassic Kraken: The Berlin Ichthyosaur Death Assemblage Interpreted as a Giant Cephalopod Midden": Abstract: The Luning Formation at Berlin Ichthyosaur State Park, Nevada, hosts a puzzling assemblage of at least 9 huge ≤14 m juxtaposed ichthyosaurs Shonisaurus popularis...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/18 7:38 p.m.91 views

Why Technologists Need to Get Involved in Public Policy

Last month, I gave a 15-minute talk in London titled: "Why technologists need to get involved in public policy." In it, I try to make the case for public-interest technologists. I also maintain a public-interest tech resources page, which has pretty much everything I can find in this space. If I'...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/06 9:24 p.m.91 views

Friday Squid Blogging: Squid Perfume

It's not perfume for squids. Nor is it perfume made from squids. It's a perfume called Squid, "inspired by life in the sea." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/14 5:4 p.m.91 views

Computers and Video Surveillance

It used to be that surveillance cameras were passive. Maybe they just recorded, and no one looked at the video unless they needed to. Maybe a bored guard watched a dozen different screens, scanning for something interesting. In either case, the video was only stored for a few days because storage...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/30 2:51 p.m.91 views

Fraudulent Academic Papers

The term "fake news" has lost much of its meaning, but it describes a real and dangerous Internet trend. Because it's hard for many people to differentiate a real news site from a fraudulent one, they can be hoodwinked by fictitious news stories pretending to be real. The result is that otherwise...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/02 10:11 p.m.91 views

Friday Squid Blogging: Searching for Humboldt Squid with Electronic Bait

Video and short commentary. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/23 4:52 p.m.90 views

Thangrycat: A Serious Cisco Vulnerability

Summary: Thangrycat is caused by a series of hardware design flaws within Cisco's Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module TAm is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/22 11:35 a.m.90 views

Gen. Nakasone on US Cyber Command

Really interesting article by and interview with Paul M. Nakasone Commander of US Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service in the current issue of Joint Forces Quarterly. He talks about the evolving role of US Cyber Command, and its new...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/31 4:30 p.m.90 views

Security Flaws in Children's Smart Watches

A year ago, the Norwegian Consumer Council published an excellent security analysis of children's GPS-connected smart watches. The security was terrible. Not only could parents track the children, anyone else could also track the children. A recent analysis checked if anything had improved after...

Exploits0
Total number of security vulnerabilities2978