Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2023/01/12 12:18 p.m.10 views

Experian Privacy Vulnerability

Brian Krebs is reporting on a vulnerability in Experians website: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/10 12:18 p.m.26 views

ChatGPT-Written Malware

I dont know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums--­some with little or no coding experience­--were using it to write software and emails that could be used fo...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/09 12:14 p.m.21 views

Identifying People Using Cell Phone Location Data

The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/06 10:2 p.m.12 views

Friday Squid Blogging: Squid Fetish

Seems that about 1.5% of people have a squid fetish. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/06 8:4 p.m.10 views

Schneier on Security Audiobook Sale

Im not sure why, but Audiobooks.com is offering the audiobook version of Schneier on Security at 50% off until January 17. EDITED TO ADD: The audiobook of We Have Root is 50% off until January 27 if you use this link...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/06 3:46 p.m.12 views

Remote Vulnerabilities in Automobiles

This group has found a ton of remote vulnerabilities in all sorts of automobiles. Its enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/04 12:17 p.m.15 views

Decarbonizing Cryptocurrencies through Taxation

Maintaining bitcoin and other cryptocurrencies causes about 0.3 percent of global CO2 emissions. That may not sound like a lot, but its more than the emissions of Switzerland, Croatia, and Norway combined. As many cryptocurrencies crash and the FTX bankruptcy moves into the litigation stage,...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/03 5:38 p.m.38 views

Breaking RSA with a Quantum Computer

A group of Chinese researchers have just published a paper claiming that they can--although they have not yet done so--break 2048-bit RSA. This is something to take seriously. It might not be correct, but its not obviously wrong. We have long known from Shors algorithm that factoring with a quant...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/30 10:56 p.m.13 views

Friday Squid Blogging: Grounded Fishing Boat Carrying 16,000 Pounds of Squid

Rough seas are hampering efforts to salvage the boat: The Speranza Marie, carrying 16,000 pounds of squid and some 1,000 gallons of diesel fuel, hit the shoreline near Chinese Harbor at about 2 a.m. on Dec. 15. Six crew members were on board, and all were rescued without injury by another fishing...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/30 12:18 p.m.15 views

Recovering Smartphone Voice from the Accelerometer

Yet another smartphone side-channel attack: "EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers": Abstract: Eavesdropping from the users smartphone is a well-known threat to the users safety and privacy. Existing studies show that loudspeaker reverberatio...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/28 6:14 p.m.20 views

QR Code Scam

An enterprising individual made fake parking tickets with a QR code for easy payment...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/27 12:1 p.m.14 views

Arresting IT Administrators

This is one way of ensuring that IT keeps up with patches: Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/26 12:6 p.m.39 views

LastPass Breach

Last August, LastPass reported a security breach, saying that no customer information--or passwords--were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our developmen...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/23 10:5 p.m.14 views

Friday Squid Blogging: Injured Giant Squid and Paddleboarder

Heres a video--I dont know where its from--of an injured juvenile male giant squid grabbing on to a paddleboard. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/23 12:3 p.m.12 views

Hacking the JFK Airport Taxi Dispatch System

Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/22 12:1 p.m.84 views

Critical Microsoft Code-Execution Vulnerability

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was and is: Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication...

2.7AI score0.85762EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/21 12:9 p.m.11 views

Ukraine Intercepting Russian Soldiers’ Cell Phone Calls

Theyre using commercial phones, which go through the Ukrainian telecom network: "You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/20 12:30 p.m.8 views

Trojaned Windows Installer Targets Ukraine

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/19 12:9 p.m.10 views

How to Surrender to a Drone

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: "Seeing the drone in the field of view, make eye contact with it," the video instructs. Soldiers should then raise their arms and signal theyre ready to follow. After that the drone...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/16 10:13 p.m.10 views

Friday Squid Blogging: Squid in Concert

Squid is performing a concert in London in February. If you dont know what their music is like, try this or this or this. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/16 8:14 p.m.13 views

As Long as We’re on the Subject of CAPTCHAs

There are these...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/16 12:4 p.m.16 views

Apple Patches iPhone Zero-Day

The most recent iPhone update--to version 16.1.2--patches a zero-day vulnerability that "may have been actively exploited against versions of iOS released before iOS 15.1." News: Apple said security researchers at Googles Threat Analysis Group, which investigates nation state-backed spyware,...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/15 12:10 p.m.10 views

A Security Vulnerability in the KmsdBot Botnet

Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command­--like its controllers did one day while Akamai was watching­--created a panic crash with an "index out of range" error. Because theres no persistence...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/15 2:30 a.m.15 views

Reimagining Democracy

Last week, I hosted a two-day workshop on reimagining democracy. The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a "what we need to do today" perspective and more from a blue-sky future perspective. My remit ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/14 12:1 p.m.14 views

Hacking Boston’s CharlieCard

Interesting discussion of vulnerabilities and exploits against Bostons CharlieCard...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/13 12:17 p.m.26 views

Obligatory ChatGPT Post

Seems like absolutely everyone everywhere is playing with Chat GPT. So I did, too…. Write an essay in the style of Bruce Schneier on how ChatGPT will affect cybersecurity. As with any new technology, the development and deployment of ChatGPT is likely to have a significant impact on the field of...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/12 12:0 p.m.24 views

Apple Is Finally Encrypting iCloud Backups

After way too many years, Apple is finally encrypting iCloud backups: Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos,...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/09 10:6 p.m.19 views

Friday Squid Blogging: China Bans Taiwanese Squid Imports

Today I have some squid geopolitical news. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/09 8:2 p.m.30 views

Hacking Trespass Law

This article talks about public land in the US that is completely surrounded by private land, which in some cases makes it inaccessible to the public. But theres a hack: Some hunters have long believed, however, that the publicly owned parcels on Elk Mountain can be legally reached using a practi...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/09 12:11 p.m.28 views

Security Vulnerabilities in Eufy Cameras

Eufy cameras claim to be local only, but upload data to the cloud. The company is basically lying to reporters, despite being shown evidence to the contrary. The companys behavior is so egregious that ReviewGeek is no longer recommending them. This will be interesting to watch. If Eufy can ignore...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/08 12:8 p.m.23 views

Leaked Signing Keys Are Being Used to Sign Malware

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Googles Android Security Team, has a post on the Android Partner Vulnerability Initiative AVPI issue tracker detailing leaked platform certificate keys...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/07 12:4 p.m.10 views

The Decoupling Principle

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they ne...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/06 12:4 p.m.15 views

CryWiper Data Wiper Targeting Russian Sites

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data thats not vital for the functioning of the operating system. It doesnt affect files with extensions .exe, .dll, .lnk, .sys or .msi, and ignores sever...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/05 12:10 p.m.11 views

CAPTCHA

This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? Seems not. Is it a Magritte-like existential question? Its not a bicycle. Its a drawing of a bicycle. Actually, its a photograph of a drawing of a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 10:12 p.m.21 views

Friday Squid Blogging: Legend of the Indiana Oil-Pit Squid

At a GMC plant. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 8:7 p.m.18 views

Existential Risk and the Fermi Paradox

We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hackers Mind coming in February 2023, I write: Our societal systems, in general, may have grown fairer and more...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 12:9 p.m.14 views

LastPass Security Breach

The company was hacked, and customer information accessed. No passwords were compromised...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/01 3:10 p.m.14 views

Sirius XM Software Vulnerability

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was i...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/30 12:0 p.m.14 views

Facebook Fined $276M under GDPR

Facebook--Meta--was just fined $276 million USD for a data leak that included full names, birth dates, phone numbers, and location. Metas total fine by the Data Protection Commission is over $700 million. Total GDPR fines are over €2 billion EUR since 2018...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/29 12:19 p.m.11 views

Charles V of Spain Secret Code Cracked

Diplomatic code cracked after 500 years: In painstaking work backed by computers, Pierrot found "distinct families" of about 120 symbols used by Charles V. "Whole words are encrypted with a single symbol" and the emperor replaced vowels coming after consonants with marks, she said, an inspiration...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/28 3:44 p.m.21 views

Computer Repair Technicians Are Stealing Your Data

Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations ha...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/23 4:23 p.m.13 views

The US Has a Shortage of Bomb-Sniffing Dogs

Nothing beats a dogs nose for detecting explosives. Unfortunately, there arent enough dogs: Last month, the US Government Accountability Office GAO released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says th...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/22 3:28 p.m.16 views

Apple’s Device Analytics Can Identify iCloud Users

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apples device analytics data includes an iCloud account and can be linked directly to a specific user, including their name,...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/21 12:8 p.m.13 views

Breaking the Zeppelin Ransomware Encryption Scheme

Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/18 10:12 p.m.13 views

Friday Squid Blogging: Squid Brains

Researchers have new evidence of how squid brains develop: Researchers from the FAS Center for Systems Biology describe how they used a new live-imaging technique to watch neurons being created in the embryo in almost real-time. They were then able to track those cells through the development of...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/18 6:8 p.m.16 views

First Review of A Hacker’s Mind

Kirkus reviews A Hackers Mind: A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody, regularly...

Exploits0
Schneier on Security
Schneier on Security
added 2022/11/18 3:4 p.m.23 views

Successful Hack of Time-Triggered Ethernet

Time-triggered Ethernet TTE is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it: On Tuesday, researchers published findings that, for the first time, break TTEs isolation guarantees. The result is PCspooF...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/17 10:53 a.m.14 views

Failures in Twitter’s Two-Factor Authentication System

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/16 11:3 a.m.9 views

Russian Software Company Pretending to Be American

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian to...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/15 12:16 p.m.17 views

Another Event-Related Spyware App

Last month, we were warned not to install Qatars World Cup app because it was spyware. This month, its Egypts COP27 Summit app: The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users emails and messages. Even...

3AI score
Exploits0
Total number of security vulnerabilities2979