Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2021/08/25 3:13 p.m.32 views

Surveillance of the Internet Backbone

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. Its useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/20 9:18 p.m.29 views

Friday Squid Blogging: On Squid Brains

Interesting National Geographic article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/20 1:54 p.m.26 views

More on Apple’s iPhone Backdoor

In this post, Ill collect links on Apples iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. Im not convinced that this secondary system was originally part of the design, since...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/19 11:17 a.m.35 views

T-Mobile Data Breach

Its a big one: As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobiles servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/18 4:51 p.m.33 views

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

Apples NeuralHash algorithm -- the one its using for client-side scanning on the iPhone -- has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/18 11:23 a.m.23 views

Tetris: Chinese Espionage Tool

Im starting to see writings about a Chinese espionage tool that exploits website vulnerabilities to try and identify Chinese dissidents...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/14 5:1 p.m.71 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking via Internet at SHIFT Business Festival in Finland, August 25-26, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/13 9:28 p.m.53 views

Friday Squid Blogging: A Good Year for Squid?

Improved ocean conditions are leading to optimism about this years squid catch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/13 11:16 a.m.42 views

Using AI to Scale Spear Phishing

The problem with spear phishing is that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAIs GPT-3 platform in conjunction with other AI-as-a-service products focused on personali...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/11 11:42 a.m.37 views

Cobalt Strike Vulnerability Affects Botnet Servers

Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But its also used by attackers -- from criminals to governments -- to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/10 11:37 a.m.26 views

Apple Adds a Backdoor to iMessage and iCloud Storage

Apples announcement that its going to start scanning photos for child abuse material is a big deal. Here are five news stories. I have been following the details, and discussing it in several different email lists. I dont have time right now to delve into the details, but wanted to post something...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/09 11:19 a.m.44 views

Defeating Microsoft’s Trusted Platform Module

This is a really interesting story explaining how to defeat Microsofts TPM in 30 minutes -- without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one clients network, received a new Lenovo computer preconfigured to...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/06 9:5 p.m.57 views

Friday Squid Blogging: Squid Dog Toy

Its sold out, but the pictures are cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/06 11:44 a.m.49 views

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Fascinating research: "Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution." Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/05 11:25 a.m.45 views

Zoom Lied about End-to-End Encryption

The facts arent news, but Zoom will pay $85M -- to the class-action attorneys, and to users -- for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/03 11:44 a.m.41 views

Paragon: Yet Another Cyberweapons Arms Manufacturer

Forbes has the story: Paragons product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether thats WhatsApp, Signal, Facebook Messenger or Gmail, the industry...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/02 11:46 a.m.31 views

The European Space Agency Launches Hackable Satellite

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. … Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. … The satellite can detect and characterise any rog...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/30 9:13 p.m.49 views

Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial

Often it feels like squid just evolved better than us mammals. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/30 5:13 p.m.67 views

I Am Parting With My Crypto Library

The time has come for me to find a new home for my paper cryptography library. Its about 150 linear feet of books, conference proceedings, journals, and monographs -- mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporat...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/30 11:34 a.m.43 views

Storing Encrypted Photos in Google’s Cloud

New paper: "Encrypted Cloud Photo Storage Using Google Photos": Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/29 11:52 a.m.55 views

AirDropped Gun Photo Causes Terrorist Scare

A teenager on an airplane sent a photo of a replica gun via AirDrop to everyone who had their settings configured to receive unsolicited photos from strangers. This caused a three-hour delay as the plane -- still at the gate -- was evacuated and searched. The teen was not allowed to reboard. I ca...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/28 11:3 a.m.47 views

De-anonymization Story

This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops USCCB, effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work,...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/27 11:25 a.m.51 views

Hiding Malware in ML Models

Interesting research: "EvilModel: Hiding Malware Inside of Neural Network Models". Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/26 11:30 a.m.44 views

Disrupting Ransomware by Disrupting Bitcoin

Ransomware isnt new; the idea dates back to 1986 with the "Brain" computer virus. Now, its become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than its original owner, and it makes more sense to ransom it back to them --...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/23 8:58 p.m.58 views

Friday Squid Blogging: The Evolution of Squid

Good video about the evolutionary history of squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/23 1:58 p.m.57 views

Commercial Location Data Used to Out Priest

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially a...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/22 3:41 p.m.104 views

Nasty Windows Printer Driver Vulnerability

From SentinelLabs, a critical vulnerability in HP printer drivers: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers also used by Samsung and Xerox, which impacts hundreds of millions of Windows machines. If exploited, cyberattackers...

4.6CVSS7.5AI score0.02902EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2021/07/20 6:50 p.m.45 views

NSO Group Hacked

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware -- used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others -- was hacked. Or, at least, an enormous trove of documents was leaked to journalists. Theres a lo...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/19 3:54 p.m.245 views

Candiru: Another Cyberweapons Arms Manufacturer

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report: Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones,...

7.2CVSS0.2AI score0.06255EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/16 9:12 p.m.30 views

Friday Squid Blogging: Giant Squid Model

Pretty wooden model. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/16 8:3 p.m.92 views

REvil is Off-Line

This is an interesting development: Just days after President Biden demanded that President Vladimir V. Putin of Russia shut down ransomware groups attacking American targets, the most aggressive of the groups suddenly went off-line early Tuesday. … Gone was the publicly available "happy blog" th...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/15 11:8 a.m.45 views

Colorado Passes Consumer Privacy Law

First California. Then Virginia. Now Colorado. Heres a good comparison of the three states laws...

4.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/14 5:10 p.m.33 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Norbert Wiener in the 21st Century, a virtual conference hosted by The IEEE Society on Social Implications of Technology SSIT, July 23-25, 2021. I’m speaking at DEFCON 29, August 5-8, 2021. Im speaking via Internet ...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/14 11:4 a.m.36 views

China Taking Control of Zero-Day Exploits

China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to "overseas organizations or individuals"...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/13 2:4 p.m.24 views

Iranian State-Sponsored Hacking Attempts

Interesting attack: Masquerading as UK scholars with the University of Londons School of Oriental and African Studies SOAS, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with hi...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/12 4:58 p.m.42 views

Analysis of the FBI’s Anom Phone

Motherboard got its hands on one of those Anom phones that were really FBI honeypots. The details are interesting...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/09 9:3 p.m.47 views

Friday Squid Blogging: Squid-Related Game

Its called "Squid Fishering." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/08 3:6 p.m.46 views

Details of the REvil Ransomware Attack

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekends attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/06 2:27 p.m.51 views

Vulnerability in the Kaspersky Password Manager

A vulnerability just patched in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/05 11:11 a.m.58 views

Stealing Xbox Codes

Detailed story of Volodymyr Kvashuk, a Microsoft insider who noticed a bug in the companys internal systems that allowed him to create unlimited Xbox gift cards, and stole $10.1 million before he was caught...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/02 9:6 p.m.53 views

Friday Squid Blogging: Best Squid-Related Headline

From the New York Times: "When an Eel Climbs a Ramp to Eat Squid From a Clamp, Thats a Moray." The article is about the eel; the squid is just eel food. But still…. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posti...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/02 11:26 a.m.44 views

More Russian Hacking

Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/07/01 4:1 p.m.37 views

Insurance and Ransomware

As ransomware becomes more common, Im seeing more discussions about the ethics of paying the ransom. Heres one more contribution to that issue: a research paper that the insurance industry is hurting more than its helping. However, the most pressing challenge currently facing the industry is...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/29 2:12 p.m.35 views

Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence a Breathalyzer is probably the most obvious example. Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examin...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/28 11:53 a.m.36 views

NFC Flaws in POS Devices and ATMs

Its a series of vulnerabilities: Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC syste...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/25 9:20 p.m.57 views

Friday Squid Blogging: Colossal Squid Photographed off the Coast of Antarctica

Wow. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/25 1:53 p.m.48 views

AI-Piloted Fighter Jets

News from Georgetowns Center for Security and Emerging Technology: China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report, the system had shot down...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/24 2:44 p.m.38 views

Banning Surveillance-Based Advertising

The Norwegian Consumer Council just published a fantastic new report: "Time to Ban Surveillance-Based Advertising." From the Introduction: The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements opaque...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/23 11:1 a.m.38 views

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiams interception products, dubbed "Invisible Man" and "Night Crawler," are capable of remotely accessing a targets files, location, and covertly turning on a devices...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/22 11:54 a.m.43 views

Apple Will Offer Onion Routing for iCloud/Safari Users

At this years Apple Worldwide Developer Conference, Apple announced something called "iCloud Private Relay." Thats basically its private version of onion routing, which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if youre an...

0.2AI score
Exploits0
Total number of security vulnerabilities2980