Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2023/09/05 11:3 a.m.18 views

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

Interesting research: Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System CVSS is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/16 11:17 a.m.18 views

UK Electoral Commission Hacked

The UK Electoral Commission discovered last year that it was hacked the year before. Thats fourteen months between the hack and the discovery. It doesnt know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/27 11:4 a.m.18 views

Fooling an AI Article Writer

World of Warcraft players wrote about a fictional game element, "Glorbo," on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked: And it…worked. Zleague auto-published a post titled "World of Warcraft Players Excited For Glorbo’s Introduction." … That is…a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/21 11:16 a.m.18 views

AI and Microdirectives

Imagine a future in which AIs automatically interpret--and enforce--laws. All day and every day, you constantly receive highly personalized instructions for how to comply with the law, sent directly by your government and law enforcement. Youre told how to cross the street, how fast to drive on t...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/07 11:11 a.m.18 views

The AI Dividend

For four decades, Alaskans have opened their mailboxes to find checks waiting for them, their cut of the black gold beneath their feet. This is Alaskas Permanent Fund, funded by the states oil revenues and paid to every Alaskan each year. Were now in a different sort of resource rush, with...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/06 11:3 a.m.18 views

Belgian Tax Hack

Heres a fascinating tax hack from Belgium listen to the details here, episode 484 of "No Such Thing as a Fish," at 28:00. Basically, its about a music festival on the border between Belgium and Holland. The stage was in Holland, but the crowd was in Belgium. When the copyright collector came...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/13 11:22 a.m.18 views

Bypassing a Theft Threat Model

Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. I wrote about this kind of thing in 2000, in Secrets and Lies page 318: My favorite example is a band of California art thieves that would break into peoples houses by cutting a hole in...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/12 11:11 a.m.18 views

FBI Advising People to Avoid Public Charging Stations

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB por...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/21 12:34 p.m.18 views

US Citizen Hacked by Spyware

The New York Times is reporting that a US citizens phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/17 10:3 p.m.18 views

Friday Squid Blogging: Thermal Batteries from Squid Proteins

Researchers are making thermal batteries from "a synthetic material thats derived from squid ring teeth protein." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/16 12:14 p.m.18 views

Hacked Cellebrite and MSAB Software Released

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 8:7 p.m.18 views

Existential Risk and the Fermi Paradox

We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hackers Mind coming in February 2023, I write: Our societal systems, in general, may have grown fairer and more...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/14 11:51 a.m.18 views

Weird Fallout from Peiter Zatko’s Twitter Whistleblowing

People are trying to dig up dirt on Peiter Zatko, better known as Mudge. For the record, I have not been contacted. Im not sure if I should feel slighted...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/26 9:8 p.m.18 views

Friday Squid Blogging: 14-foot Giant Squid Washes Ashore in Cape Town

Its an Architeuthis dux, the second this year. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/28 11:16 a.m.18 views

New UFEI Rootkit

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article: The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/19 2:40 p.m.18 views

NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders

Yet another basic human rights violation, courtesy of NSO Group: Citizen Lab has the details: Key Findings We discovered an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy. We forensically confirmed that at least 30 individua...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/06 4:49 p.m.18 views

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

NISTs post-quantum computing cryptography standard process is entering its final phases. It announced the first four algorithms: For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption key...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/29 11:19 a.m.18 views

Ecuador’s Attempt to Resettle Edward Snowden

Someone hacked the Ecuadorian embassy in Moscow and found a document related to Ecuadors 2013 efforts to bring Edward Snowden there. If you remember, Snowden was traveling from Hong Kong to somewhere when the US revoked his passport, stranding him in Russia. In the document, Ecuador asks Russia t...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 2:30 p.m.18 views

Twitter Used Two-Factor Login Details for Ad Targeting

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/25 3:30 p.m.18 views

Manipulating Machine-Learning Systems through the Order of the Training Data

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not rando...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/18 11:6 a.m.18 views

iPhone Malware that Operates Even When the Phone Is Turned Off

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­--which is key to making features like Find My work­--has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/02 12:25 p.m.18 views

Vulnerability in Stalkerware Apps

TechCrunch is reporting -- but not describing in detail -- a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isnt in the apps installed on the victims phones, but in the website the stalker goes to view the information the app...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/25 10:0 p.m.18 views

Friday Squid Blogging: Squid Videos

Here are six beautiful squid videos. I know nothing more about them. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 2/25: This post accidentally went live on Wednesday, two days...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/23 12:28 p.m.18 views

Bypassing Apple’s AirTag Security

A Berlin-based company has developed an AirTag clone that bypasses Apples anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apples anti-stalker security only works with iPhones. Apple wrote an Android app that...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/18 10:12 p.m.18 views

Friday Squid Blogging: South American Squid Stocks Threatened by Chinese Fishing

Theres a lot of fishing going on: The number of Chinese-flagged vessels in the south Pacific has surged 13-fold from 54 active vessels in 2009 to 707 in 2020, according to the SPRFMO. Meanwhile, the size of Chinas squid catch has grown from 70,000 tons in 2009 to 358,000. As usual, you can also u...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/11 12:17 p.m.18 views

On the Irish Health Services Executive Hack

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices: The report notes that: The HSE did not have a Chief Information Security Officer CISO or a “single responsible owner for cybersecurity at either senior executive o...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/10 12:13 p.m.18 views

Bunnie Huang’s Plausibly Deniable Database

Bunnie Huang has created a Plausibly Deniable Database. Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. This allows specific and enforceable demands to be made: “Give us the...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/09 12:25 p.m.18 views

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/15 8:34 p.m.18 views

Book Sale: Click Here to Kill Everybody and Data and Goliath

For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath, both in paperback, for just $6 each plus shipping. I have 500 copies of each book available. When theyre gone, the sale is over and the price will revert to normal. Order here and here. Please be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/19 11:7 a.m.18 views

Ransomware Attacks against Water Treatment Plants

According to a report from CISA last week, there were three ransomware attacks against water treatment plants last year. WWS Sector cyber intrusions from 2019 to early 2021 include: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. The...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/15 2:30 p.m.18 views

Security Risks of Client-Side Scanning

Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldnt touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. Its not a cryptographic backdoor, b...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/22 2:30 p.m.18 views

FBI Had the REvil Decryption Key

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didnt pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying i...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/07 11:14 a.m.18 views

Lightning Cable with Embedded Eavesdropping

Normal-looking cables USB-C, Lightning, and so on that exfiltrate data over a wireless network. I blogged about a previous prototype here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/05 3:28 p.m.18 views

California Proposition 24 Passes

Californias Proposition 24, aimed at improving the California Consumer Privacy Act, passed this week. Analyses are very mixed. I was very mixed on the proposition, but on the whole I supported it. The proposition has some serious flaws, and was watered down by industry, but voting for privacy fee...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/29 2:52 p.m.18 views

Tracking Users on Waze

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users: I found out that I can visit Waze from any web browser at waze.com/livemap so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/18 3:3 p.m.18 views

Using Disinformation to Cause a Blackout

Interesting paper: "How weaponizing disinformation can bring down a city's power grid": Abstract: Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/21 11:9 a.m.18 views

Hacking a Power Supply

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers. Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can ...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/09 11:16 a.m.18 views

Traffic Analysis of Home Security Cameras

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/01 2:31 p.m.18 views

Securing the International IoT Supply Chain

Together with Nate Kim former student and Trey Herr Atlantic Council Cyber Statecraft Initiative, I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/14 7:0 p.m.18 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/19 12:50 p.m.18 views

What Happened to Cyber 9/11?

A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I made fun of those warnings back then. Th...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/14 11:15 a.m.18 views

Quantum Computing and Cryptography

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/02 11:40 a.m.18 views

NIST Issues Call for "Lightweight Cryptography" Algorithms

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will functio...

Exploits0
Schneier on Security
Schneier on Security
added 2018/01/05 8:22 p.m.18 views

Spectre and Meltdown Attacks Against Microprocessors

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/27 7:45 p.m.18 views

FBI Increases Its Anti-Encryption Rhetoric

Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law -- or something like that. The EFF's Kurt Opsahl takes it apart pretty thoroughly. Last week, FBI Director Christopher Wray said much the same thing. This is an ide...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/29 11:51 a.m.19 views

Websites Grabbing User-Form Data Before It's Submitted

Websites are sending information prematurely: ...we discovered NaviStone's code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/28 5:56 p.m.18 views

Girl Scouts to Offer Merit Badges in Cybersecurity

The Girl Scouts are going to be offering 18 merit badges in cybersecurity, to scouts as young as five years old...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/27 6:38 p.m.18 views

Article on the DAO Ethereum Hack

This is good...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/21 11:12 a.m.18 views

The Dangers of Secret Law

Last week, the Department of Justice released 18 new FISC opinions related to Section 702 as part of an EFF FOIA lawsuit. Of course, they don't mention EFF or the lawsuit. They make it sound as if it was their idea. There's probably a lot in these opinions. In one Kafkaesque ruling, a defendant w...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/13 11:21 a.m.18 views

Security Flaws in 4G VoLTE

Research paper: "Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone," by Patrick Ventuzelo, Olivier Le Moal, and Thomas Coudray. Abstract: VoLTE Voice over LTE is a technology implemented by many operators over the world. Unlike previous 2G/3G technologies, VoLTE...

6.9AI score
Exploits0
Total number of security vulnerabilities2980