Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2020/03/06 10:6 p.m.64 views

Friday Squid Blogging: The Effect of Noise on Squid

Two articles. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/04 12:46 p.m.64 views

Let's Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/21 8:4 p.m.64 views

Inrupt, Tim Berners-Lee's Solid, and Me

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/20 10:6 p.m.64 views

Friday Squid Blogging: Streamlined Quick Unfolding Investigation Drone

Yet another squid acronym. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/11 11:11 a.m.64 views

More on Law Enforcement Backdoor Demands

The Carnegie Endowment for International Peace and Princeton University's Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: "Moving the Encryption Policy Conversation Forward. The main...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/15 11:19 a.m.64 views

Bypassing Apple FaceID's Liveness Detection Feature

Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked: Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/23 11:27 a.m.64 views

Science Fiction Writers Helping Imagine Future Threats

The French army is going to put together a team of science fiction writers to help imagine future threats. Leaving aside the question of whether science fiction writers are better or worse at envisioning nonfictional futures, this isn't new. The US Department of Homeland Security did the same thi...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/16 12:53 p.m.64 views

El Chapo's Encryption Defeated by Turning His IT Consultant

Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrad...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/07 6:6 p.m.64 views

Back Issues of the NSA's Cryptolog

Five years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course. What's new is a nice user interface for the issues, noting highlights and levels of redaction...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/16 12:2 p.m.64 views

Hidden Cameras in Streetlights

Both the US Drug Enforcement Administration DEA and Immigration and Customs Enforcement ICE are hiding surveillance cameras in streetlights. According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since June 20...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/04 8:3 p.m.64 views

Conspiracy Theories around the "Presidential Alert"

Noted conspiracy theorist John McAfee tweeted: The "Presidential alerts": they are capable of accessing the E911 chip in your phones -- giving them full access to your location, microphone, camera and every function of your phone. This not a rant, this is from me, still one of the leading...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/13 2:8 p.m.64 views

Security Risks of Government Hacking

Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vulnerability disclosure Cultivation of a market...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/08 2:37 p.m.64 views

SpiderOak's Warrant Canary Died

BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear i...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/30 5:8 p.m.64 views

The Poor Cybersecurity of US Space Assets

Good policy paper summary here on the threats, current state, and potential policy solutions for the poor security of US space systems...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/19 11:44 a.m.64 views

Apple's FaceID

This is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the fact that the police can point the phone at...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/13 11:3 a.m.64 views

Hacking Voice Assistant Systems with Inaudible Voice Commands

Turns out that all the major voice assistants -- Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa -- listen at audio frequencies the human ear can't hear. Hackers can hijack those systems with inaudible commands that their owners can't hear. News articles...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/03 11:1 a.m.64 views

A Man-in-the-Middle Attack against a Password Reset System

This is nice work: "The Password Reset MitM Attack," by Nethanel Gelerntor, Senia Kalma, Bar Magnezi, and Hen Porcilan: Abstract: We present the password reset MitM PRMitM attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/17 12:5 p.m.63 views

Browser Tracking Using Favicons

Interesting research on persistent web tracking using favicons. For those who dont know, favicons are those tiny icons that appear in browser tabs next to the page name. Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/15 8:50 p.m.63 views

US Cyber Command Valentine’s Day Cryptography Puzzles

The US Cyber Command has released a series of ten Valentines Day "Cryptography Challenge Puzzles." Slashdot thread. Reddit thread. And heres the archived link, in case Cyber Command takes the page down...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/08 9:17 p.m.63 views

Friday Squid Blogging: Jurassic Squid Attack

It's the oldest squid attack on record: An ancient squid-like creature with 10 arms covered in hooks had just crushed the skull of its prey in a vicious attack when disaster struck, killing both predator and prey, according to a Jurassic period fossil of the duo found on the southern coast of...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/07 12:5 p.m.63 views

Eavesdropping on SMS Messages inside Telco Networks

Fireeye reports on a Chinese-sponsored espionage effort to eavesdrop on text messages: FireEye Mandiant recently discovered a new malware family used by APT41 a Chinese APT group that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/04 11:32 a.m.63 views

Tracking by Smart TVs

Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/04 12:4 p.m.63 views

The Latest in Creepy Spyware

The Nest home alarm system shipped with a secret microphone, which -- according to the company -- was only an accidental secret: On Tuesday, a Google spokesperson told Business Insider the company had made an "error." "The on-device microphone was never intended to be a secret and should have bee...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/18 8:42 p.m.63 views

I Am Not Associated with Swift Recovery Ltd.

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information -- stories,...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/31 11:57 a.m.63 views

China's APT10

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's "I Hunt Sysadmins" presentation, published by the Intercept. EDITED TO ADD 1/5: Another article on the...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/02 8:9 p.m.63 views

Sophisticated Voice Phishing Scams

Brian Krebs is reporting on some new and sophisticated phishing scams over the telephone. I second his advice: "never give out any information about yourself in response to an unsolicited phone call." Always call them back, and not using the number offered to you by the caller. Always. EDITED TO...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/21 7:14 p.m.63 views

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms li...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/03 3:24 p.m.63 views

California Passes New Privacy Law

The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot initiative was already going to be voted on in November, one...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/01 10:47 a.m.63 views

Vulnerabilities in Car Washes

Articles about serious vulnerabilities in IoT devices and embedded systems are now dime-a-dozen. This one concerns Internet-connected car washes: A group of security researchers have found vulnerabilities in internet-connected drive-through car washes that would let hackers remotely hijack the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/01 3:58 p.m.62 views

Hiding Vulnerabilities in Source Code

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. Its really clever, and not the sort of attack one would normally think about. From Ross Andersons blog: We have discovered ways of manipulating the encoding of sourc...

7.5CVSS1.1AI score0.12205EPSS
Exploits5
Schneier on Security
Schneier on Security
added 2021/04/28 1:22 a.m.62 views

Second Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. I have 600 copies of the book available. When theyre gone, the sale is over and the price will revert to normal. Order here. Please be patient on delivery. Its a lot of work to...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/15 6:26 p.m.62 views

Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems with international shipping. The book just disappears somewhere in the process. At this price, international orders are at the buyers...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/31 9:58 p.m.62 views

Friday Squid Blogging: The Pterosaur Ate Squid

New research: "Pterosaurs ate soft-bodied cephalopods Coleiodea." News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/24 9:11 p.m.62 views

Friday Squid Blogging: More Materials Science from Squid Skin

Article: "How a Squid's Color-Changing Skin Inspired a New Material That Can Trap or Release Heat." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/03 11:26 a.m.62 views

How Political Campaigns Use Personal Data

Really interesting report from Tactical Tech. Data-driven technologies are an inevitable feature of modern political campaigning. Some argue that they are a welcome addition to politics as normal and a necessary and modern approach to democratic processes; others say that they are corrosive and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/26 11:24 a.m.62 views

Personal Data Left on Used Laptops

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/22 11:16 a.m.62 views

Enigma, Typex, and Bombe Simulators

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/23 12:20 p.m.62 views

The Evolution of Darknets

This is interesting: To prevent the problems of customer binding, and losing business when darknet markets go down, merchants have begun to leave the specialized and centralized platforms and instead ventured to use widely accessible technology to build their own communications and operational...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 10:20 p.m.62 views

Friday Squid Blogging: Japanese Squid-Fishing Towns in Decline

It's a problem: But now, fluctuations in ocean temperatures, years of overfishing and lax regulatory oversight have drastically depleted populations of the translucent squid in waters around Japan. As usual, you can also use this squid post to talk about the security stories in the news that I...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/14 11:1 a.m.62 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Data in Smarter Cities in New York City on October 23, 2018. I'm speaking at the Cyber Security Summit in Minneapolis, Minnesota on October 24, 2018. I'm speaking at ISF's 29th Annual World Congress in Las Vegas,...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/31 11:29 a.m.62 views

Eavesdropping on Computer Screens through the Webcam Mic

Yet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/17 11:4 p.m.62 views

Friday Squid Blogging: Peru and Chile Address Squid Overfishing

Peru and Chile have a new plan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/04 12:11 p.m.61 views

New iPhone Exploit Uses Four Zero-Days

Kaspersky researchers are detailing "an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky." Its a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the...

6.8CVSS8.2AI score0.51517EPSS
Exploits3
Schneier on Security
Schneier on Security
added 2020/11/27 10:33 p.m.61 views

Friday Squid Blogging: Diplomoceras Maximum

Diplomoceras maximum is an ancient squid-like creature. It lived about 68 million years ago, looked kind of like a giant paperclip, and may have had a lifespan of 200 years. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/28 11:22 a.m.61 views

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

In an extraordinary essay, the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities­ -- including law enforcement­ -...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/19 10:57 a.m.61 views

Revisiting Software Vulnerabilities in the Boeing 787

I previously blogged about a Black Hat talk that disclosed security vulnerabilities in the Boeing 787 software. Ben Rothke concludes that the vulnerabilities are real, but not practical...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/12 11:14 a.m.61 views

Evaluating the NSA's Telephony Metadata Program

Interesting analysis: "Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended?" by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversi...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/16 2:28 p.m.61 views

Another Intel Chip Flaw

Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whol...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/08 11:3 a.m.61 views

Malicious MS Office Macro Creator

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code via p-code and confuse...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/19 11:48 a.m.61 views

Triton

Good article on the Triton malware which targets industrial control systems...

3AI score
Exploits0
Total number of security vulnerabilities2979