Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2022/03/11 10:1 p.m.19 views

Friday Squid Blog: 328-million-year-old Vampire Squid Ancestor Discovered

A fossilized ancestor of the vampire squid -- with ten arms -- was discovered and named Syllipsimopodi bideni after President Biden. Heres the research paper. Note: Vampire squids are not squids. Yes, its weird. As usual, you can also use this squid post to talk about the security stories in the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/10 12:6 p.m.16 views

Where’s the Russia-Ukraine Cyberwar?

It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of regional KA-SAT SATC...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/09 12:0 p.m.20 views

Fraud on Zelle

Zelle is rife with fraud: Zelle’s immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/08 12:1 p.m.10 views

Using Radar to Read Body Language

Yet another method of surveillance: Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exist...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/07 12:20 p.m.19 views

Hacking Alexa through Alexa’s Speech

An Alexa can respond to voice commands it issues. This can be exploited: The attack works by using the devices speaker to issue voice commands. As long as the speech contains the device wake word usually "Alexa" or "Echo" followed by a permissible command, the Echo will carry it out, researchers...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/04 10:4 p.m.12 views

Friday Squid Blogging: Far Side Cartoon

Squid, of course. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/04 12:19 p.m.23 views

Samsung Encryption Flaw

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/03 12:32 p.m.16 views

Details of an NSA Hacking Operation

Pangu Lab in China just published a report of a hacking operation by the Equation Group aka the NSA. It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers aka some Russian group. …the scope of victims exceeded 287 targets in 45 countries,...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/02 12:25 p.m.18 views

Vulnerability in Stalkerware Apps

TechCrunch is reporting -- but not describing in detail -- a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isnt in the apps installed on the victims phones, but in the website the stalker goes to view the information the app...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/01 12:6 p.m.12 views

Decrypting Hive Ransomware Data

Nice piece of research: Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damag...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/28 12:26 p.m.13 views

Insurance Coverage for NotPetya Losses

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Mercks insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge "did the right thing for the wrong...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/25 10:0 p.m.18 views

Friday Squid Blogging: Squid Videos

Here are six beautiful squid videos. I know nothing more about them. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 2/25: This post accidentally went live on Wednesday, two days...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/25 12:15 p.m.16 views

Privacy Violating COVID Tests

A good lesson in reading the fine print: Cignpost Diagnostics, which trades as ExpressTest and offers £35 tests for holidaymakers, said it holds the right to analyse samples from seals to "learn more about human health" -- and sell information on to third parties. Individuals are required to give...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/24 12:13 p.m.14 views

An Elaborate Employment Con in the Internet Age

The story is an old one, but the tech gives it a bunch of new twists: Gemma Brett, a 27-year-old designer from west London, had only been working at Madbird for two weeks when she spotted something strange. Curious about what her commute would be like when the pandemic was over, she searched for...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/23 12:28 p.m.18 views

Bypassing Apple’s AirTag Security

A Berlin-based company has developed an AirTag clone that bypasses Apples anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apples anti-stalker security only works with iPhones. Apple wrote an Android app that...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/22 3:28 p.m.28 views

A New Cybersecurity “Social Contract”

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age -- one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/21 12:31 p.m.17 views

Stealing Bicycles by Swapping QR Codes

This is a clever hack against those bike-rental kiosks: Theyre stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app. The app doesnt work for the ride...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/18 10:12 p.m.18 views

Friday Squid Blogging: South American Squid Stocks Threatened by Chinese Fishing

Theres a lot of fishing going on: The number of Chinese-flagged vessels in the south Pacific has surged 13-fold from 54 active vessels in 2009 to 707 in 2020, according to the SPRFMO. Meanwhile, the size of Chinas squid catch has grown from 70,000 tons in 2009 to 358,000. As usual, you can also u...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/17 4:40 p.m.16 views

Possible Government Surveillance of the Otter.ai Transcription App

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was th...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/16 1:0 p.m.16 views

Vendors are Fixing Security Flaws Faster

Googles Project Zero is reporting that software vendors are patching their code faster. tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/15 3:56 p.m.16 views

Secret CIA Data Collection Program

Two US senators claim that the CIA has been running an unregulated -- and almost certainly illegal -- mass surveillance program on Americans. The senators statement. Some declassified information from the CIA. No real details yet...

4.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/14 6:2 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia on June 3, 2022. I’m speaking at the RSA Conference 2022 in San Francisco...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/11 10:7 p.m.16 views

Friday Squid Blogging: Climate Change Causing “Squid Bloom” along Pacific Coast

The oceans are warmer, which means more squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/11 12:17 p.m.18 views

On the Irish Health Services Executive Hack

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices: The report notes that: The HSE did not have a Chief Information Security Officer CISO or a “single responsible owner for cybersecurity at either senior executive o...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/10 12:13 p.m.18 views

Bunnie Huang’s Plausibly Deniable Database

Bunnie Huang has created a Plausibly Deniable Database. Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. This allows specific and enforceable demands to be made: “Give us the...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/09 12:25 p.m.18 views

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/08 4:52 p.m.14 views

Amy Zegart on Spycraft in the Internet Age

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt: In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ -- and not in a good way. Intelligence collectors are...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/04 10:15 p.m.21 views

Friday Squid Blogging: Are Squid from Another Planet?

An actually serious scientific journal has published a paper speculating that octopus and squid could be of extraterrestrial origin. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/04 3:44 p.m.20 views

The EARN IT Act Is Back

Senators have reintroduced the EARN IT Act, requiring social media companies among others to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal D-CT and Sen. Lindsey Graham R-SC have re-introduced the EARN IT Act, an incredibly unpopula...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/03 12:1 p.m.10 views

Interview with the Head of the NSA’s Research Directorate

MIT Technology Review published an interview with Gil Herrera, the new head of the NSAs Research Directorate. Theres a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/02 3:58 p.m.11 views

Finding Vulnerabilities in Open Source Projects

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The "Alpha" side will emphasize vulnerability testing by hand in the most popular...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/01 8:26 p.m.9 views

Me on App Store Monopolies and Security

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and its making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/31 12:18 p.m.81 views

Twelve-Year-Old Linux Vulnerability Discovered and Patched

Its a privilege escalation vulnerability: Linux users on Tuesday got a major dose of bad news -- a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously calle...

7.2CVSS3.1AI score0.94921EPSS
Exploits152
Schneier on Security
Schneier on Security
added 2022/01/28 10:4 p.m.9 views

Friday Squid Blogging: Cephalopods Thirty Million Years Older Than Previously Thought

New fossils from Newfoundland push the origins of cephalopods to 522 million years ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/28 12:13 p.m.22 views

Tracking Secret German Organizations with Apple AirTags

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a "good...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/26 4:4 p.m.20 views

New DeadBolt Ransomware Targets NAT Devices

Theres a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP devices...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/25 3:35 p.m.13 views

Merck Wins Insurance Lawsuit re NotPetya Attack

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment attached in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/24 12:27 p.m.17 views

Linux-Targeted Malware Increased by 35%

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/21 10:11 p.m.13 views

Friday Squid Blogging: Piglet Squid

Nice article on the piglet squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/21 12:6 p.m.17 views

China’s Olympics App Is Horribly Insecure

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, ha...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/20 12:13 p.m.11 views

San Francisco Police Illegally Spying on Protesters

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/19 12:10 p.m.9 views

Are Fake COVID Testing Sites Harvesting Data?

Over the past few weeks, Ive seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didnt make sense because it was far too labor intensive...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/18 12:5 p.m.13 views

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably theyll lean heavily on the "think of the children!" rhetoric were seeing in this current wave of the crypto wars. The technical eavesdroppin...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/17 12:16 p.m.15 views

An Examination of the Bug Bounty Marketplace

Heres a fascinating report: "Bounty Everything: Hackers and the Making of the Global Bug Marketplace." From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ -- programs that hire hackers to discover an...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/14 10:12 p.m.20 views

Friday Squid Blogging: The Evolution of Squid Eyes

New research: The researchers from the FAS Center for Systems Biology discovered a network of genes important in squid eye development that are known to also play a crucial role in limb development across animals, including vertebrates and insects. The scientists say these genes have been...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/14 6:2 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/14 12:13 p.m.12 views

Using EM Waves to Detect Malware

I dont even know what I think about this. Researchers have developed a malware detection system that uses EM waves: "Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification." Abstract: The Internet of Things IoT is constituted of devices that are exponential...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/13 3:35 p.m.15 views

Using Foreign Nationals to Bypass US Surveillance Restrictions

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/12 12:15 p.m.13 views

Faking an iPhone Reboot

Researchers have figured how how to intercept and fake an iPhone reboot: Well dissect the iOS system and show how its possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, its still running. The "NoReboot" approach...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/11 3:9 p.m.22 views

Apple’s Private Relay Is Being Blocked

Some European cell phone carriers, and now T-Mobile, are blocking Apples Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread...

4.2AI score
Exploits0
Total number of security vulnerabilities2980