Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2020/08/31 10:45 a.m.21 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/21 11:3 a.m.21 views

Yet Another Biometric: Bioacoustic Signatures

Sound waves through the body are unique enough to be a biometric: "Modeling allowed us to infer what structures or material features of the human body actually differentiated people," explains Joo Yong Sim, one of the ETRI researchers who conducted the study. "For example, we could see how the...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/10 11:23 a.m.21 views

Smart Lock Vulnerability

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/24 11:36 a.m.21 views

Update on NIST's Post-Quantum Cryptography Program

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology NIST has winnowed the 69...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/15 2:29 p.m.21 views

NSA on Securing VPNs

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents a full and an abridged version on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/30 11:59 a.m.21 views

Defending Democracies Against Information Attacks

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security an...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/17 12:57 p.m.21 views

A "Department of Cybersecurity"

Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wron...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/17 11:20 a.m.21 views

Installing a Credit Card Skimmer on a POS Terminal

Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/07 10:56 a.m.21 views

An Example of Deterrence in Cyberspace

In 2016, the US was successfully deterred from attacking Russia in cyberspace because of fears of Russian capabilities against the US. I have two citations for this. The first is from the book Russian Roulette: The Inside Story of Putin's War on America and the Election of Donald Trump, by Michae...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/18 2:58 p.m.21 views

IoT Cybersecurity: What's Plan B?

In August, four US Senators introduced a bill designed to improve Internet of Things IoT security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn't regulate the IoT market. It doesn't single out any industries for particular attention, or force any...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/16 1:39 p.m.21 views

New KRACK Attack Against Wi-Fi Encryption

Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This ...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/28 10:35 a.m.21 views

CIA Exploits Against Wireless Routers

WikiLeaks has published CherryBlossom, the CIA's program to hack into wireless routers. The program is about a decade old. Four good news articles. Five. And a list of vulnerable routers...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/21 6:58 p.m.21 views

Is Continuing to Patch Windows XP a Mistake?

Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry. Is this a good idea? This 2014 essay argues that it's not: The zero-day...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/10 7:14 p.m.21 views

Securing Elections

Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can be improved. The whole process can be streamlined. People...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/05 9:5 p.m.21 views

Friday Squid Blogging: Squid Communications

In the oval squid Sepioteuthis lessoniana, males use body patterns to communicate with both females and other males: To gain insight into the visual communication associated with each behavior in terms of the body patterning's key components, the co-expression frequencies of two or more component...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/21 10:4 p.m.21 views

Friday Squid Blogging: Video of Squid Attacking Another Squid

Wow, is this cool. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/29 4:5 p.m.20 views

Factoring RSA Keys with Many Zeros

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/15 11:1 a.m.20 views

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/18 11:8 a.m.20 views

Zero-Day Exploit Against Windows BitLocker

It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/10 12:6 p.m.20 views

Full-Face Masks to Frustrate Identification

This is going to be interesting. It's a video of someone trying on a variety of printed full-face masks. They won't fool anyone for long, but will survive casual scrutiny. And they're cheap and easy to swap...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/10 9:7 p.m.20 views

Friday Squid Blogging: Squid Mating Strategies

Some squids are "consorts," others are "sneakers." The species is healthiest when individuals have different strategies randomly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/15 11:4 a.m.20 views

New Lattice Cryptanalytic Technique

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/28 11:5 a.m.20 views

Hardware Vulnerability in Apple’s M-Series Chips

Its yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/29 10:8 p.m.20 views

Friday Squid Blogging: Sqids

Theyre short unique strings: Sqids pronounced "squids" is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I havent dug into the details enough to know how they can...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/15 5:51 p.m.20 views

New SSH Vulnerability

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/14 12:6 p.m.20 views

How .tk Became a TLD for Scammers

Sad story of Tokelau, and how its top-level domain "became the unwitting host to the dark underworld by providing a never-ending supply of domain names that could be weaponized against internet users. Scammers began using .tk websites to do everything from harvesting passwords and payment...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/10 10:4 p.m.20 views

Friday Squid Blogging: The History and Morality of US Squid Consumption

Really interesting article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/11 11:4 a.m.20 views

Cisco Can’t Stop Using Hard-Coded Passwords

Theres a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/24 11:9 a.m.20 views

Google Reportedly Disconnecting Employees from the Internet

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/20 7:44 p.m.20 views

Kevin Mitnick Died

Obituary...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/21 2:19 p.m.20 views

Using the iPhone Recovery Key to Lock Owners Out of Their iPhones

This a good example of a security feature that can sometimes harm security: Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who turn on the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password. iPhone...

6.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/11 11:22 a.m.20 views

Car Thieves Hacking the CAN Bus

Car thieves are injecting malicious software into a cars network through wires in the headlights or taillights that fool the car into believing that the electronic key is nearby. News articles...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 11:4 a.m.20 views

Exploding USB Sticks

In case you dont have enough to worry about, people are hiding explosives--actual ones--in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/07 12:13 p.m.20 views

Prompt Injection Attacks on Large Language Models

This is a good survey on prompt injection attacks on large language models like ChatGPT. Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models LLMs. They are already being adopted in practice and integrated into many systems, including integrated...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/22 12:30 p.m.20 views

A Device to Turn Traffic Lights Green

Heres a story about a hacker who reprogrammed a device called "Flipper Zero" to mimic Opticom transmitters--to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data or transmit it, with the right firmware in...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/10 8:3 p.m.20 views

A Hacker’s Mind Is Now Published

Tuesday was the official publication date of A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times, Cory Doctorows blog, Science, and the Associated Press. I wrote essays related to th...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 8:19 p.m.20 views

Kevin Mitnick Hacked California Law in 1983

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that theres warrant for his arrest by the California Youth Authority, an...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/20 10:0 p.m.20 views

Friday Squid Blogging: Another Giant Squid Captured on Video

Heres a new video of a giant squid, filmed in the Sea of Japan. I believe its injured. Its so close to the surface, and not really moving very much. "We didnt see the kinds of agile movements that many fish and marine creatures normally show," he said. "Its tentacles and fins were moving very...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/28 6:14 p.m.20 views

QR Code Scam

An enterprising individual made fake parking tickets with a QR code for easy payment...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/25 11:45 a.m.20 views

Man-in-the-Middle Phishing Attack

Heres a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/12 9:6 p.m.20 views

Friday Squid Blogging: SQUID Acronym for Making Conscious Choices

I think the U is forced: SQUID consists of five steps: Stop, Question, Understand, Imagine, and Decide. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/02 11:49 a.m.20 views

Surveillance of Your Car

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it. The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/31 9:12 a.m.20 views

Security and Human Behavior (SHB) 2022

Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, its nice to be back together in person. SHB is a small, annual, invitational...

Exploits0
Schneier on Security
Schneier on Security
added 2022/03/25 11:14 a.m.20 views

Gus Simmons’s Memoir

Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography. He has written a memoir of growing up dirt-poor...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/18 11:12 a.m.20 views

Why Vaccine Cards Are So Easily Forged

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/09 12:0 p.m.20 views

Fraud on Zelle

Zelle is rife with fraud: Zelle’s immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/04 3:44 p.m.20 views

The EARN IT Act Is Back

Senators have reintroduced the EARN IT Act, requiring social media companies among others to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal D-CT and Sen. Lindsey Graham R-SC have re-introduced the EARN IT Act, an incredibly unpopula...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/26 4:4 p.m.20 views

New DeadBolt Ransomware Targets NAT Devices

Theres a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP devices...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/14 10:12 p.m.20 views

Friday Squid Blogging: The Evolution of Squid Eyes

New research: The researchers from the FAS Center for Systems Biology discovered a network of genes important in squid eye development that are known to also play a crucial role in limb development across animals, including vertebrates and insects. The scientists say these genes have been...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/31 3:52 p.m.20 views

Apple AirTags Are Being Used to Track People and Cars

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apples mobile...

0.2AI score
Exploits0
Total number of security vulnerabilities2981