Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2022/01/10 12:21 p.m.9 views

Fake QR Codes on Parking Meters

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/07 10:11 p.m.15 views

Friday Squid Blogging: Squid Prices Are Rising

The price of squid in Korea is rising due to limited supply. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/07 12:13 p.m.12 views

Norton’s Antivirus Product Now Includes an Ethereum Miner

Norton 360 can now mine Ethereum. Its opt-in, and the company keeps 15%. Its hard to uninstall this option...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/06 12:29 p.m.12 views

People Are Increasingly Choosing Private Web Search

DuckDuckGo has had a banner year: And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020 23.6 billion. Thats big. Even so, the company, which bills itself as the "Internet privacy company," offering a search engine and...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/05 12:12 p.m.19 views

More Russian Cyber Operations against Ukraine

Both Russia and Ukraine are preparing for military operations in cyberspace...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/31 10:3 p.m.19 views

Friday Squid Blogging: Deep-Dwelling Squid

We have discovered a squid -- Oegopsida, Magnapinnidae, Magnapinna sp. -- that lives at 6,000 meters deep. :They’re really weird," says Vecchione. "They drift along with their arms spread out and these really long, skinny, spaghetti-like extensions dangling down underneath them." Microscopic...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/31 3:52 p.m.20 views

Apple AirTags Are Being Used to Track People and Cars

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apples mobile...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/24 10:17 p.m.29 views

Friday Squid Blogging: Squid-Headed Statue Appears in Dallas

Someone left it in a cemetery. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/22 4:20 p.m.12 views

Stolen Bitcoins Returned

The US has returned $154 million in bitcoins stolen by a Sony employee. However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishiis wallet after obtaining the private key, which made it possible to...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/20 3:17 p.m.23 views

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Groups Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We havent heard a lot about Cytrox and its Predator...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/17 10:1 p.m.25 views

Friday Squid Blogging: UK Recognizes Squid as Sentient Beings

This seems big: The UK government has officially included decapod crustaceans-including crabs, lobsters, and crayfish-and cephalopod mollusks-including octopuses, squid, and cuttlefish-in its Animal Welfare Sentience Bill. This means they are now recognized as "sentient beings" in the UK. As usua...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/16 3:50 p.m.19 views

More Log4j News

Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. "Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability,...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/14 6:5 p.m.14 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the RSA Conference 2022 in San Francisco on February 8, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn,...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/14 3:55 p.m.11 views

On the Log4j Vulnerability

Its serious: The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. Fr...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/13 12:16 p.m.11 views

NSO Group’s Pegasus Spyware Used Against US State Department Officials

NSO Groups descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We dont know which NSO Group customer trained the spyware on the US. But the company does: NSO Group said in a statement on Thursday that it did not have any indicati...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/10 10:5 p.m.16 views

Friday Squid Blogging: The Far Side Squid Comic

The Far Side is always good for a squid reference. Heres a recent one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/10 12:37 p.m.14 views

Law Enforcement Access to Chat Data and Metadata

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and its been written about elsewhere. I dont see a lot of surprises in the document. Lots of apps leak all sorts of metadata: iMessage and...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/09 3:36 p.m.11 views

Google Shuts Down Glupteba Botnet, Sues Operators

Google took steps to shut down the Glupteba botnet, at least for now. The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently. So Google is also suing the botnets operators. Its an interesting strategy. Lets see if its successf...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/08 7:19 p.m.13 views

New German Government is Pro-Encryption and Anti-Backdoors

I hope this is true: According to Jens Zimmermann, the German coalition negotiations had made it "quite clear" that the incoming government of the Social Democrats SPD, the Greens and the business-friendly liberal FDP would reject "the weakening of encryption, which is being attempted under the...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/07 12:25 p.m.19 views

Someone Is Running Lots of Tor Relays

Since 2017, someone is running about a thousand -- 10% of the total -- Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/06 4:25 p.m.10 views

Thieves Using AirTags to “Follow” Cars

From Ontario and not surprising: Since September 2021, officers have investigated five incidents where suspects have placed small tracking devices on high-end vehicles so they can later locate and steal them. Brand name "air tags" are placed in out-of-sight areas of the target vehicles when they...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/03 8:18 p.m.12 views

Friday Squid Blogging: Squeeze the Squid

Squeeze the Squid is a band. It just released its second album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/03 12:13 p.m.22 views

Testing Faraday Cages

Matt Blaze tested a variety of Faraday cages for phones, both commercial and homemade. The bottom line: A quick and likely reliable "go/no go test" can be done with an Apple AirTag and an iPhone: drop the AirTag in the bag under test, and see if the phone can locate it and activate its alarm bewa...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/02 2:32 p.m.19 views

Smart Contract Bug Results in $31 Million Loss

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/30 7:28 a.m.10 views

Intel Is Maintaining Legacy Technology for Security Research

Interesting: Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old product...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/26 10:5 p.m.23 views

Friday Squid Blogging: Bobtail Squid and Vibrio Bacteria

Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/26 1:43 p.m.20 views

Proposed UK Law Bans Default Passwords

Following Californias lead, a new UK law would ban default passwords in IoT devices...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/24 3:29 p.m.20 views

Apple Sues NSO Group

Piling more on NSO Groups legal troubles, Apple is suing it: The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any App...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/22 2:40 p.m.22 views

“Crypto” Means “Cryptography,” Not “Cryptocurrency”

I have long been annoyed that the word "crypto" has been co-opted by the blockchain people, and no longer refers to "cryptography." Im not the only one...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/19 10:12 p.m.12 views

Friday Squid Blogging: Bigfin Squid Captured on Video

"Eerie video captures elusive, alien-like squid gliding in the Gulf of Mexico." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/19 2:31 p.m.19 views

New Rowhammer Technique

Rowhammer is an attack technique involving accessing -- thats "hammering" -- rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancemen...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/17 1:53 p.m.15 views

Is Microsoft Stealing People’s Bookmarks?

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but its too late. Has this happened to anyone else, or was this user error of some sort?...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/16 12:18 p.m.19 views

Wire Fraud Scam Upgraded with Bitcoin

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam: As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/16 11:33 a.m.20 views

Why I Hate Password Rules

The other day, I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used Password Safe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q Which was rejected by the site, because it didnt meet its password...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/15 8:34 p.m.18 views

Book Sale: Click Here to Kill Everybody and Data and Goliath

For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath, both in paperback, for just $6 each plus shipping. I have 500 copies of each book available. When theyre gone, the sale is over and the price will revert to normal. Order here and here. Please be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/15 2:18 p.m.14 views

Securing Your Smartphone

This is part 3 of Sean Gallaghers advice for "securing your digital life."...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/14 6:1 p.m.23 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking on "Securing a World of Physically Capable Computers" at @Hack on November 29, 2021. The list is maintained on this page...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/12 10:16 p.m.16 views

Friday Squid Blogging: Giant Squid Art

Images of giant squid and octopi attacking. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/12 3:7 p.m.16 views

MacOS Zero-Day Used against Hong Kong Activists

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a "watering hole" attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Googles researchers were able to trigger the...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/11 12:6 p.m.14 views

Advice for Personal Digital Security

ArsTechnicas Sean Gallagher has a two-part article on "securing your digital life." Its pretty good...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/10 12:17 p.m.14 views

Hacking the Sony Playstation 5

I just dont think its possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/08 12:3 p.m.9 views

Drones Carrying Explosives

Weve now had an unsuccessful assassination attempt by explosive-laden drones...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/05 9:11 p.m.12 views

Friday Squid Blogging: Squid Game Cryptocurrency Was a Scam

The Squid Game cryptocurrency was a complete scam: The SQUID cryptocurrency peaked at a price of $2,861 before plummeting to $0 around 5:40 a.m. ET., according to the website CoinMarketCap. This kind of theft, commonly called a "rug pull" by crypto investors, happens when the creators of the cryp...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/04 11:52 a.m.10 views

US Blacklists NSO Group

The Israeli cyberweapons arms manufacturer -- and human rights violator, and probably war criminal -- NSO Group has been added to the US Department of Commerces trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, itll make it harder...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/03 11:10 a.m.8 views

Using Fake Student Accounts to Shill Brands

It turns out that its surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands: Basically, it appears that anyone with $300 to spare can ­- or could, depending on whether Harvard successfully shuts down...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/02 11:28 a.m.8 views

On Cell Phone Metadata

Interesting Twitter thread on how cell phone metadata can be used to identify and track people who dont want to be identified and tracked...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/01 3:58 p.m.62 views

Hiding Vulnerabilities in Source Code

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. Its really clever, and not the sort of attack one would normally think about. From Ross Andersons blog: We have discovered ways of manipulating the encoding of sourc...

7.5CVSS1.1AI score0.12205EPSS
Exploits5
Schneier on Security
Schneier on Security
added 2021/10/29 9:9 p.m.14 views

Friday Squid Blogging: Squid Game Has a Cryptocurrency

In what maybe peak hype, Squid Game has its own cryptocurrency. Not in the fictional show, but in real life. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/28 11:12 a.m.13 views

More Russian SVR Supply-Chain Attacks

Microsoft is reporting that the same attacker that was behind the SolarWinds breach -- the Russian SVR, which Microsoft is calling Nobelium -- is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/27 2:1 p.m.9 views

How the FBI Gets Location Information

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked I think 2019 139-page presentation...

3AI score
Exploits0
Total number of security vulnerabilities2980