Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2019/04/18 10:13 a.m.58 views

New DNS Hijacking Attacks

DNS hijacking isn't new, but this seems to be an attack of unprecedented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/18 1:45 p.m.58 views

Cataloging IoT Vulnerabilities

Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/23 10:5 p.m.58 views

Friday Squid Blogging: Good Squid Fishing in the Exmouth Gulf

The conditions are ideal for squid fishing in the Exmouth Gulf in West Australia. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/31 7:6 p.m.58 views

I'm Doing a Reddit AMA

On Thursday, September 6, starting at 10:00 am CDT, I'll be doing a Reddit "Ask Me Anything" in association with the Ford Foundation. It's about my new book, but -- of course -- you can ask me anything. No promises that I will answer everything...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/29 2:44 p.m.58 views

Conservation of Threat

Here's some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into our laboratory and gave them a...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/09 11:10 a.m.58 views

White House Chief of Staff John Kelly's Cell Phone was Tapped

Politico reports that White House Chief of Staff John Kelly's cell phone was compromised back in December. I know this is news because of who he is, but I hope every major government official of any country assumes that their commercial off-the-shelf cell phone is compromised. Even allies spy on...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/21 11:57 a.m.58 views

iOS 11 Allows Users to Disable Touch ID

A new feature in Apple's new iPhone operating system -- iOS 11 -- will allow users to quickly disable Touch ID. A new setting, designed to automate emergency services calls, lets iPhone users tap the power button quickly five times to call 911. This doesn't automatically dial the emergency servic...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/13 11:6 a.m.58 views

Tomato-Plant Security

I have a soft spot for interesting biological security measures, especially by plants. I've used them as examples in several of my books. Here's a new one: when tomato plants are attacked by caterpillars, they release a chemical that turns the caterpillars on each other: It's common for...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/07 6:1 p.m.58 views

An Assassin's Teapot

This teapot has two chambers. Liquid is released from one or the other depending on whether an air hole is covered. I want one...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/11 11:4 a.m.57 views

On Robots Killing People

The robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned--human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storage rack to help move...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/06 9:5 p.m.57 views

Friday Squid Blogging: Squid Dog Toy

Its sold out, but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/23 1:58 p.m.57 views

Commercial Location Data Used to Out Priest

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially a...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/25 9:20 p.m.57 views

Friday Squid Blogging: Colossal Squid Photographed off the Coast of Antarctica

Wow. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/19 10:16 p.m.57 views

Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish

From the Monterey Bay Aquarium. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/04 12:11 p.m.57 views

Another SolarWinds Orion Hack

At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor -- believed to be Chinese in origin -- was using an already existing vulnerability in Orion to penetrate networks: Two people briefed on the case said FBI investigators...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/05 12:42 p.m.57 views

Latest on the SVR’s SolarWinds Hack

The New York Times has an in-depth article on the latest information about the SolarWinds hack not a great name, since its much more far-reaching than that. Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/10 11:24 a.m.57 views

Kubernetes Security

Attack matrix for Kubernetes, using the MITRE ATT framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/27 5:19 p.m.57 views

Superhero Movies and Security Lessons

A paper I co-wrote was just published in Security Journal: "Superheroes on screen: real life lessons for security debates": Abstract: Superhero films and episodic shows have existed since the early days of those media, but since 9/11, they have become one of the most popular and most lucrative...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/05 9:29 p.m.57 views

Friday Squid Blogging: Fried Squid Recipe

This is an easy fried squid recipe with saffron and agrodolce. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/28 11:42 a.m.57 views

Malware Installed in Asus Computers through Hacked Update Process

Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer." In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. The attack took place between June and November 2018 and according to our telemetry, it affected a large...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/18 11:23 a.m.57 views

CAs Reissue Over One Million Weak Certificates

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half th...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/19 12:0 p.m.57 views

Congressional Report on the 2017 Equifax Data Breach

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/14 9:30 p.m.57 views

More Spectre/Meltdown-Like Attacks

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn't be surprising that microprocessor designers have been building...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/15 2:34 p.m.57 views

How DNA Databases Violate Everyone's Privacy

If you're an American of European descent, there's a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper: "Identity inference of genomic data using...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/31 6:37 p.m.57 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving a book talk on Click Here to Kill Everybody at the Ford Foundation in New York City, on September 5, 2018. The Aspen Institute's Cybersecurity & Technology Program is holding a book launch for Click Here to Kill Everybod...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/18 11:20 a.m.57 views

Maliciously Changing Someone's Address

Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later. The problem, of course, is that in the US there isn't any authentication of change-of-address submissions: According to the Postal Service, nearly 37 million...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/01/19 10:48 p.m.57 views

Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated

The New Zealand home of the colossal squid exhibit is behind renovated. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/06 1:6 p.m.57 views

Yet Another Russian Hack of the NSA -- This Time with Kaspersky's Help

The Wall Street Journal has a bombshell of a story. Yet another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersk...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/05/28 9:9 p.m.56 views

Friday Squid Blogging: Underwater Cameras for Observing Squid

Interesting research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/02/13 5:41 p.m.56 views

Chinese Supply-Chain Attack on Computer Systems

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. Its been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: Chinas exploitation of products made by...

Exploits0
Schneier on Security
Schneier on Security
added 2021/01/14 12:8 p.m.56 views

Finding the Location of Telegram Users

Security researcher Ahmed Hassan has shown that spoofing the Androids "People Nearby" feature allows him to pinpoint the physical location of Telegram users: Using readily available software and a rooted Android device, hes able to spoof the location his device reports to Telegram servers. By usi...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/28 10:8 p.m.56 views

Friday Squid Blogging: Squid Eggs

Cool photo. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. EDITED TO ADD 3/4: I just deleted a slew of comments about COVID 19. I may reinstate some of them later; right now I want some time t...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/03 12:24 p.m.56 views

Attacking Driverless Cars with Projected Images

Interesting research -- "Phantom Attacks Against Advanced Driving Assistance Systems": Abstract: The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems ADASs and autopilots of semi/fully autonomous cars to validate their virtual perception...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/26 12:19 p.m.56 views

Chinese Hackers Bypassing Two-Factor Authentication

Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/23 11:15 a.m.56 views

NordVPN Breached

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN's network or for a variety...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/08 11:22 a.m.56 views

AT&T Employees Took Bribes to Unlock Smartphones

This wasn't a small operation: A Pakistani man bribed AT call-center employees to install malware and unauthorized hardware as part of a scheme to fraudulently unlock cell phones, according to the US Department of Justice. Muhammad Fahd, 34, was extradited from Hong Kong to the US on Friday and i...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/04 7:10 p.m.56 views

Former Mozilla CTO Harassed at the US Border

This is a pretty awful story of how Andreas Gal, former Mozilla CTO and US citizen, was detained and threatened at the US border. CBP agents demanded that he unlock his phone and computer. Know your rights when you enter the US. The EFF publishes a handy guide. And if you want to encrypt your...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/22 1:13 p.m.56 views

Are the Police Using Smart-Home IoT Devices to Spy on People?

IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer or by some third party the manufacture...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/10 9:16 p.m.56 views

Friday Squid Blogging: New Tool for Grabbing Squid and other Fragile Sea Creatures

Interesting video of a robot grabber that's delicate enough to capture squid and even jellyfish in the ocean. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/04/04 1:3 p.m.56 views

Subverting Backdoored Encryption

This is a really interesting research result. This paper proves that two parties can create a secure communications channel using a communications system with a backdoor. It's a theoretical result, so it doesn't talk about how easy that channel is to create. And the assumptions on the adversary a...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/22 2:43 p.m.56 views

Reverse Engineering the Cuban Sonic Weapon

Interesting analysis and speculation...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/03/05 11:20 a.m.56 views

Extracting Secrets from Machine Learning Systems

This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/02 5:59 p.m.56 views

Voting Machine Security

Last week, DefCon hosted a "Voter Hacker Village" event. Every single voting machine there was easily hackable. Here are detailed details. There should be a summary report soon; I'll add it to this post when it's published...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/02 12:39 p.m.56 views

Detecting Stingrays

Researchers are developing technologies that can detect IMSI-catchers: those fake cell phone towers that can be used to surveil people in the area. This is good work, but it's unclear to me whether these devices can detect all the newer IMSI-catchers that are being sold to governments worldwide...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/26 11:6 a.m.56 views

Roombas will Spy on You

The company that sells the Roomba autonomous vacuum wants to sell the data about your home that it collects. Some questions: What happens if a Roomba user consents to the data collection and later sells his or her home -- especially furnished -- and now the buyers of the data have a map of a home...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/28 12:19 p.m.55 views

Side-Channel Attack against CRYSTALS-Kyber

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack--using power consumption--against an implementation of the algorithm that was supposed to be...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/19 12:21 p.m.55 views

Security Analysis of Threema

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/29 11:52 a.m.55 views

AirDropped Gun Photo Causes Terrorist Scare

A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane -- still at the gate -- was evacuated and searched. The teen was not allowed to reboard. I ca...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/02 2:9 p.m.55 views

The DarkSide Ransomware Gang

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSides secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/26 11:6 a.m.55 views

When AIs Start Hacking

If you dont have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activit...

6.8AI score
Exploits0
Total number of security vulnerabilities2979