Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2022/11/15 12:16 p.m.17 views

Another Event-Related Spyware App

Last month, we were warned not to install Qatars World Cup app because it was spyware. This month, its Egypts COP27 Summit app: The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users emails and messages. Even...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/14 5:1 p.m.12 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/14 12:38 p.m.11 views

A Digital Red Cross

The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network. The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/11 10:18 p.m.12 views

Friday Squid Blogging: Squid Purse

Perfect for an evening out. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/11 8:11 p.m.16 views

New Book: A Hacker’s Mind

I have a new book coming out in February. Its about hacking. A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back isnt about hacking computer systems; its about hacking more general economic, political, and social systems. It generalizes the term hack as a means of...

Exploits0
Schneier on Security
Schneier on Security
added 2022/11/11 12:25 p.m.12 views

NSA Over-surveillance

Here in 2022, we have a newly declassified 2016 Inspector General report--"Misuse of Sigint Systems"--about a 2013 NSA program that resulted in the unauthorized that is, illegal targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda. Theres nothing really...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/10 3:18 p.m.11 views

An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Googles Chrome, Apples Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as whats known as a root certificate authority, a powerful spot in the internets...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/09 12:18 p.m.7 views

Defeating Phishing-Resistant Multifactor Authentication

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that "phishing-resistant" is not "phishing proof," and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/08 12:15 p.m.10 views

Using Wi-FI to See through Walls

This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/07 12:17 p.m.11 views

The Conviction of Uber’s Chief Security Officer

I have been meaning to write about Joe Sullivan, Ubers former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. Its a complicated case, and Im not convinced that he deserved a guilty ruling or that its a good thing for the industry. I may still...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/04 9:1 p.m.14 views

Friday Squid Blogging: Newfoundland Giant Squid Sculpture

In 1878, a 55-foot-long giant squid washed up on the shores of Glovers Harbour, Newfoundland. Its the largest giant squid ever recorded--although scientists now think that the size was an exaggeration or the result of postmortem stretching--and theres a full-sized statue of it near the beach wher...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/04 2:16 p.m.23 views

NSA on Supply Chain Security

The NSA together with CISA has published a long report on supply-chain security: "Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.": Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code,...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/01 11:24 a.m.10 views

Iran’s Digital Surveillance Tools Leaked

Its Irans turn to have its digital surveillance tools leaked: According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/31 11:29 a.m.12 views

Apple Only Commits to Patching Latest OS Version

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica: In other words, while Apple will provide security-related updates for older versions of its...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/28 8:57 p.m.13 views

Friday Squid Blogging: Chinese Squid Fishing

China claims that it is "engaging in responsible squid fishing": Chen Xinjun, dean of the College of Marine Sciences at Shanghai Ocean University, made the remarks in response to recent accusations by foreign reporters and actor Leonardo DiCaprio that China is depleting its own fish stock and tha...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/28 1:12 p.m.16 views

Critical Vulnerability in Open SSL

There are no details yet, but its really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. Its likely to be abused to disclose...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/26 11:13 a.m.13 views

Australia Increases Fines for Massive Data Breaches

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. Thats $50 million AUD, or $32 million USD. This is a welcome change. The problem is one of incentives,...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/24 11:37 a.m.16 views

On the Randomness of Automatic Card Shufflers

Many years ago, Matt Blaze and I talked about getting our hands on a casino-grade automatic shuffler and looking for vulnerabilities. We never did it--I remember that we didnt even try very hard--but this article shows that we probably would have found non-random properties: …the executives had...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/21 8:12 p.m.14 views

Friday Squid Blogging: The Reproductive Habits of Giant Squid

Interesting: A recent study on giant squid that have washed ashore along the Sea of Japan coast has raised the possibility that the animal has a different reproductive method than many other types of squid. Almost all squid and octopus species are polygamous, with multiple males passing sperm to ...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/21 11:53 a.m.14 views

Adversarial ML Attack that Secretly Gives a Language Model a Point of View

Machine learning security is extraordinarily difficult because the attacks are so varied--and it seems that each new one is weirder than the next. Heres the latest: a training-time attack that forces the model to exhibit a point of view: Spinning Language Models: Risks of Propaganda-As-A-Service...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/20 11:47 a.m.17 views

Interview with Signal’s New President

Long and interesting interview with Signals new president, Meredith Whittaker: WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day ­- and big props to them for doing that. But you...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/19 11:16 a.m.9 views

Museum Security

Interesting interview: Banks dont take millions of dollars and put them in plastic bags and hang them on the wall so everybody can walk right up to them. But we do basically the same thing in museums and hang the assets right out on the wall. So its our job, then, to either use technology or...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/18 11:57 a.m.24 views

Qatar Spyware

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/17 3:7 p.m.15 views

Hacking Automobile Keyless Entry Systems

Suspected members of a European car-theft ring have been arrested: The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/14 9:20 p.m.12 views

Friday Squid Blogging: On Squid Ink

Its aimed at children, but its a good primer. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/14 5:3 p.m.10 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum, online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/14 2:8 p.m.21 views

Regulating DAOs

In August, the US Treasurys Office of Foreign Assets Control OFAC sanctioned the cryptocurrency platform Tornado Cash, a virtual currency "mixer" designed to make it harder to trace cryptocurrency transactions--and a worldwide favorite money-laundering platform. Americans are now forbidden from...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/13 11:19 a.m.13 views

Digital License Plates

California just legalized digital license plates, which seems like a solution without a problem. The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which c...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/12 11:30 a.m.8 views

Recovering Passwords by Measuring Residual Heat

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/11 12:18 p.m.14 views

Inserting a Backdoor into a Machine-Learning System

Interesting research: "ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks, by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/10 11:9 a.m.7 views

Complex Impersonation Story

This is a story of one piece of what is probably a complex employment scam. Basically, real programmers are having their resumes copied and co-opted by scammers, who apply for jobs or, I suppose, get recruited from various job sites, then hire other people with Western looks and language skills a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/07 9:5 p.m.12 views

Friday Squid Blogging: Emotional Support Squid

The Monterey Bay Aquarium has a video--"2 Hours Of Squid To Relax/Study/Work To"--with 2.4 million views. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/07 11:13 a.m.17 views

Spyware Maker Intellexa Sued by Journalist

The Greek journalist Thanasis Koukakis was spied on by his own government, with a commercial spyware product called "Predator." That product is sold by a company in North Macedonia called Cytrox, which is in turn owned by an Israeli company called Intellexa. Koukakis is suing Intellexa. The lawsu...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/05 7:7 p.m.10 views

October Is Cybersecurity Awareness Month

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I dont think Ive ever mentioned it before. But the memes can be funny. Heres a decent...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/04 11:30 a.m.14 views

NSA Employee Charged with Espionage

An ex-NSA employee has been charged with trying to sell classified data to the Russians but instead actually talking to an undercover FBI agent. Its a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks--which is weird in...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/03 11:25 a.m.15 views

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

This is interesting research: In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/30 9:17 p.m.14 views

Friday Squid Blogging: Breeding the Oval Squid

Japanese scientists are trying to breed the oval squid in captivity. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/30 2:19 p.m.13 views

Security Vulnerabilities in Covert CIA Websites

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by--at least--China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. Were now learning that the CIA is still "using an irresponsibly secured system...

Exploits0
Schneier on Security
Schneier on Security
added 2022/09/29 11:14 a.m.10 views

Differences in App Security/Privacy Based on Country

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/28 11:19 a.m.19 views

Cold War Bugging of Soviet Facilities

Found documents in Poland detail US spying operations against the former Soviet Union. The file details a number of bugs found at Soviet diplomatic facilities in Washington, D.C., New York, and San Francisco, as well as in a Russian government-owned vacation compound, apartments used by Russia...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/27 11:15 a.m.14 views

New Report on IoT Security

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries--the US, the UK, Australia, and Singapore--to secur...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/26 11:8 a.m.13 views

Leaking Passwords through the Spellchecker

Sometimes browser spellcheckers leak passwords: When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/23 9:32 p.m.17 views

Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach

This one has chewed-up tentacles. Note that this is a different squid than the one that recently washed up on a South African beach. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/23 11:43 a.m.16 views

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Okay, its an obscure threat. But people are researching it: Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam." That corresponds to 2...

Exploits0
Schneier on Security
Schneier on Security
added 2022/09/22 11:45 a.m.16 views

Prompt Injection/Extraction Attacks against AI Systems

This is an interesting attack I had not previously considered. The variants are interesting, and I think were just starting to understand their implications...

4.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/21 11:35 a.m.14 views

Automatic Cheating Detection in Human Racing

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen--a wide receiver for the Philadelphia Eagles--was disqualified from the 110-meter hurdles at the World Athletics...

Exploits0
Schneier on Security
Schneier on Security
added 2022/09/20 11:29 a.m.13 views

Credit Card Fraud That Bypasses 2FA

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/19 11:7 a.m.13 views

Large-Scale Collection of Cell Phone Data at US Borders

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from "as many as" 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because "…courts have long...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/16 9:1 p.m.11 views

Friday Squid Blogging: Mayfly Squid

This is surprisingly funny. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/16 2:7 p.m.11 views

Massive Data Breach at Uber

Its big: The breach appeared to have compromised many of Ubers internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. "They pretty much have full access to Uber," said Sam...

1.4AI score
Exploits0
Total number of security vulnerabilities2980