Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2022/07/14 2:31 p.m.16 views

New Browser De-anonymization Technique

Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/13 11:0 a.m.15 views

Post-Roe Privacy

This is an excellent essay outlining the post-Roe privacy threat model. Summary: period tracking apps are largely a red herring. Taken together, this means the primary digital threat for people who take abortion pills is the actual evidence of intention stored on your phone, in the form of texts,...

Exploits0
Schneier on Security
Schneier on Security
added 2022/07/12 12:23 p.m.23 views

Security Vulnerabilities in Honda’s Keyless Entry System

Honda vehicles from 2021 to 2022 are vulnerable to this attack: On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin260...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/11 11:35 a.m.16 views

Nigerian Prison Break

There was a massive prison break in Abuja, Nigeria: Armed with bombs, Rocket Propelled Grenade RPGs and General Purpose Machine Guns GPMG, the attackers, who arrived at about 10:05 p.m. local time, gained access through the back of the prison, using dynamites to destroy the heavily fortified...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/08 9:9 p.m.13 views

Friday Squid Blogging: Fishing for Squid

Foreign Policy has a three-part so far podcast series on squid and global fishing. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD: I accidentally posted this on Wednesday. I...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/08 2:18 p.m.17 views

Apple’s Lockdown Mode

Apple has introduced lockdown mode for high-risk users who are concerned about nation-state attacks. It trades reduced functionality for increased security in a very interesting way...

4.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/07 6:18 p.m.22 views

Ubiquitous Surveillance by ICE

Report by Georgetowns Center on Privacy and Technology published a comprehensive report on the surprising amount of mass surveillance conducted by Immigration and Customs Enforcement ICE. Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/06 4:49 p.m.18 views

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

NISTs post-quantum computing cryptography standard process is entering its final phases. It announced the first four algorithms: For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption key...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/01 9:6 p.m.7 views

Friday Squid Blogging: Multiplexing SQUIDs for X-ray Telescopes

NASA is researching new techniques for multiplexing SQUIDs--thats superconducting quantum interference devices--for X-ray observatories. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/01 2:33 p.m.15 views

Analyzing the Swiss E-Voting System

Andrew Appel has a long analysis of the Swiss online voting system. Its a really good analysis of both the system and the official analyses...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/30 8:4 p.m.13 views

ZuoRAT Malware Is Targeting Routers

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies Black Lotus Labs say theyve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/29 11:19 a.m.18 views

Ecuador’s Attempt to Resettle Edward Snowden

Someone hacked the Ecuadorian embassy in Moscow and found a document related to Ecuadors 2013 efforts to bring Edward Snowden there. If you remember, Snowden was traveling from Hong Kong to somewhere when the US revoked his passport, stranding him in Russia. In the document, Ecuador asks Russia t...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/28 11:22 a.m.17 views

When Security Locks You Out of Everything

Thought experiment story of someone who lost everything in a house fire, and now cant log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in--yo...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/27 11:42 a.m.15 views

2022 Workshop on Economics and Information Security (WEIS)

I did not attend WEIS this year, but Ross Anderson was there and liveblogged all the talks...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/24 9:4 p.m.15 views

Friday Squid Blogging: Squid Cubes

Researchers thaw squid frozen into a cube and often make interesting discoveries. Okay, this is a weird story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/24 11:13 a.m.24 views

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. In response,...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/23 11:5 a.m.14 views

On the Subversion of NIST by the NSA

Nadiya Kostyuk and Susan Landau wrote an interesting paper: "Dueling Over DUALECDRBG: The Consequences of Corrupting a Cryptographic Standardization Process": Abstract: In recent decades, the U.S. National Institute of Standards and Technology NIST, which develops cryptographic standards for...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/22 11:7 a.m.15 views

Symbiote Backdoor in Linux

Interesting: What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object SO libra...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/21 11:34 a.m.17 views

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to "fix" the Internet than any other single...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/20 11:23 a.m.10 views

Hertzbleed: A New Side-Channel Attack

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but its not generally viable because measuring power consumption is often hard. This new attack measures power consumption ...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/17 9:5 p.m.12 views

Friday Squid Blogging: Signature Steamed Giant Squid with Thai Lime Sauce

From a restaurant in Singapore. Its not actually giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/17 11:6 a.m.17 views

Tracking People via Bluetooth on Their Phones

Weve always known that phones--and the people carrying them--can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that thats not enough. Computer scientists at the University of California San Diego proved in a...

Exploits0
Schneier on Security
Schneier on Security
added 2022/06/16 11:2 a.m.11 views

Attacking the Performance of Machine Learning Systems

Interesting research: "Sponge Examples: Energy-Latency Attacks on Neural Networks": Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/15 11:5 a.m.13 views

M1 Chip Vulnerability

This is a new vulnerability against Apples M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/14 5:1 p.m.6 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/14 12:19 p.m.17 views

Hacking Tesla’s Remote Key Cards

Interesting vulnerability in Teslas NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/13 11:48 a.m.19 views

Cryptanalysis of ENCSecurity’s Encryption Implementation

ENCSecurity markets a file encryption system, and its used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, its implementation is flawed in multiple ways--and breakable. The moral is, as it always is, that implementing cryptography securely is hard. Dont roll...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 7:33 p.m.10 views

Friday Squid Blogging: Squid Changes Color from Black to Transparent

Neat video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 2:30 p.m.18 views

Twitter Used Two-Factor Login Details for Ad Targeting

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 11:22 a.m.15 views

Smartphones and Civilians in Wartime

Interesting article about civilians using smartphones to assist their militaries in wartime, and how that blurs the important legal distinction between combatants and non-combatants: The principle of distinction between the two roles is a critical cornerstone of international humanitarian law­--t...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/08 11:17 a.m.16 views

Leaking Military Secrets on Gaming Discussion Boards

People are leaking classified military information on discussion boards for the video game War Thunder to win arguments--repeatedly...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/06 3:33 p.m.14 views

Long Story on the Accused CIA Vault 7 Leaker

Long article about Joshua Schulte, the accused leaker of the WikiLeaks Vault 7 and Vault 8 CIA data. Well worth reading...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/03 9:3 p.m.13 views

Friday Squid Blogging: More on the “Mind Boggling” Squid Genome

Octopus and squid genes are weird. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/03 7:1 p.m.19 views

Me on Public-Interest Tech

Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: "The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists." It was something I was really proud of, and its finally up on...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/02 8:59 p.m.17 views

Remotely Controlling Touchscreens

Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/01 6:25 p.m.127 views

Clever — and Exploitable — Windows Zero-Day

Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Heres the advisory, which includes a work-around until a patch is available...

9.3CVSS3.2AI score0.99374EPSS
Exploits62
Schneier on Security
Schneier on Security
added 2022/05/31 11:6 a.m.12 views

The Limits of Cyber Operations in Wartime

Interesting paper by Lennart Maschmeyer: "The Subversive Trilemma: Why Cyber Operations Fall Short of Expectations": Abstract: Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utili...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/31 9:12 a.m.20 views

Security and Human Behavior (SHB) 2022

Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, its nice to be back together in person. SHB is a small, annual, invitational...

Exploits0
Schneier on Security
Schneier on Security
added 2022/05/27 8:57 p.m.13 views

Friday Squid Blogging: Squid Bites Diver

I agree; the diver deserved it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/26 11:55 a.m.16 views

Malware-Infested Smart Card Reader

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them. But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/25 3:30 p.m.18 views

Manipulating Machine-Learning Systems through the Order of the Training Data

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not rando...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/24 11:11 a.m.16 views

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute "good faith" security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solel...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/23 11:9 a.m.16 views

Forging Australian Driver’s Licenses

The New South Wales digital drivers license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN which gets set during the initial onboarding when a user first instals the...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/20 9:7 p.m.16 views

Friday Squid Blogging: Squid Street Art

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/20 7:5 p.m.19 views

The Onion on Google Map Surveillance

"Google Maps Adds Shortcuts through Houses of People Google Knows Arent Home Right Now." Excellent satire...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/20 11:2 a.m.19 views

Bluetooth Flaw Allows Remote Unlocking of Digital Locks

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/19 11:23 a.m.11 views

Websites that Collect Your Data as You Type

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/18 11:6 a.m.18 views

iPhone Malware that Operates Even When the Phone Is Turned Off

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­--which is key to making features like Find My work­--has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/17 11:10 a.m.17 views

Attacks on Managed Service Providers Expected to Increase

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs--as a vector to their customers--are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the...

4.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/16 11:34 a.m.12 views

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didnt enter any of its own in the contest. The agencys mathematicians, however, worked with NI...

0.6AI score
Exploits0
Total number of security vulnerabilities2980