Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2022/05/14 5:5 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S N...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/13 9:10 p.m.19 views

Friday Squid Blogging: Squidmobile

The Squidmobile. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/12 6:7 p.m.13 views

Surveillance by Driverless Car

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation EFF senior staff attorney Adam Schwartz told Motherboard...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/11 2:24 p.m.12 views

ICE Is a Domestic Surveillance Agency

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/09 2:39 p.m.13 views

Apple Mail Now Blocks Email Trackers

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible "image," typically a single white pixel, with a unique file name. The server keeps track of every time this "image" is opened and by which IP address. This quirk of internet history means that...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/06 9:15 p.m.9 views

Friday Squid Blogging: Squid Filmed Changing Color for Camouflage Purposes

Video of oval squid Sepioteuthis lessoniana changing color in reaction to their background. The research paper claims this is the first time this has been documented. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/06 11:1 a.m.11 views

Corporate Involvement in International Cybersecurity Treaties

The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President Emmanuel Macron during the 2018 UNESCO’s Internet Governance Forum. It’s an attempt by the worlds governments to come together and create a set of international norms and standards for a reliable,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/05 11:2 a.m.17 views

15.3 Million Request-Per-Second DDoS Attack

Cloudflare is reporting a large DDoS attack against an unnamed company "operating a crypto launchpad." While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/04 11:15 a.m.13 views

New Sophisticated Malware

Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where thin...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/03 4:17 p.m.17 views

Using Pupil Reflection in Smartphone Camera Selfies

Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used: For now, the research is focusing on six different ways a user can hold a device like a smartphone: with both hands, just the left, or just the...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/29 9:8 p.m.16 views

Friday Squid Blogging: Ten-Foot Long Squid Washed onto Japanese Shore — ALIVE

This is rare: An about 3-meter-long giant squid was found stranded on a beach here on April 20, in what local authorities said was a rare occurrence. At around 10 a.m., a nearby resident spotted the squid at Ugu beach in Obama, Fukui Prefecture, on the Sea of Japan coast. According to the Obama...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/29 2:18 p.m.15 views

Video Conferencing Apps Sometimes Ignore the Mute Button

New research: "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps": Abstract: In the post-pandemic era, video conferencing apps VCAs have converted previously private spaces -- bedrooms, living rooms, and kitchens -- into semi-public extensions of the office. And...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/28 2:15 p.m.19 views

Microsoft Issues Report of Russian Cyberattacks against Ukraine

Microsoft has a comprehensive report on the dozens of cyberattacks -- and even more espionage operations -- Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat APT actors and other unattributed threats, have conducted destructive attacks,...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/27 6:40 p.m.10 views

Zero-Day Vulnerabilities Are on the Rise

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/25 10:18 a.m.7 views

SMS Phishing Attacks are on the Rise

SMS phishing attacks -- annoyingly called "smishing" -- are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the "Fedex package delivered" messages the article talks about. Mine are usually of the form: "Thank you fo...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/22 9:4 p.m.16 views

Friday Squid Blogging: Squid Skin–Inspired Insulating Material

Interesting: Drawing inspiration from cephalopod skin, engineers at the University of California, Irvine invented an adaptive composite material that can insulate beverage cups, restaurant to-go bags, parcel boxes and even shipping containers. … "The metal islands in our composite material are ne...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/22 12:9 p.m.10 views

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Interesting implementation mistake: The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authentica...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/21 12:16 p.m.15 views

Long Article on NSO Group

Ronan Farrow has a long article in the New Yorker on NSO Group, which includes the news that someone -- probably Spain -- used the software to spy on domestic Catalonian separatists...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/20 1:57 p.m.10 views

Clever Cryptocurrency Theft

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportional votes based on the amount of currency they own. A clever hacker used a "flash loan" feature of another decentralized finance project to borrow enough of the currency ...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/19 8:12 p.m.15 views

Undetectable Backdoors in Machine-Learning Models

New paper: "Planting Undetectable Backdoors in Machine Learning Models": Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectab...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/15 9:7 p.m.12 views

Friday Squid Blogging: Strawberry Squid Video

Beautiful video shot off the California coast. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/14 4:41 p.m.13 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn,...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/14 3:46 p.m.15 views

Industrial Control System Malware Discovered

The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream thats designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. Theres also no indicati...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/13 11:32 a.m.16 views

Russian Cyberattack against Ukrainian Power Grid Prevented

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/12 2:25 p.m.7 views

John Oliver on Data Brokers

John Oliver has an excellent segment on data brokers and surveillance capitalism...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/11 11:4 a.m.17 views

De-anonymizing Bitcoin

Andy Greenberg wrote a long article -- an excerpt from his new book -- on how law enforcement de-anonymized bitcoin transactions to take down a global child porn ring. Within a few years of Bitcoins arrival, academic security researchers -- and then companies like Chainalysis -- began to tear...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/08 9:12 p.m.16 views

Friday Squid Blogging: Do Squid Have Emotions?

Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we dont know, but cant rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates dont feel pain and other emotions. "If they can no longer be...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/08 11:6 a.m.19 views

AirTags Are Used for Stalking Far More than Previously Reported

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens o...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/07 2:31 p.m.13 views

US Disrupts Russian Botnet

The Justice Department announced the disruption of a Russian GRU-controlled botnet: The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/06 2:38 p.m.15 views

Cyberweapons Arms Manufacturer FinFisher Shuts Down

FinFisher has shut down operations. This is the spyware company whose products were used, among other things, to spy on Turkish and Bahraini political opposition...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/05 11:4 a.m.21 views

Hackers Using Fake Police Data Requests against Tech Companies

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/04 11:13 a.m.10 views

Wyze Camera Vulnerability

Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case youre wondering, no, that is not normal in the security community. While experts tell me that the concept of a "responsible disclosur...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/01 9:6 p.m.14 views

Friday Squid Blogging: Squid Migration and Climate Change

New research on the changing migration of the Doryteuthis opalescens as a result of climate change. News article: Stanford researchers have solved a mystery about why a species of squid native to California has been found thriving in the Gulf of Alaska about 1,800 miles north of its expected rang...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/01 11:12 a.m.27 views

Bypassing Two-Factor Authentication

These techniques are not new, but theyre increasingly popular: …some forms of MFA are stronger than others, and recent events show that these weaker forms arent much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/31 11:13 a.m.99 views

Chrome Zero-Day from North Korea

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for...

6.8CVSS0.4AI score0.23546EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/30 11:29 a.m.10 views

Stalking with an Apple Watch

The malicious uses of these technologies are scary: Police reportedly arrived on the scene last week and found the man crouched beside the womans passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the womans passenger side front...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/29 11:2 a.m.15 views

A Detailed Look at the Conti Ransomware Gang

Based on two years of leaked messages, 60,000 in all: The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers should process their code, and shares best...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/25 9:7 p.m.13 views

Friday Squid Blogging: Unexpectedly Low Squid Population in the Arctic

Research: Abstract: The retreating ice cover of the Central Arctic Ocean CAO fuels speculations on future fisheries. However, very little is known about the existence of harvestable fish stocks in this 3.3 million­–square kilometer ecosystem around the North Pole. Crossing the Eurasian Basin, we...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/25 11:14 a.m.20 views

Gus Simmons’s Memoir

Gus Simmons is an early pioneer in cryptography and computer security. I know him best for his work on authentication and covert channels, specifically as related to nuclear treaty verification. His work is cited extensively in Applied Cryptography. He has written a memoir of growing up dirt-poor...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/24 11:38 a.m.16 views

Linux Improves Its Random Number Generator

In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new -- identical -- algorithm based on the BLAKE2 hash function, which is an excellent security improvement...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/23 11:16 a.m.13 views

NASA’s Insider Threat Program

The Office of Inspector General has audited NASAs insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agencys information technology IT systems -- including many containing high-value assets or critical...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/22 2:57 p.m.11 views

White House Warns of Possible Russian Cyberattacks

News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. … Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/21 3:22 p.m.21 views

Developer Sabotages Open-Source Software Package

This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The applicatio...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/18 9:15 p.m.16 views

Friday Squid Blogging: The Costs of Unregulated Squid Fishing

Greenpeace has published a report, "Squids in the Spotlight," on the extent and externalities of global squid fishing. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/18 11:12 a.m.20 views

Why Vaccine Cards Are So Easily Forged

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/17 11:16 a.m.12 views

“Change Password”

Oops: Instead of telling you when its safe to cross the street, the walk signs in Crystal City, VA are just repeating CHANGE PASSWORD. Somethings gone terribly wrong here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/16 4:35 p.m.46 views

Breaking RSA through Insufficiently Random Primes

Basically, the SafeZone library doesnt sufficiently randomize the two prime numbers it used to generate RSA keys. Theyre too close to each other, which makes them vulnerable to recovery. There arent many weak keys out there, but there are some: So far, Böck has identified only a handful of keys i...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/15 11:1 a.m.17 views

US Critical Infrastructure Companies Will Have to Report When They Are Hacked

This will be law soon: Companies critical to U.S. national interests will now have to report when theyre hacked or they pay ransomware, according to new rules approved by Congress. … The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/14 2:57 p.m.8 views

Upcoming Speaking Events

This is a current list of where and when I am scheduled to speak: I’m participating in an online panel discussion on “Ukraine and Russia: The Online War,” hosted by UMass Amherst, at 5:00 PM Eastern on March 31, 2022. I’m speaking at Future Summits in Antwerp, Belgium on May 18, 2022. I’m speakin...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/14 11:9 a.m.13 views

Leak of Russian Censorship Data

The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization. Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of...

3.2AI score
Exploits0
Total number of security vulnerabilities2980