Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2021/10/25 6:46 p.m.19 views

New York Times Journalist Hacked with NSO Spyware

Citizen Lab is reporting that a New York Times journalist was hacked with the NSO Groups spyware Pegasus, probably by the Saudis. The world needs to do something about these cyberweapons arms manufacturers. This kind of thing isnt enough; NSO Group is an Israeli company...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/22 9:10 p.m.17 views

Friday Squid Blogging: Squid Eating Maine Shrimp

Squid are eating Maine shrimp, causing a collapse of the ecosystem. This seems to be a result of climate change. Maines shrimp fishery has been closed for nearly a decade since the stocks collapse in 2013. Scientists are now saying a species of squid that came into the Gulf of Maine during a...

Exploits0
Schneier on Security
Schneier on Security
added 2021/10/22 11:13 a.m.28 views

Nation-State Attacker of Telecommunications Networks

Someone has been hacking telecommunications networks around the world: LightBasin aka UNC1945 is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/21 11:25 a.m.14 views

Problems with Multifactor Authentication

Roger Grimes on why multifactor authentication isnt a panacea: The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted ...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/20 11:16 a.m.40 views

Textbook Rental Scam

Heres a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/19 1:7 p.m.19 views

Using Machine Learning to Guess PINs from Video

Researchers trained a machine-learning system on videos of people typing their PINs into ATMs: By using three tries, which is typically the maximum allowed number of attempts before the card is withheld, the researchers reconstructed the correct sequence for 5-digit PINs 30% of the time, and...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/19 11:7 a.m.18 views

Ransomware Attacks against Water Treatment Plants

According to a report from CISA last week, there were three ransomware attacks against water treatment plants last year. WWS Sector cyber intrusions from 2019 to early 2021 include: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. The...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/18 11:20 a.m.8 views

Missouri Governor Doesn’t Understand Responsible Disclosure

The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a states website, and then reported it to the state. The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers arou...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/15 9:18 p.m.25 views

Friday Squid Blogging: New Giant Squid Video

New video of a large squid in the Red Sea at about 2,800 feet. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/15 2:30 p.m.18 views

Security Risks of Client-Side Scanning

Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldnt touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. Its not a cryptographic backdoor, b...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/14 4:45 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/14 2:56 p.m.22 views

Recovering Real Faces from Face-Generation ML System

New paper: "This Person Probably Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks GANs have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek website http://thispersondoesnotexist.com,...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/13 2:47 p.m.14 views

Suing Infrastructure Companies for Copyright Violations

Its a matter of going after those with deep pockets. From Wired: Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didnt terminate...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/12 3:4 p.m.11 views

Airline Passenger Mistakes Vintage Camera for a Bomb

I feel sorry for the accused: The "security incident" that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding -- after an airline passenger mistook another travelers camera for a bomb, sources said Sunday. American...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/11 12:49 p.m.11 views

The European Parliament Voted to Ban Remote Biometric Surveillance

Its not actually banned in the EU yet -- the legislative process is much more complicated than that -- but its a step: a total ban on biometric mass surveillance. To respect "privacy and human dignity," MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/08 9:25 p.m.28 views

Friday Squid Blogging: Strawberry Squid

Pretty pictures of a strawberry squid Histioteuthis heteropsis. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/06 2:19 p.m.31 views

Syniverse Hack

This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 o...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/04 10:55 p.m.26 views

Facebook Is Down

Facebook -- along with Instagram and WhatsApp -- went down globally today. Basically, someone deleted their BGP records, which made their DNS fall apart. …at approximately 11:39 a.m. ET today 15:39 UTC, someone at Facebook caused an update to be made to the companys Border Gateway Protocol BGP...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/04 2:40 p.m.30 views

Cheating on Tests

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test. Whats interesting is how this cheating was discovered. Its not that someone noticed the communication devices. Its that the proctors noticed that cheating test taker...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/01 9:22 p.m.33 views

Friday Squid Blogging: Squid Game

Netflix has a new series called Squid Game, about people competing in a deadly game for money. It has nothing to do with actual squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/01 2:56 p.m.17 views

A Death Due to Ransomware

The Wall Street Journal is reporting on a babys death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. Amid the hack, fewer eyes were on the heart monitors -- normally tracked on a large screen at the nurses station, in...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/30 4:51 p.m.21 views

Hardening Your VPN

The NSA and CISA have released a document on how to harden your VPN...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/28 2:51 p.m.25 views

Check What Information Your Browser Leaks

These two sites tell you what sorts of information youre leaking from your browser...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/27 11:25 a.m.12 views

Tracking Stolen Cryptocurrencies

Good article about the current state of cryptocurrency forensics...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/24 9:20 p.m.17 views

Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk

No, I dont understand it, either. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/24 7:5 p.m.28 views

I Am Not Satoshi Nakamoto

This isnt the first time Ive received an e-mail like this: Hey! Ive done my research and looked at a lot of facts and old forgotten archives. I know that you are Satoshi, I do not want to tell anyone about this. I just wanted to say that you created weapons of mass destruction where niches remain...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/24 2:51 p.m.20 views

The Proliferation of Zero-days

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves --...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/23 1:15 p.m.27 views

ROT8000

ROT8000 is the Unicode equivalent of ROT13. Whats clever about it is that normal English looks like Chinese, and not like ciphertext to a typical Westerner, that is...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/22 2:30 p.m.18 views

FBI Had the REvil Decryption Key

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didnt pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying i...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/21 11:5 a.m.10 views

Alaska’s Department of Health and Social Services Hack

Apparently, a nation-state hacked Alaskas Department of Health and Social Services. Not sure why Alaskas Department of Health and Social Services is of any interest to a nation-state, but thats probably just my failure of imagination...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/17 9:14 p.m.30 views

Friday Squid Blogging: Ram’s Horn Squid Shells

You can find rams horn squid shells on beaches in Texas and presumably elsewhere. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/17 11:9 a.m.21 views

Zero-Click iMessage Exploit

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Groups Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/15 3:31 p.m.20 views

Identifying Computer-Generated Faces

Its the eyes: The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities. They also note that it would not be difficult to write software to spot such errors and for social media sites to use it to remove...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/14 5:2 p.m.23 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I’m speaking at the Infosecurity Magazine EMEA Autumn Online Summit on September 21, 2021. I’m speaking at the Cybersecurity and Data Privacy Law Conference in...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/13 11:41 a.m.23 views

Designing Contact-Tracing Apps

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/10 9:13 p.m.16 views

Friday Squid Blogging: Possible Evidence of Squid Paternal Care

Researchers have found possible evidence of paternal care among bigfin reef squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/10 11:10 a.m.28 views

ProtonMail Now Keeps IP Logs

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that "we do not keep any IP logs." EDITED TO ADD 9/14: This seems to be more complicated. ProtonMail is not yet saying that they keep logs. Their privacy policy still states that they do n...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/09 11:13 a.m.17 views

More Detail on the Juniper Hack and the NSA PRNG Backdoor

We knew the basics of this story, but its good to have more detail. Heres me in 2015 about this Juniper hack. Heres me in 2007 on the NSA backdoor...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/08 11:2 a.m.16 views

Security Risks of Relying on a Single Smartphone

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the phone and replaced the SIM card, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/07 11:14 a.m.18 views

Lightning Cable with Embedded Eavesdropping

Normal-looking cables USB-C, Lightning, and so on that exfiltrate data over a wireless network. I blogged about a previous prototype here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/06 11:11 a.m.11 views

Tracking People by their MAC Addresses

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 9:5 p.m.11 views

Friday Squid Blogging: Squid Communication

Interesting article on squid communication. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 7:21 p.m.17 views

Hacker-Themed Board Game

Black Hat is a hacker-themed board game...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 3:19 p.m.26 views

History of the HX-63 Rotor Machine

Jon D. Paul has written the fascinating story of the HX-63, a super-complicated electromechanical rotor cipher machine made by Crypto AG...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/01 11:14 a.m.28 views

Zero-Click iPhone Exploits

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they dont require to victim to do anything, like click on a link or open a file. The victim receiv...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/31 11:37 a.m.32 views

More Military Cryptanalytics, Part III

Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahoss Military Cryptanalytics, Part III. We just got most of the index. Its hard to believe that there are any real secrets left in this 44-year-old volume...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/30 11:24 a.m.11 views

Excellent Write-up of the SolarWinds Security Breach

Robert Chesney wrote up the Solar Winds story as a case study, and its a really good summary...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/27 9:14 p.m.25 views

Friday Squid Blogging: Tentacle Doorknob

Its pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/27 1:37 p.m.12 views

Details of the Recent T-Mobile Breach

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. Ive lost count of how many times T-Mobile has been hacked...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/26 11:28 a.m.28 views

Interesting Privilege Escalation Vulnerability

If you plug a Razer peripheral mouse or keyboard, I think into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software -- which automatically downloads -- to gain SYSTEM privileges. It should be noted that this is a local privilege escalation LPE vulnerability, which...

3AI score
Exploits0
Total number of security vulnerabilities2980