Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2018/05/16 11:16 a.m.22 views

Accessing Cell Phone Location Information

The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant: The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/16 11:12 a.m.22 views

Interesting Article on Marcus Hutchins

This is a good article on the complicated story of hacker Marcus Hutchins...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/10 7:42 p.m.22 views

Susan Landau's New Book: Listening In

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how la...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/22 2:54 p.m.22 views

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

The security researchers at Princeton are posting You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, an...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/14 11:17 a.m.22 views

Hacking Robots

Researchers have demonstrated hacks against robots, taking over and controlling their camera, speakers, and movements. News article...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/23 6:57 p.m.22 views

The Secret Code of Beatrix Potter

Interesting: As codes go, Potter's wasn't inordinately complicated. As Wiltshire explains, it was a "mono-alphabetic substitution cipher code," in which each letter of the alphabet was replaced by a symbol­ -- the kind of thing they teach you in Cub Scouts. The real trouble was Potter's own fluen...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/05 11:16 a.m.22 views

CIA's Pandemic Toolkit

WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called "Pandemic": The Pandemic leak does not explain what the CIA's initial infection vector is, but does describe it as a persistent implant. "As the name suggests, a single computer on a local network wit...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/26 9:12 p.m.22 views

Friday Squid Blogging: Squid and Chips

The excellent Montreal chef Marc-Olivier Frappier, of Joe Beef fame, has created a squid and chips dish for Brit & Chips restaurant. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/22 7:10 p.m.22 views

North Korean Cyberwar Capabilities

Reuters has an article on North Korea's cyberwar capabilities, specifically "Unit 180." They're still not in the same league as the US, UK, Russia, China, and Israel. But they're getting better...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/15 11:2 a.m.22 views

Yacht Security

Turns out, multi-million dollar yachts are no more secure than anything else out there: The ease with which ocean-going oligarchs or other billionaires can be hijacked on the high seas was revealed at a superyacht conference held in a private members club in central London this week. ... Murray, ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/09 11:36 a.m.22 views

Facebook's Observations on Information Operations and the 2016 US Election

Facebook published paper on the information operations it has seen, as well as some observations regarding the recent US election. It's interesting reading...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/08 2:16 p.m.22 views

Using Ultrasonic Beacons to Track Users

I've previously written about ad networks using ultrasonic communications to jump from one device to another. The idea is for devices like televisions to play ultrasonic codes in advertisements and for nearby smartphones to detect them. This way the two devices can be linked. Creepy, yes. And als...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/05 12:35 p.m.22 views

Why Is the TSA Scanning Paper?

I've been reading a bunch of anecdotal reports that the TSA is starting to scan paper separately: A passenger going through security at Kansas City International Airport MCI recently was asked by security officers to remove all paper products from his bag. Everything from books to Post-It Notes,...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/04 3:31 p.m.22 views

Forging Voice

LyreBird is a system that can accurately reproduce the voice of someone, given a large amount of sample inputs. It's pretty good -- listen to the demo here -- and will only get better over time. The applications for recorded-voice forgeries are obvious, but I think the larger security risk will b...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/12 11:4 a.m.21 views

The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled "Future Possibilities: Data, Hardware, Software, and People." The agency is so far refusing to release it. Basically, the recording is in an obscure video format. People at the NSA cant easily watch it, so they cant redac...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/17 11:9 a.m.21 views

FBI Seizes BreachForums Website

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forums backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be use...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/13 11:4 a.m.21 views

LLMs’ Data-Control Path Insecurity

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone...

8.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/02 5:5 p.m.21 views

Declassified NSA Newsletters

Through a 2010 FOIA request yes, it took that long, we have copies of the NSAs KRYPTOS Society Newsletter, "Tales of the Krypt," from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted:...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/09 12:3 p.m.21 views

PIN-Stealing Android Malware

This is an old piece of malware--the Chameleon Android banking Trojan--that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/26 12:3 p.m.21 views

Google Stops Collecting Location Data from Maps

Google Maps now stores location data locally on your device, meaning that Google no longer has that data to turn over to the police...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/08 12:8 p.m.21 views

Decoupling for Security

This is an excerpt from a longer paper. You can read the whole thing complete with sidebars and illustrations here. Our message is simple: it is possible to get the best of both worlds. We can and should get the benefits of the cloud while taking security back into our own hands. Here we outline ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/19 11:8 a.m.21 views

Former Uber CISO Appealing His Conviction

Joe Sullivan, Ubers CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the companys data security a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/13 9:9 p.m.21 views

Friday Squid Blogging: On Squid Intelligence

Article about squid intelligence. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/06 7:4 a.m.21 views

Deepfake Election Interference in Slovakia

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/07 11:9 a.m.21 views

The Hacker Tool to Get Personal Data from Credit Bureaus

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus: This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the targets credit header. This is...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/25 11:3 a.m.21 views

Hacking Food Labeling Laws

This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to ensure that they are not effective. There are the typical high-pressure lobbying tactics and lawsuits. But theres also examples of companies hacking the laws: Companies like...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/04 9:7 p.m.21 views

Friday Squid Blogging: 2023 Squid Oil Global Market Report

I had no idea that squid contain sufficient oil to be worth extracting. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/10 11:23 a.m.21 views

LLMs and Phishing

Heres an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. Its an interesting experiment, and the results are likely to...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/24 10:2 p.m.21 views

Friday Squid Blogging: Squid Processing Facility

This video of a modern large squid processing ship is a bit gory, but also interesting. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/09 12:14 p.m.21 views

Identifying People Using Cell Phone Location Data

The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 10:12 p.m.21 views

Friday Squid Blogging: Legend of the Indiana Oil-Pit Squid

At a GMC plant. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/28 3:44 p.m.21 views

Computer Repair Technicians Are Stealing Your Data

Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations ha...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/14 2:8 p.m.21 views

Regulating DAOs

In August, the US Treasurys Office of Foreign Assets Control OFAC sanctioned the cryptocurrency platform Tornado Cash, a virtual currency "mixer" designed to make it harder to trace cryptocurrency transactions--and a worldwide favorite money-laundering platform. Americans are now forbidden from...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/05 9:13 p.m.21 views

Friday Squid Blogging: New Squid Species

Seems like they are being discovered all the time: In the past, the DEEPEND crew has discovered three new species of Bathyteuthids, a type of squid that lives in depths between 700 and 2,000 meters. The findings were validated and published in 2020. Another new squid species description is...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/05 11:4 a.m.21 views

Hackers Using Fake Police Data Requests against Tech Companies

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/21 3:22 p.m.21 views

Developer Sabotages Open-Source Software Package

This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The applicatio...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/04 10:15 p.m.21 views

Friday Squid Blogging: Are Squid from Another Planet?

An actually serious scientific journal has published a paper speculating that octopus and squid could be of extraterrestrial origin. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/30 4:51 p.m.21 views

Hardening Your VPN

The NSA and CISA have released a document on how to harden your VPN...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/17 11:9 a.m.21 views

Zero-Click iMessage Exploit

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Groups Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/13 12:6 p.m.21 views

On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security

Smart commentary: …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had ­ the ones that look like bike racks that can hook together ­ to try to keep the crowds away from sensitive areas and,...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/18 12:21 p.m.21 views

Michael Ellis as NSA General Counsel

Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director Paul Nakasone, and what Biden can and should do about it. While important details remain unclear, media accounts include numerous...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/10 12:40 p.m.21 views

2020 Was a Secure Election

Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/30 2:14 p.m.21 views

The Legal Risks of Security Research

Sunoo Park and Kendra Albert have published "A Researcher’s Guide to Some Legal Risks of Security Research." From a summary: Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions DMCA §1201, electronic privacy law ECPA, and cryptography export...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/07 11:5 a.m.21 views

New Privacy Features in iOS 14

A good rundown...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/01 11:19 a.m.21 views

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they dont convincingly mimic human blood circulation in the face: In particular, video of a persons face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these changes would be too minute to detect merel...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/22 11:36 a.m.21 views

Amazon Delivery Drivers Hacking Scheduling System

Amazon drivers -- all gig workers who dont work for the company -- are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are: The phones in trees seem to serve as master devices that dispatch routes to multiple...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 11:18 a.m.21 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 10:45 a.m.21 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/21 11:3 a.m.21 views

Yet Another Biometric: Bioacoustic Signatures

Sound waves through the body are unique enough to be a biometric: "Modeling allowed us to infer what structures or material features of the human body actually differentiated people," explains Joo Yong Sim, one of the ETRI researchers who conducted the study. "For example, we could see how the...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/10 11:23 a.m.21 views

Smart Lock Vulnerability

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary...

0.6AI score
Exploits0
Total number of security vulnerabilities2980