Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2019/08/14 5:36 p.m.71 views

Side-Channel Attack against Electronic Locks

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/23 7:5 p.m.71 views

German SG-41 Encryption Machine Up for Auction

A German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/13 11:37 a.m.71 views

Reverse Engineering a Chinese Surveillance App

Human Rights Watch has reverse engineered an app used by the Chinese police to conduct mass surveillance on Turkic Muslims in Xinjiang. The details are fascinating, and chilling. Boing Boing post...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/13 11:57 a.m.71 views

Technology to Out Sex Workers

Two related stories: PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names. Facebook somehow managed to link a sex worker's clients unde...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/14 8:3 p.m.70 views

Should There Be Limits on Persuasive Technologies?

Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade consumers to buy their products or services. We all persuade our friends to accept our choice of...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/21 10:19 p.m.70 views

Friday Squid Blogging: 13-foot Giant Squid Caught off New Zealand Coast

It's probably a juvenile: Researchers aboard the New Zealand-based National Institute of Water and Atmospheric Research Ltd NIWA research vessel Tangaroa were on an expedition to survey hoki, New Zealand's most valuable commercial fish, in the Chatham Rise ­ an area of ocean floor to the east of...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/08 10:20 p.m.70 views

Friday Squid Blogging: 80-Foot Steel Kraken Deliberately Sunk

The headline gives the story: "An 80-Foot Steel Kraken Will Create an Artificial Coral Reef Near the British Virgin Islands." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/06 7:16 p.m.70 views

Security and Human Behavior (SHB) 2019

Today is the second day of the twelfth Workshop on Security and Human Behavior, which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/29 11:3 a.m.70 views

Alex Stamos on Content Moderation and Security

Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/07 12:13 p.m.70 views

New Attack Against Electrum Bitcoin Wallets

This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users t...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/27 1:43 p.m.70 views

Propaganda and the Weakening of Trust in Government

On November 4, 2016, the hacker "Guccifer 2.0,: a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections. On November 9, 2018, President Donald Trump started tweeting about the senatorial...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/29 8:19 p.m.70 views

More on the Supermicro Spying Story

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge. We don't know anything more, but this is the...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/17 9:10 p.m.69 views

Friday Squid Blogging: On the Efficacy of Squid as Bait

How to use squid as bait. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/17 11:18 a.m.69 views

Why Are Cryptographers Being Denied Entry into the US?

In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. You can listen to his recorded acceptance speech. I've heard of two other...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/21 11:23 a.m.69 views

Hacking a Segway

The Segway has a mobile app. It is hackable: While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn't being used for authentication at every level of the...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/04 11:22 a.m.68 views

Credit Card Privacy

Good article in the Washington Post on all the surveillance associated with credit card use...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/29 11:15 a.m.68 views

Wanted: Cybersecurity Imagery

Eli Sugarman of the Hewlettt Foundation laments about the sorry state of cybersecurity imagery: The state of cybersecurity imagery is, in a word, abysmal. A simple Google Image search for the term proves the point: It's all white men in hoodies hovering menacingly over keyboards, green...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/11 11:24 a.m.68 views

Resetting Your GE Smart Light Bulb

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions: Start with your bulb off for at least 5 seconds. 1. Turn on for 8 seconds 2. Turn off for 2 seconds 3. Turn on for 8 seconds 4. Turn off for 2 seconds 5. Turn on...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/09 10:58 a.m.68 views

Amazon Is Losing the War on Fraudulent Sellers

Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. Sometimes, these black hat companies brib...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/28 10:4 p.m.68 views

Friday Squid Blogging: Squid-Focused Menus in Croatia

This is almost over: From 1 December 2018 -- 6 January 2019, Days of Adriatic squid will take place at restaurants all over north-west Istria. Restaurants will be offering affordable full-course menus based on Adriatic squid, combined with quality local olive oil and fine wines. As usual, you can...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/08 12:35 p.m.68 views

iOS 12.1 Vulnerability

This is really just to point out that computer security is really hard: Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode...

Exploits0
Schneier on Security
Schneier on Security
added 2021/07/30 5:13 p.m.67 views

I Am Parting With My Crypto Library

The time has come for me to find a new home for my paper cryptography library. Its about 150 linear feet of books, conference proceedings, journals, and monographs -- mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporat...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/14 7:0 p.m.67 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020. The list is maintained on this page...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/13 10:2 p.m.67 views

Friday Squid Blogging: Color-Changing Properties of the Opalescent Inshore Squid

Interesting stuff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/03 11:9 a.m.67 views

Massive iPhone Hack Targets Uyghurs

China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/10 10:51 a.m.67 views

Details of the Cloud Hopper Attacks

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/18 12:26 p.m.67 views

Israeli Surveillance Gear

The Israeli Defense Force mounted a botched raid in Gaza. They were attempting to install surveillance gear, which they ended up leaving behind. There are photos -- scroll past the video. Israeli media is claiming that the capture of this gear by Hamas causes major damage to Israeli electronic...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/02 2:35 p.m.67 views

Traffic Analysis of the LTE Mobile Standard

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting. EDITED TO ADD 7/3: More information. I...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/29 8:50 p.m.67 views

Facebook and Cambridge Analytica

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/08 11:54 a.m.67 views

ShadowBrokers Releases NSA UNITEDRAKE Manual

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/10 9:4 p.m.66 views

Friday Squid Blogging: Amazingly Realistic Squid Drawings

The squid drawings of Yuuki Tokuda are simply incredible. I tried to figure out how to buy one of them, but everything is in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/10 6:49 p.m.66 views

New Reductor Nation-State Malware Compromises TLS

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/23 10:59 a.m.66 views

France Outlines Its Approach to Cyberwar

In a document published earlier this month in French, France described the legal framework in which it will conduct cyberwar operations. Lukasz Olejnik explains what it means, and it's worth reading...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/06 11:10 a.m.66 views

Default Password for GPS Trackers

Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win. EDITED TO ADD 9/12: A California law bans default passwords starting in 2020...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/21 11:19 a.m.66 views

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/05 2:31 p.m.66 views

Unhackable Cryptography?

A recent article overhyped the release of EverCrypt, a cryptography library created using formal methods to prove security against specific attacks. The Quanta magazine article sets off a series of "snake-oil" alarm bells. The author's Github README is more measured and accurate, and illustrates...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/16 10:5 p.m.66 views

Friday Squid Blogging: Squid Sculptures

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/27 11:0 a.m.66 views

TSB Bank Disaster

This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over t...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/03 9:12 p.m.66 views

Friday Squid Blogging: Squid Product Recall

Lidl is recalling two of its packaged squid products because of the presence of struvite salt crystals. The danger is unclear. The article says that struvite crystals "may be mistaken as glass fragments," which isn't actually dangerous. It also says: "As these salt crystals may cause injury, the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/20 11:12 a.m.66 views

What the NSA Collects via 702

New York Times reporter Charlie Savage writes about some bad statistics we're all using: Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about the volume of internet communications the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/16 11:7 a.m.65 views

New Windows IPv6 Zero-Click Vulnerability

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also share...

9.8CVSS6.9AI score0.70564EPSS
Exploits24
Schneier on Security
Schneier on Security
added 2020/03/27 9:28 p.m.65 views

Friday Squid Blogging: Squid Can Edit Their Own Genome

Amazing: Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon -- the long, slender neural projections that transmit electrical impulses to...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/24 10:18 p.m.65 views

Friday Squid Blogging: More on the Giant Squid's DNA

Following on from last week's post, here's more information on sequencing the DNA of the giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/14 1:4 p.m.65 views

Technology and Policymakers

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/22 11:17 a.m.65 views

Hackers Expose Russian FSB Cyberattack Projects

More nation-state activity in cyberspace, this time from Russia: Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include: Nautilus -- a project for...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/04 11:6 a.m.65 views

The Cost of Cybercrime

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/15 12:33 p.m.65 views

Reconstructing SIGSALY

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/04 5:7 p.m.65 views

Facebook's New Privacy Hires

The Wired headline sums it up nicely -- "Facebook Hires Up Three of Its Biggest Privacy Critics": In December, Facebook hired Nathan White away from the digital rights nonprofit Access Now, and put him in the role of privacy policy manager. On Tuesday of this week, lawyers Nate Cardozo, of the...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/28 7:40 p.m.65 views

Japanese Government Will Hack Citizens' IoT Devices

The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to 1 figure out what's insecure, and 2 help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/17 11:1 a.m.64 views

Microsoft Secure Boot Bug

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has...

4CVSS6.9AI score0.10561EPSS
Exploits0
Total number of security vulnerabilities2979