Lucene search
K
SchneierMost viewed

2978 matches found

Schneier on Security
Schneier on Security
added 2019/10/25 9:4 p.m.89 views

Friday Squid Blogging: Researchers Investigating Using Squid Propulsion for Underwater Robots

Interesting article and paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/18 1:21 p.m.89 views

Identity Theft on the Job Market

Identity theft is getting more subtle: "My job application was withdrawn by someone pretending to be me": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to him by Friday, but they never did. At first, he assumed he was...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/29 9:15 p.m.89 views

Friday Squid Blogging: Restoring the Giant Squid at the Museum of Natural History

It is traveling to Paris. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/07 2:15 p.m.88 views

China's AI Strategy and its Security Implications

Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/05 8:59 p.m.88 views

Major Zcash Vulnerability Fixed

Zcash just fixed a vulnerability that would have allowed "infinite counterfeit" Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governan...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/11 12:14 p.m.87 views

Fooling Voice Assistants with Lasers

Interesting: Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible­ -- and sometimes invisible­ -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/16 6:34 p.m.87 views

More Attacks against Computer Automatic Update Systems

Last month, Kaspersky discovered that Asus's live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation. As we mentioned before, ASUS was not the only company used by the attackers. Studyin...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/27 9:37 p.m.87 views

Friday Squid Blogging: Bizarre Contorted Squid

This bizarre contorted squid might be a new species, or a previously known species exhibiting a new behavior. No one knows. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/08 9:11 p.m.87 views

Friday Squid Blogging: Make-Your-Own Squid Candy

It's Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/11 7:34 p.m.87 views

I Seem to Have a LinkedIn Account

I seem to have a LinkedIn account. This comes as a surprise, since I don't have a LinkedIn account, and have never logged in to LinkedIn. Does anyone have any contacts into the company? I would like to report this fraudulent account, and possibly get control of it. I'm not on LinkedIn, but the be...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/30 7:13 p.m.87 views

Details from the 2017 Workshop on Economics and Information Security

The 16th Workshop on Economics and Information Security was this week. Ross Anderson liveblogged the talks...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/03 10:25 p.m.86 views

Friday Squid Blogging: Giant Squid Video from the Gulf of Mexico

Fantastic video: Scientists had used a specialized camera system developed by Widder called the Medusa, which uses red light undetectable to deep sea creatures and has allowed scientists to discover species and observe elusive ones. The probe was outfitted with a fake jellyfish that mimicked the...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/18 9:11 p.m.86 views

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/24 12:25 p.m.86 views

MD5 and SHA-1 Still Used in 2018

Last week, the Scientific Working Group on Digital Evidence published a draft document -- "SWGDE Position on the Use of MD5 and SHA1 Hash Algorithms in Digital and Multimedia Forensics" -- where it accepts the use of MD5 and SHA-1 in digital forensics applications: While SWGDE promotes the adopti...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/18 12:31 p.m.86 views

Teaching Cybersecurity Policy

Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/02 11:1 a.m.86 views

How to Punish Cybercriminals

Interesting policy paper by Third Way: "To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors": In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/07 7:22 p.m.86 views

Reddit AMA

I did a Reddit AMA on Thursday, September 6...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/09 10:22 p.m.86 views

Friday Squid Blogging: Interesting Interview

Here's an hour-long audio interview with squid scientist Sarah McAnulty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/24 7:13 p.m.85 views

ToTok Is an Emirati Spying Tool

The smartphone messaging app ToTok is actually an Emirati spying tool: But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/29 11:43 a.m.85 views

Manipulating Machine Learning Systems by Manipulating Training Data

Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-ti...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/02 11:24 a.m.85 views

Google Releases Basic Homomorphic Encryption Tool

Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article: Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/22 7:11 p.m.85 views

Visiting the NSA

Yesterday, I visited the NSA. It was Cyber Command's birthday, but that's not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. BERKman hewLETT -- get it? We have a web page, but it's badly out of...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/22 12:1 p.m.84 views

Critical Microsoft Code-Execution Vulnerability

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was and is: Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication...

2.7AI score0.85762EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/06 10:20 p.m.84 views

Friday Squid Blogging: Squidfall Safety

Watchmen supporting material. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/30 4:0 p.m.84 views

Security Analysis of the LIFX Smart Light Bulb

The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered stored in plaintext into the flash memory. No security settings. The device is completely open no secure boot, no debug interface disabled...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/24 11:0 a.m.84 views

China's Hacking of the Border Gateway Protocol

This is a long -- and somewhat technical -- paper by Chris C. Demchak and Yuval Shavitt about China's repeated hacking of the Internet Border Gateway Protocol BGP: "China's Maxim ­ Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking." BGP hacking is how large...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/03 11:1 a.m.83 views

Hacking Gas Pumps via Bluetooth

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that its easy to take control of the pump and have it dispense gas without requiring payment. Its a complicated crime to monetize, though. You need to sell...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/14 11:18 a.m.83 views

Attorney General Barr and Encryption

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it i...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/25 11:49 a.m.83 views

Android Ad-Fraud Scheme

BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users' behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme. After being provided with a list of the apps and websites connected to the scheme,...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/08 11:11 a.m.82 views

BlackLotus Malware Hijacks Windows Secure Boot Process

Researchers have discovered malware that "can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows." Dubbed BlackLotus, the malware is whats known as a UEFI bootkit. These sophisticated pieces of malware...

4.9CVSS0.3AI score0.06567EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2019/12/27 10:13 p.m.82 views

Friday Squid Blogging: New Species of Bobtail Squid

Euprymna brenneri was discovered in the waters of Okinawa. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/18 9:20 p.m.82 views

Friday Squid Blogging: Flying Squid

Flying squid are real. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/13 9:26 p.m.82 views

Friday Squid Blogging: International Squid Awareness Day

It's International Cephalopod Awareness Days this week, and Tuesday was Squid Day. I can't believe I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/31 12:18 p.m.81 views

Twelve-Year-Old Linux Vulnerability Discovered and Patched

Its a privilege escalation vulnerability: Linux users on Tuesday got a major dose of bad news -- a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously calle...

7.2CVSS3.1AI score0.94921EPSS
Exploits151
Schneier on Security
Schneier on Security
added 2018/12/10 3:27 p.m.81 views

2018 Annual Report from AI Now

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/27 9:34 p.m.80 views

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/08 10:24 a.m.80 views

New Unpatchable iPhone Exploit Allows Jailbreaking

A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's phones. Some details: I wanted to learn how Checkm8 will shape the iPhone experience­ -- particularly as it relates to...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/05 11:40 a.m.80 views

Lessons Learned Trying to Secure Congressional Campaigns

Really interesting first-hand experience from Maciej Cegłowski...

3.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/03 11:30 a.m.80 views

The Importance of Protecting Cybersecurity Whistleblowers

Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a barrage of shocking revelations about data...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/24 1:39 p.m.80 views

Germany Talking about Banning End-to-End Encryption

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. Cory...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/13 10:23 p.m.80 views

Friday Squid Blogging: More Problems with the Squid Emoji

Piling on from last week's post, the squid emoji's siphon is in the wrong place. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/20 9:26 p.m.80 views

Friday Squid Blogging: Squid Prices Rise as Catch Decreases

In Japan: Last year's haul sank 15% to 53,000 tons, according to the JF Zengyoren national federation of fishing cooperatives. The squid catch has fallen by half in just two years. The previous low was plumbed in 2016. Lighter catches have been blamed on changing sea temperatures, which impedes t...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/04 9:24 p.m.80 views

Friday Squid Blogging: Squid Fake News

I never imagined that there would be fake news about squid. That website lets you write your own stories. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/15 11:12 a.m.79 views

Palantir's Surveillance Service for Law Enforcement

Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/08 5:38 p.m.79 views

Cardiac Biometric

MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance: A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/22 11:59 a.m.79 views

Hacking Construction Cranes

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be easily taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we'v...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/03 3:9 p.m.79 views

Podcast Interview with Eva Galperin

Nice interview with the EFF's director of cybersecurity, Eva Galperin...

4.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/01 11:39 a.m.79 views

Russian Hacking Tools Codenamed WhiteBear Exposed

Kaspersky Labs exposed a highly sophisticated set of hacking tools from Russia called WhiteBear. From February to September 2016, WhiteBear activity was narrowly focused on embassies and consular operations around the world. All of these early WhiteBear targets were related to embassies and...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/12 3:18 p.m.78 views

New Australian Backdoor Law

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things. And two,...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/28 11:16 a.m.78 views

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

In April, the Shadow Brokers -- presumably Russia -- released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 -- based on timestamps of the...

7.1AI score
Exploits0
Total number of security vulnerabilities2978