Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2017/07/17 11:29 a.m.78 views

Australia Considering New Law Weakening Encryption

News from Australia: Under the law, internet companies would have the same obligations telephone companies do to help law enforcement agencies, Prime Minister Malcolm Turnbull said. Law enforcement agencies would need warrants to access the communications. "We've got a real problem in that the la...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/24 12:19 p.m.77 views

Twelve-Year-Old Vulnerability Found in Windows Defender

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/24 7:14 p.m.77 views

NSA Hawaii

Recently I've heard Edward Snowden talk about his working at the NSA in Hawaii as being "under a pineapple field." CBS News recently ran a segment on that NSA listening post on Oahu. Not a whole lot of actual information. "We're in office building, in a pineapple field, on Oahu...." And part of i...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/14 6:20 p.m.77 views

DARPA Is Developing an Open-Source Voting System

This sounds like a good development: ...a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency DARPA has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/06 4:24 p.m.77 views

Using Gmail "Dot Addresses" to Commit Fraud

In Gmail addresses, the dots don't matter. The account "[email protected]" maps to the exact same address as "[email protected]" and "[email protected]" -- and so on. Note: I own none of those addresses, if they are actually valid. This fact can be used to commit fraud:...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/17 12:33 p.m.77 views

Prices for Zero-Day Exploits Are Rising

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreak...

Exploits0
Schneier on Security
Schneier on Security
added 2019/01/15 11:55 a.m.77 views

Alex Stamos on Content Moderation and Security

Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off -- which would be more profitable for them and bad for society. If we ask tech companies to fix ancient societal ills...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/02 3:29 p.m.77 views

Long-Range Familial Searching Forensics

Good article on using long-range familial searching -- basically, DNA matching of distant relatives -- as a police forensics tool. EDITED TO ADD 1/5: A smattering of papers on the topic...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/02 9:8 p.m.77 views

Friday Squid Blogging: Eating More Squid

This research paper concludes that we'll be eating more squid in the future. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/24 11:33 a.m.76 views

Russians Hack FBI Comms System

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/30 11:19 a.m.76 views

ACLU on the GCHQ Backdoor Proposal

Back in January, two senior GCHQ officials proposed a specific backdoor for communications systems. It was universally derided as unworkable -- by me, as well. Now Jon Callas of the ACLU explains why...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/10 11:18 a.m.76 views

Employment Scam

Interesting story of an old-school remote-deposit capture fraud scam, wrapped up in a fake employment scam. Slashdot thread...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/07 7:48 p.m.76 views

Detecting Shoplifting Behavior

This system claims to detect suspicious behavior that indicates shoplifting: Vaak, a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body languag...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/14 7:14 p.m.76 views

Click Here to Kill Everybody Reviews and Press Mentions

It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin. I've also done a bunch of interviews -- either written or radio/podca...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/21 9:33 p.m.76 views

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

It's the second in two months. Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/13 11:13 a.m.75 views

Zero-Click Exploit in iPhones

Make sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain dubbed BLASTPASS to deploy NSO Groups Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as...

4.4CVSS6.6AI score0.15263EPSS
Exploits2
Schneier on Security
Schneier on Security
added 2020/02/18 12:9 p.m.75 views

Hacking McDonald's for Free Food

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/29 10:13 p.m.75 views

Friday Squid Blogging: Squid-Like Underwater Drone

The Sea Hunting Autonomous Reconnaissance Drone SHARD swims like a squid and can explode on command. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/26 11:21 a.m.75 views

On Chinese "Spy Trains"

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/16 5:54 p.m.75 views

Zoom Vulnerability

The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera. It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/25 12:23 p.m.75 views

On the Security of Password Managers

There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? Al...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 8:29 p.m.75 views

Click Here to Kill Everybody News

My latest book is doing well. And I've been giving lots of talks and interviews about it. I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer. My book talk at Google is also available. The Audible version w...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/23 12:11 p.m.75 views

Election Security

I joined a letter supporting the Secure Elections Act S. 2261: The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. The measure authorizes appropriation of grants to the states to take important and time-sensitive actions, includin...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/04 8:40 p.m.75 views

GoldenEye Malware

I don't have anything to say -- mostly because I'm otherwise busy -- about the malware known as GoldenEye, NotPetya, or ExPetr. But I wanted a post to park links. Please add any good relevant links in the comments...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/24 11:43 a.m.74 views

Attorney General William Barr on Encryption Policy

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/20 5:38 p.m.74 views

Zipcar Disruption

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage: "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software." That didn't just mean people couldn't get ca...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/13 12:32 p.m.74 views

Cyberinsurance and Acts of War

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/13 7:13 p.m.74 views

My Blogging

Blog regulars will notice that I haven't been posting as much lately as I have in the past. There are two reasons. One, it feels harder to find things to write about. So often it's the same stories over and over. I don't like repeating myself. Two, I am busy writing a book. The title is still:...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/30 9:22 p.m.74 views

Friday Squid Blogging: Food Supplier Passes Squid Off as Octopus

According to a lawsuit main article behind paywall, "a Miami-based food vendor and its supplier have been misrepresenting their squid as octopus in an effort to boost profits." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read m...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/12 8:5 p.m.73 views

Medieval Security Techniques

Sonja Drummer describes with photographs two medieval security techniques. The first is a for authentication: a document has been cut in half with an irregular pattern, so that the two halves can be brought together to prove authenticity. The second is for integrity: hashed lines written above an...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/17 10:19 p.m.73 views

Friday Squid Blogging: Giant Squid Genome Analyzed

This is fantastic work: In total, the researchers identified approximately 2.7 billion DNA base pairs, which is around 90 percent the size of the human genome. There's nothing particularly special about that size, especially considering that the axolotl genome is 10 times larger than the human...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/25 11:17 a.m.73 views

Software Developers and Security

According to a survey: "68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes." And that's a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developer...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/28 2:59 p.m.73 views

First American Financial Corp. Data Records Leak

Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and eve...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/20 6:30 p.m.73 views

The Concept of "Return on Data"

This law review article by Noam Kolt, titled "Return on Data," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility U consumers gain and the data D...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/12 4:13 p.m.73 views

Maliciously Tampering with Medical Imagery

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don't think the medical device industry has thought at all about data integrity and authentication issues. In a world where...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/11 12:38 p.m.73 views

Using a Fake Hand to Defeat Hand-Vein Biometrics

Nice work: One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/07 4:50 p.m.73 views

Banks Attacked through Malicious Hardware Connected to the Local Network

Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/16 8:11 p.m.73 views

Mailing Tech Support a Bomb

I understand his frustration, but this is extreme: When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb ­ or, rather, two pipe bombs, which is what investigators found when they picked apart the explosive package ­ the only thing the company could think of...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/22 12:4 p.m.73 views

Harassment By Package Delivery

People harassing women by delivering anonymous packages purchased from Amazon. On the one hand, there is nothing new here. This could have happened decades ago, pre-Internet. But the Internet makes this easier, and the article points out that using prepaid gift cards makes this anonymous. I am...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/21 12:31 p.m.73 views

SVR Attacks on Microsoft 365

FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/11 11:14 a.m.72 views

Details on Uzbekistan Government Malware: SandCat

Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group's lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/26 11:41 a.m.72 views

Detecting Credit Card Skimmers

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There's now an app that can detect them: The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/15 7:22 p.m.72 views

WhatsApp Vulnerability Fixed

WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn't even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive...

4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/09 8:17 p.m.72 views

Another NSA Leaker Identified and Charged

In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/15 11:30 a.m.72 views

China Spying on Undersea Internet Cables

Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables: But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/14 5:13 p.m.72 views

Why Internet Security Is So Bad

I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/22 5:58 p.m.72 views

The Effects of Iran's Telegram Ban

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/01 11:0 a.m.72 views

NSA Collects MS Windows Error Information

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports: One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft's Windows. Every user of the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/14 5:1 p.m.71 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking via Internet at SHIFT Business Festival in Finland, August 25-26, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/22 10:21 a.m.71 views

Modifying a Tesla to Become a Surveillance Platform

From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the...

0.3AI score
Exploits0
Total number of security vulnerabilities2979