Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2022/06/17 11:6 a.m.17 views

Tracking People via Bluetooth on Their Phones

Weve always known that phones--and the people carrying them--can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that thats not enough. Computer scientists at the University of California San Diego proved in a...

Exploits0
Schneier on Security
Schneier on Security
added 2022/06/14 12:19 p.m.17 views

Hacking Tesla’s Remote Key Cards

Interesting vulnerability in Teslas NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/02 8:59 p.m.17 views

Remotely Controlling Touchscreens

Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/17 11:10 a.m.17 views

Attacks on Managed Service Providers Expected to Increase

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs--as a vector to their customers--are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the...

4.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/05 11:2 a.m.17 views

15.3 Million Request-Per-Second DDoS Attack

Cloudflare is reporting a large DDoS attack against an unnamed company "operating a crypto launchpad." While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/03 4:17 p.m.17 views

Using Pupil Reflection in Smartphone Camera Selfies

Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used: For now, the research is focusing on six different ways a user can hold a device like a smartphone: with both hands, just the left, or just the...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/11 11:4 a.m.17 views

De-anonymizing Bitcoin

Andy Greenberg wrote a long article -- an excerpt from his new book -- on how law enforcement de-anonymized bitcoin transactions to take down a global child porn ring. Within a few years of Bitcoins arrival, academic security researchers -- and then companies like Chainalysis -- began to tear...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/15 11:1 a.m.17 views

US Critical Infrastructure Companies Will Have to Report When They Are Hacked

This will be law soon: Companies critical to U.S. national interests will now have to report when theyre hacked or they pay ransomware, according to new rules approved by Congress. … The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/02 12:25 p.m.17 views

Vulnerability in Stalkerware Apps

TechCrunch is reporting -- but not describing in detail -- a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isnt in the apps installed on the victims phones, but in the website the stalker goes to view the information the app...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/21 12:31 p.m.17 views

Stealing Bicycles by Swapping QR Codes

This is a clever hack against those bike-rental kiosks: Theyre stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app. The app doesnt work for the ride...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/14 6:2 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia on June 3, 2022. I’m speaking at the RSA Conference 2022 in San Francisco...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/24 12:27 p.m.17 views

Linux-Targeted Malware Increased by 35%

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/21 12:6 p.m.17 views

China’s Olympics App Is Horribly Insecure

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, ha...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/14 6:2 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/22 9:10 p.m.17 views

Friday Squid Blogging: Squid Eating Maine Shrimp

Squid are eating Maine shrimp, causing a collapse of the ecosystem. This seems to be a result of climate change. Maines shrimp fishery has been closed for nearly a decade since the stocks collapse in 2013. Scientists are now saying a species of squid that came into the Gulf of Maine during a...

Exploits0
Schneier on Security
Schneier on Security
added 2021/10/01 2:56 p.m.17 views

A Death Due to Ransomware

The Wall Street Journal is reporting on a babys death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. Amid the hack, fewer eyes were on the heart monitors -- normally tracked on a large screen at the nurses station, in...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/24 9:20 p.m.17 views

Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk

No, I dont understand it, either. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/09 11:13 a.m.17 views

More Detail on the Juniper Hack and the NSA PRNG Backdoor

We knew the basics of this story, but its good to have more detail. Heres me in 2015 about this Juniper hack. Heres me in 2007 on the NSA backdoor...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 7:21 p.m.17 views

Hacker-Themed Board Game

Black Hat is a hacker-themed board game...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/21 12:6 p.m.17 views

Cellebrite Can Break Signal

Cellebrite announced that it can break Signal. Note that the company has heavily edited its blog post, but the original -- with lots of technical details -- was saved by the Wayback Machine. News article. Slashdot post. The whole story is puzzling. Cellebrites details will make it easier for the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/12 11:8 a.m.17 views

Cryptanalysis of an Old Zip Encryption Algorithm

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/02 2:26 p.m.17 views

The Security Value of Inefficiency

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that's all profitable. Inefficiency, on th...

Exploits0
Schneier on Security
Schneier on Security
added 2018/09/28 11:24 a.m.17 views

Yet Another IoT Cybersecurity Document

This one is from NIST: "Considerations for Managing Internet of Things IoT Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/16 11:46 a.m.17 views

The DMCA and its Chilling Effects on Research

The Center for Democracy and Technology has a good summary of the current state of the DMCA's chilling effects on security research. To underline the nature of chilling effects on hacking and security research, CDT has worked to describe how tinkerers, hackers, and security researchers of all typ...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/13 11:31 a.m.17 views

E-Mailing Private HTTPS Keys

I don't know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/14 12:43 p.m.17 views

Can Consumers' Online Data Be Protected?

Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn't mean everything will be hacke...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/09 9:26 p.m.17 views

Daniel Miessler on My Writings about IoT Security

Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything i...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 9:14 p.m.17 views

Friday Squid Blogging: Squids from Space Video Game

An early preview. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/09 9:25 p.m.17 views

Friday Squid Blogging: Sex Is Traumatic for the Female Dumpling Squid

The more they mate, the sooner they die. Academic paper paywall. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/08 12:15 p.m.17 views

Safety and Security and the Internet of Things

Ross Anderson blogged about his new paper on security and safety concerns about the Internet of Things. See also this short video. It's very much along the lines of what I've been writing...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/02 11:6 a.m.17 views

WannaCry and Vulnerabilities

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims' access to their computers...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/11 10:58 a.m.17 views

Interview with Ross Anderson

Cybersecurity researcher Ross Anderson has a good interview on edge.org...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/26 11:3 a.m.16 views

One Million Passports Leaked Online

A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential--a passport--was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it's the low-value system that got hacked, putting th...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/19 11:6 a.m.16 views

The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”

In response to a FOIA request, the NSA released "Fifty Years of Mathematical Cryptanalysis 1937-1987," by Glenn F. Stahly, with a lot of redactions. Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a few less redactions. And nothi...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/28 6:17 p.m.16 views

Windscribe Acquitted on Charges of Not Collecting Users’ Data

The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/08 11:8 a.m.16 views

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today's threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 8:55 p.m.16 views

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/14 4:4 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is "Should the USG Establish a Publicly Funded AI Option?" The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/12 11:1 a.m.16 views

Smuggling Gold by Disguising it as Machine Parts

Someone got caught trying to smuggle 322 pounds of gold thats about a quarter of a cubic foot out of Hong Kong. It was disguised as machine parts: On March 27, customs officials x-rayed two air compressors and discovered that they contained gold that had been "concealed in the integral parts" of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/09 1:56 p.m.16 views

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

The US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior US government officials. From the executive summary: The Board finds that this intrusion was preventable...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/05 9:2 p.m.16 views

Friday Squid Blogging: SqUID Bots

Theyre AI warehouse robots. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/14 11:1 a.m.16 views

Automakers Are Sharing Driver Data with Insurers without Consent

Kasmir Hill has the story: Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/19 4:15 p.m.16 views

EU Court of Human Rights Rejects Encryption Backdoors

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights: Seemingly most critically, the Russian government told the ECHR that any intrusion on private lives resulting from decrypting messages was "necessary" to combat terrorism in...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/09 10:9 p.m.16 views

Friday Squid Blogging: A Penguin Named “Squid”

Amusing story about a penguin named "Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/31 12:4 p.m.16 views

CFPB’s Proposed Data Rules

In October, the Consumer Financial Protection Bureau CFPB proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermini...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/25 12:4 p.m.16 views

Quantum Computing Skeptics

Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we dont know if its "land a person on the surface of the moon" hard, or "land a person on the surface of the sun" hard. They...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/23 12:9 p.m.16 views

Side Channels Are Common

Really interesting research: "Lend Me Your Ear: Passive Remote Physical Side Channels on PCs." Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/19 12:21 p.m.16 views

Speaking to the CIA’s Creative Writing Group

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIAs creative writing group. I asked Vivian not her real name what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/10 12:5 p.m.16 views

Facial Scanning by Burger King in Brazil

In 2000, I wrote: "If McDonalds offered three free Big Macs for a DNA sample, there would be lines around the block." Burger King in Brazil is almost there, offering discounts in exchange for a facial scan. From a marketing video: "At the end of the year, its Friday every day, and the hangover...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/24 10:4 p.m.16 views

Friday Squid Blogging: Squid Nebula

Pretty photograph. The Squid Nebula is shown in blue, indicating doubly ionized oxygen--­which is when you ionize your oxygen once and then ionize it again just to make sure. In all seriousness, it likely indicates a low-mass star nearing the end of its life. As usual, you can also use this squid...

7.2AI score
Exploits0
Total number of security vulnerabilities2979