Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2020/09/08 11:12 a.m.22 views

More on NIST's Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: We're in the process of moving this blog to Wordpress. Comments will be disabled until the move it...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/28 11:40 a.m.22 views

Survey of Supply Chain Attacks

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary: 1. Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/18 11:34 a.m.22 views

Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach -- allegedly committed by a CIA employee -- was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/15 11:6 a.m.22 views

Examining the US Cyber Budget

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5...

Exploits0
Schneier on Security
Schneier on Security
added 2020/06/12 9:3 p.m.22 views

Friday Squid Blogging: Human Cells with Squid-Like Transparency

I think we need more human organs with squid-like features. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/10 11:31 a.m.22 views

Availability Attacks against Neural Networks

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/08 2:46 p.m.22 views

Used Tesla Components Contain Personal Information

Used Tesla components, sold on eBay, still contain personal information, even after a factory reset. This is a decades-old problem. It's a problem with used hard drives. It's a problem with used photocopiers and printers. It will be a problem with IoT devices. It'll be a problem with everything,...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/14 6:28 p.m.22 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm being interviewed on "Hacking in the Public Interest" as part of the Black Hat Webcast Series, on Thursday, April 16, 2020 at 2:00 PM EDT. The list is maintained on this page...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/06 11:41 a.m.22 views

Five-Eyes Intelligence Services Choose Surveillance Over Security

The Five Eyes -- the intelligence consortium of the rich English-speaking countries the US, Canada, the UK, Australia, and New Zealand -- have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone's needs for securi...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/01 11:22 a.m.22 views

Backdoors in Cisco Routers

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year...

4.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/20 11:44 a.m.22 views

Securing Elections

Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems ar...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/20 11:0 a.m.22 views

Dan Geer on the Dangers of Computer-Only Systems

A good warning, delivered in classic Dan Geer style...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/20 12:19 p.m.22 views

Vulnerability in Amazon Key

Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don't abuse their one-time access privilege. Cloud Cam has been hacked: But now security...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/23 6:57 p.m.22 views

The Secret Code of Beatrix Potter

Interesting: As codes go, Potter's wasn't inordinately complicated. As Wiltshire explains, it was a "mono-alphabetic substitution cipher code," in which each letter of the alphabet was replaced by a symbol­ -- the kind of thing they teach you in Cub Scouts. The real trouble was Potter's own fluen...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/05 11:16 a.m.22 views

CIA's Pandemic Toolkit

WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called "Pandemic": The Pandemic leak does not explain what the CIA's initial infection vector is, but does describe it as a persistent implant. "As the name suggests, a single computer on a local network wit...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/26 9:12 p.m.22 views

Friday Squid Blogging: Squid and Chips

The excellent Montreal chef Marc-Olivier Frappier, of Joe Beef fame, has created a squid and chips dish for Brit & Chips restaurant. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/22 7:10 p.m.22 views

North Korean Cyberwar Capabilities

Reuters has an article on North Korea's cyberwar capabilities, specifically "Unit 180." They're still not in the same league as the US, UK, Russia, China, and Israel. But they're getting better...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/12 11:4 a.m.21 views

The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

The NSA has a video recording of a 1982 lecture by Adm. Grace Hopper titled "Future Possibilities: Data, Hardware, Software, and People." The agency is so far refusing to release it. Basically, the recording is in an obscure video format. People at the NSA cant easily watch it, so they cant redac...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/17 11:9 a.m.21 views

FBI Seizes BreachForums Website

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forums backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be use...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/13 11:4 a.m.21 views

LLMs’ Data-Control Path Insecurity

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone...

8.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/02 5:5 p.m.21 views

Declassified NSA Newsletters

Through a 2010 FOIA request yes, it took that long, we have copies of the NSAs KRYPTOS Society Newsletter, "Tales of the Krypt," from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted:...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/09 12:3 p.m.21 views

PIN-Stealing Android Malware

This is an old piece of malware--the Chameleon Android banking Trojan--that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/26 12:3 p.m.21 views

Google Stops Collecting Location Data from Maps

Google Maps now stores location data locally on your device, meaning that Google no longer has that data to turn over to the police...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/08 12:8 p.m.21 views

Decoupling for Security

This is an excerpt from a longer paper. You can read the whole thing complete with sidebars and illustrations here. Our message is simple: it is possible to get the best of both worlds. We can and should get the benefits of the cloud while taking security back into our own hands. Here we outline ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/19 11:8 a.m.21 views

Former Uber CISO Appealing His Conviction

Joe Sullivan, Ubers CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the companys data security a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/13 9:9 p.m.21 views

Friday Squid Blogging: On Squid Intelligence

Article about squid intelligence. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/06 7:4 a.m.21 views

Deepfake Election Interference in Slovakia

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/07 11:9 a.m.21 views

The Hacker Tool to Get Personal Data from Credit Bureaus

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus: This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the targets credit header. This is...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/25 11:3 a.m.21 views

Hacking Food Labeling Laws

This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to ensure that they are not effective. There are the typical high-pressure lobbying tactics and lawsuits. But theres also examples of companies hacking the laws: Companies like...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/04 9:7 p.m.21 views

Friday Squid Blogging: 2023 Squid Oil Global Market Report

I had no idea that squid contain sufficient oil to be worth extracting. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/10 11:23 a.m.21 views

LLMs and Phishing

Heres an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. Its an interesting experiment, and the results are likely to...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/24 10:2 p.m.21 views

Friday Squid Blogging: Squid Processing Facility

This video of a modern large squid processing ship is a bit gory, but also interesting. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/09 12:14 p.m.21 views

Identifying People Using Cell Phone Location Data

The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 10:12 p.m.21 views

Friday Squid Blogging: Legend of the Indiana Oil-Pit Squid

At a GMC plant. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/28 3:44 p.m.21 views

Computer Repair Technicians Are Stealing Your Data

Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations ha...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/14 2:8 p.m.21 views

Regulating DAOs

In August, the US Treasurys Office of Foreign Assets Control OFAC sanctioned the cryptocurrency platform Tornado Cash, a virtual currency "mixer" designed to make it harder to trace cryptocurrency transactions--and a worldwide favorite money-laundering platform. Americans are now forbidden from...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/05 9:13 p.m.21 views

Friday Squid Blogging: New Squid Species

Seems like they are being discovered all the time: In the past, the DEEPEND crew has discovered three new species of Bathyteuthids, a type of squid that lives in depths between 700 and 2,000 meters. The findings were validated and published in 2020. Another new squid species description is...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/05 11:4 a.m.21 views

Hackers Using Fake Police Data Requests against Tech Companies

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/21 3:22 p.m.21 views

Developer Sabotages Open-Source Software Package

This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The applicatio...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/04 10:15 p.m.21 views

Friday Squid Blogging: Are Squid from Another Planet?

An actually serious scientific journal has published a paper speculating that octopus and squid could be of extraterrestrial origin. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/30 4:51 p.m.21 views

Hardening Your VPN

The NSA and CISA have released a document on how to harden your VPN...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/17 11:9 a.m.21 views

Zero-Click iMessage Exploit

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Groups Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/13 12:6 p.m.21 views

On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security

Smart commentary: …I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had ­ the ones that look like bike racks that can hook together ­ to try to keep the crowds away from sensitive areas and,...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/18 12:21 p.m.21 views

Michael Ellis as NSA General Counsel

Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director Paul Nakasone, and what Biden can and should do about it. While important details remain unclear, media accounts include numerous...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/10 12:40 p.m.21 views

2020 Was a Secure Election

Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/30 2:14 p.m.21 views

The Legal Risks of Security Research

Sunoo Park and Kendra Albert have published "A Researcher’s Guide to Some Legal Risks of Security Research." From a summary: Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions DMCA §1201, electronic privacy law ECPA, and cryptography export...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/07 11:5 a.m.21 views

New Privacy Features in iOS 14

A good rundown...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/01 11:19 a.m.21 views

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they dont convincingly mimic human blood circulation in the face: In particular, video of a persons face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these changes would be too minute to detect merel...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/22 11:36 a.m.21 views

Amazon Delivery Drivers Hacking Scheduling System

Amazon drivers -- all gig workers who dont work for the company -- are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are: The phones in trees seem to serve as master devices that dispatch routes to multiple...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 11:18 a.m.21 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Total number of security vulnerabilities2981