Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2019/01/29 7:12 p.m.61 views

iPhone FaceTime Vulnerability

This is kind of a crazy iPhone vulnerability: it's possible to call someone on FaceTime and listen on their microphone -- and see from their camera -- before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it's fixed. But it's hard to...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/10 5:36 p.m.61 views

xkcd on Voting Computers

Funny and true...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/03 7:10 p.m.61 views

Three of My Books Are Available in DRM-Free E-Book Format

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/04 12:8 p.m.61 views

New Techniques in Fake Reviews

Research paper: "Automated Crowdturfing Attacks and Defenses in Online Review Systems." Abstract: Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers. In this paper, we identify a new...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/31 10:59 a.m.61 views

Measuring Vulnerability Rediscovery

New paper: "Taking Stock: Estimating Vulnerability Rediscovery," by Trey Herr, Bruce Schneier, and Christopher Morris: Abstract: How often do multiple, independent, parties discover the same vulnerability? There are ample models of vulnerability discovery, but little academic work on this issue o...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/07 7:8 p.m.61 views

Friday Squid Blogging: Why It's Hard to Track the Squid Population

Counting squid is not easy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/22 11:2 a.m.60 views

Professional Athletes and Wearables

I haven't thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for "Average Joe" consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whos...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/04 12:11 p.m.60 views

Amazon Has Trucks Filled with Hard Drives and an Armed Guard

From an interview with an Amazon Web Services security engineer: So when you use AWS, part of what youre paying for is security. Right; its part of what we sell. Lets say a prospective customer comes to AWS. They say, "I like pay-as-you-go pricing. Tell me more about that." We say, "Okay, heres h...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/10 10:9 p.m.60 views

Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta

A Croatian recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/29 11:17 a.m.60 views

AI Emotion-Detection Arms Race

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/19 11:19 a.m.60 views

John Paul Stevens Was a Cryptographer

I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/06 12:17 p.m.60 views

Digital Signatures in PDFs Are Broken

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/26 12:10 p.m.60 views

Attacking Soldiers on Social Media

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/19 11:17 a.m.60 views

West Virginia Using Internet Voting

This is crazy and dangerous. West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain -- presumably because they have no idea what the security issues with voting actually are...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/31 6:23 p.m.60 views

1834: The First Cyberattack

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could ge...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/12 10:12 p.m.60 views

Friday Squid Blogging: Japanese "Dude Food" Includes Squid

This seems to be a trend. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/20 9:24 p.m.60 views

Friday Squid Blogging: "How the Squid Lost Its Shell"

Interesting essay by Danna Staaf, the author of Squid Empire. I mentioned the book two weeks ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/25 11:34 a.m.60 views

Military Robots as a Nature Analog

This very interesting essay looks at the future of military robotics and finds many analogs in nature: Imagine a low-cost drone with the range of a Canada goose, a bird that can cover 1,500 miles in a single day at an average speed of 60 miles per hour. Planet Earth profiled a single flock of sno...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/20 12:5 p.m.59 views

Symantec Reports on Cicada APT Attacks against Japan

Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/07 6:50 p.m.59 views

Security in 2020: Revisited

Ten years ago, I wrote an essay: "Security in 2020." Well, it's finally 2020. I think I did pretty well. Here's what I said back then: There's really no such thing as security in the abstract. Security can only be defined in relation to something else. You're secure from something or against...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/10 10:49 a.m.59 views

Wi-Fi Hotspot Tracking

Free Wi-Fi hotspots can track your location, even if you don't connect to them. This is because your phone or computer broadcasts a unique MAC address. What distinguishes location-based marketing hotspot providers like Zenreach and Euclid is that the personal information you enter in the captive...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/07 11:53 a.m.59 views

Edward Snowden's Memoirs

Ed Snowden has published a book of his memoirs: Permanent Record. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a shor...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/01 11:54 a.m.59 views

NSA on the Future of National Cybersecurity

Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The firs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/31 11:46 a.m.59 views

Another Attack Against Driverless Cars

In this piece of research, attackers successfully attack a driverless car system -- Renault Captur's "Level 0" autopilot Level 0 systems advise human drivers but do not directly operate cars -- by following them with drones that project images of fake road signs in 100ms bursts. The time is too...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/09 11:44 a.m.59 views

Cell Networks Hacked by (Probable) Nation-State Attackers

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/15 7:0 p.m.59 views

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/29 11:11 a.m.59 views

NSA-Inspired Vulnerability Found in Huawei Laptops

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that techniqu...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/08 11:57 a.m.59 views

Cybersecurity Insurance Not Paying for NotPetya Losses

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/05 12:31 p.m.59 views

Cybersecurity for the Public Interest

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/14 12:53 p.m.59 views

USB Cable with Embedded Wi-Fi Controller

It's only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/20 12:21 p.m.59 views

Fraudulent Tactics on Amazon Marketplace

Fascinating article about the many ways Amazon Marketplace sellers sabotage each other and defraud customers. The opening example: framing a seller for false advertising by buying fake five-star reviews for their products. Defacement: Sellers armed with the accounts of Amazon distributors sometim...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/23 11:39 a.m.59 views

On Disguise

The former CIA Chief of Disguise has a fascinating video about her work...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/03 8:24 p.m.59 views

The Effects of GDPR's 72-Hour Notification Rule

The EU's GDPR regulation requires companies to report a breach within 72 hours. Alex Stamos, former Facebook CISO now at Stanford University, points out how this can be a problem: Interesting impact of the GDPR 72-hour deadline: companies announcing breaches before investigations are complete. 1...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/14 9:13 p.m.59 views

Friday Squid Blogging: Dissecting a Giant Squid

Lessons learned. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/13 9:2 p.m.59 views

Identifying Programmers by their Coding Style

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/11 11:19 a.m.59 views

Router Vulnerability and the VPNFilter Botnet

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming year...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/27 2:35 p.m.59 views

Fooling Face Recognition with Infrared Light

Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/06 12:18 p.m.59 views

Security Vulnerabilities in Smart Contracts

Interesting research: "Finding The Greedy, Prodigal, and Suicidal Contracts at Scale": Abstract: Smart contracts -- stateful executable objects hosted on blockchains like Ethereum -- carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/11/10 10:18 p.m.59 views

Friday Squid Blogging: Squid Season May Start Earlier Next Year

Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/27 9:28 p.m.59 views

Friday Squid Blogging: Steel Mesh Giant Squid Used as Artificial Reef

Researchers in the British Virgin Islands have sunk a giant squid made out of steel mesh to serve as an artificial reef. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/22 11:21 a.m.59 views

Boston Red Sox Caught Using Technology to Steal Signs

The Boston Red Sox admitted to eavesdropping on the communications channel between catcher and pitcher. Stealing signs is believed to be particularly effective when there is a runner on second base who can both watch what hand signals the catcher is using to communicate with the pitcher and can...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/25 11:52 a.m.59 views

Alternatives to Government-Mandated Encryption Backdoors

Policy essay: "Encryption Substitutes," by Andrew Keane Woods: In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crim...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/23 8:58 p.m.58 views

Friday Squid Blogging: The Evolution of Squid

Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/05 11:11 a.m.58 views

Stealing Xbox Codes

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the companys internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/14 9:5 p.m.58 views

Friday Squid Blogging: Editing the Squid Genome

Scientists have edited the genome of the Doryteuthis pealeii squid with CRISPR. A first. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/05 12:10 p.m.58 views

Security of Health Information

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization WHO, the US Centers for Disease Control and Prevention CDC, and other public-health agencies are gathering information...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/28 5:57 p.m.58 views

Deep Learning to Find Malicious Email Attachments

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/07 10:11 p.m.58 views

Friday Squid Blogging: An MRI Scan of a Squid's Brain

This paper30562-0 is filled with brain science that I do not understand news article, but fails to answer what I consider to be the important question: how do you keep a live squid still for long enough to do an MRI scan on them? As usual, you can also use this squid post to talk about the securi...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/27 10:14 a.m.58 views

The Threat of Fake Academic Research

Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/16 11:12 a.m.58 views

Software Vulnerabilities in the Boeing 787

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the...

Exploits0
Total number of security vulnerabilities2979