Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2020/11/12 12:22 p.m.34 views

“Privacy Nutrition Labels” in Apple’s App Store

Apple will start requiring standardized privacy labels for apps in its app store, starting in December: Apple allows data disclosure to be optional if all of the following conditions apply: if its not used for tracking, advertising or marketing; if its not shared with a data broker; if collection...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/11 4:25 p.m.26 views

The Security Failures of Online Exam Proctoring

Proctoring an online exam is hard. Its hard to be sure that the student isnt cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but theyre uniformly...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/10 12:40 p.m.21 views

2020 Was a Secure Election

Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/06 10:1 p.m.38 views

Friday Squid Blogging: Peru Defends Its Waters against Chinese Squid Fishing Boats

Squid geopolitics. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/06 12:28 p.m.26 views

Detecting Phishing Emails

Research paper: Rick Wash, "How Experts Detect Phishing Scam Emails": Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/05 3:28 p.m.18 views

California Proposition 24 Passes

Californias Proposition 24, aimed at improving the California Consumer Privacy Act, passed this week. Analyses are very mixed. I was very mixed on the proposition, but on the whole I supported it. The proposition has some serious flaws, and was watered down by industry, but voting for privacy fee...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/04 4:28 p.m.23 views

Determining What Video Conference Participants Are Typing from Watching Shoulder Movements

Accuracy isnt great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants. Specifically, they focused on the movement of...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/02 8:1 p.m.12 views

New Windows Zero-Day

Googles Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. The exploit doesnt affect the cryptography, but allows attackers to escalate system privileges: Attackers were combining an exploit for it with a separate one targeting a...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/30 9:7 p.m.32 views

Friday Squid Blogging: Interview with a Squid Researcher

Interview with Mike Vecchione, Curator of Cephalopoda -- now thats a job title -- at the Smithsonian Museum of National History. One reason theyre so interesting is they are intelligent invertebrates. Almost everything that we think of as being intelligent -- parrots, dolphins, etc. -- are...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/30 2:14 p.m.21 views

The Legal Risks of Security Research

Sunoo Park and Kendra Albert have published "A Researcher’s Guide to Some Legal Risks of Security Research." From a summary: Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions DMCA §1201, electronic privacy law ECPA, and cryptography export...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/29 2:52 p.m.18 views

Tracking Users on Waze

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users: I found out that I can visit Waze from any web browser at waze.com/livemap so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/28 2:40 p.m.20 views

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Senator Ron Wyden asked, and the NSA didnt answer: The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/27 11:34 a.m.22 views

Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names. Weve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not realizing that covering digital text with a black bar...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/26 11:53 a.m.44 views

IMSI-Catchers from Canada

Gizmodo is reporting that Harris Corp. is no longer selling Stingray IMSI-catchers and, presumably, its follow-on models Hailstorm and Crossbow to local governments: L3Harris Technologies, formerly known as the Harris Corporation, notified police agencies last year that it planned to discontinue...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/23 9:5 p.m.26 views

Friday Squid Blogging: Squid-like Nebula

Pretty astronomical photo. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/23 1:47 p.m.35 views

New Report on Police Decryption Capabilities

There is a new report on police decryption capabilities: specifically, mobile device forensic tools MDFTs. Short summary: its not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/21 2:21 p.m.22 views

NSA Advisory on Chinese Government Hacking

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers. This advisory provides Common Vulnerabilities and Exposures CVEs known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to...

4.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/20 11:29 a.m.25 views

Cybersecurity Visuals

The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity. A Google Images Search demonstrates the problem: locks, fingerprints, hands on laptops, scary looking hackers in...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/19 11:28 a.m.27 views

Split-Second Phantom Images Fool Autopilots

Researchers are tricking autopilots by inserting split-second images into roadside billboards. Researchers at Israels Ben Gurion University of the Negev … previously revealed that they could use split-second light projections on roads to successfully trick Teslas driver-assistance systems into...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/16 9:3 p.m.10 views

Friday Squid Blogging: Chinese Squid Fishing Near the Galapagos

The Chinese have been illegally squid fishing near the Galapagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/15 11:1 a.m.38 views

US Cyber Command and Microsoft Are Both Disrupting TrickBot

Earlier this month, we learned that someone is disrupting the TrickBot botnet network. Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/14 5:15 p.m.27 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Ill be speaking at Cyber Week Online, October 19-21, 2020. Ill be speaking at the IEEE Symposium on Technology and Society virtual conference, November 12-15, 2020. Ill be keynoting the 2020 Conference on Cyber Norms on November 12...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/14 11:9 a.m.22 views

2020 Workshop on Economics of Information Security

The Workshop on Economics of Information Security will be online this year. Register here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/13 11:20 a.m.23 views

Google Responds to Warrants for “About” Searches

One of the things we learned from the Snowden documents is that the NSA conducts "about" searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number. An about search would something like "show me anyone that has used this...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/12 10:58 a.m.26 views

Hacking Apple for Profit

Five researchers hacked Apple Computers networks -- not their products -- and found fifty-five vulnerabilities. So far, they have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/09 9:2 p.m.34 views

Friday Squid Blogging: Saving the Humboldt Squid

Genetic research finds the Humboldt squid is vulnerable to overfishing. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/07 11:5 a.m.21 views

New Privacy Features in iOS 14

A good rundown...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/06 11:11 a.m.31 views

Swiss-Swedish Diplomatic Row Over Crypto AG

Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International, still based in Switzerland but owned by a Swedish company. Its back in the news: Late last week,...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/05 4:47 p.m.28 views

On Risk-Based Authentication

Interesting usability study: "More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication": Abstract: Risk-based Authentication RBA is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/02 9:5 p.m.22 views

Friday Squid Blogging: After Squidnight

Review of a squid-related childrens book. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/02 7:15 p.m.22 views

COVID-19 and Acedia

Note: This isnt my usual essay topic. Still, I want to put it on my blog. Six months into the pandemic with no end in sight, many of us have been feeling a sense of unease that goes beyond anxiety or distress. Its a nameless feeling that somehow makes it hard to go on with even the nice things we...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/01 11:19 a.m.21 views

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they dont convincingly mimic human blood circulation in the face: In particular, video of a persons face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these changes would be too minute to detect merel...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/30 11:19 a.m.27 views

Negotiating with Ransomware Gangs

Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws like anti-terrorist laws, FCPA, conspiracy and...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/29 11:16 a.m.28 views

Hacking a Coffee Maker

As expected, IoT devices are filled with vulnerabilities: As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite ...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/28 11:21 a.m.33 views

On Executive Order 12333

Mark Jaycox has written a long article on the US Executive Order 12333: "No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333": Abstract: Executive Order 12,333 "EO 12333" is a 1980s Executive Order signed by President Ronald Reagan that, among other...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/25 7:39 p.m.41 views

Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging

I thought the virus doesnt survive well on food packaging: Authorities in China’s northeastern Jilin province have found the novel coronavirus on the packaging of imported squid, health authorities in the city of Fuyu said on Sunday, urging anyone who may have bought it to get themselves tested. ...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/25 11:21 a.m.28 views

CEO of NS8 Charged with Securities Fraud

The founder and CEO of the Internet security company NS8 has been arrested and "charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud." I admit that Ive never even heard of the company before...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/24 11:18 a.m.26 views

Iranian Government Hacking Android

The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging ...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/23 11:3 a.m.34 views

Documented Death from a Ransomware Attack

A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. I think this is the first documented case of a cyberattack causing a fatality. UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack, but...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/22 6:35 p.m.25 views

Interview with the Author of the 2000 Love Bug Virus

No real surprises, but we finally have the story. The story he went on to tell is strikingly straightforward. De Guzman was poor, and internet access was expensive. He felt that getting online was almost akin to a human right a view that was ahead of its time. Getting access required a password, ...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/22 11:36 a.m.21 views

Amazon Delivery Drivers Hacking Scheduling System

Amazon drivers -- all gig workers who dont work for the company -- are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are: The phones in trees seem to serve as master devices that dispatch routes to multiple...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/21 11:6 a.m.26 views

Former NSA Director Keith Alexander Joins Amazon’s Board of Directors

This sounds like a bad idea...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/18 9:14 p.m.26 views

Friday Squid Blogging: Nano-Sized SQUIDS

SQUID news: Physicists have developed a small, compact superconducting quantum interference device SQUID that can detect magnetic fields. The team l focused on the instruments core, which contains two parallel layers of graphene. As usual, you can also use this squid post to talk about the securi...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/18 7:8 p.m.29 views

Nihilistic Password Security Questions

Posted three years ago, but definitely appropriate for the times...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/18 11:9 a.m.25 views

Matt Blaze on OTP Radio Stations

Matt Blaze discusses also here an interesting mystery about a Cuban one-time-pad radio station, and a random number generator error that probably helped arrest a pair of Russian spies in the US...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/17 11:18 a.m.36 views

New Bluetooth Vulnerability

Theres a new unpatched Bluetooth vulnerability: The issue is with a protocol called Cross-Transport Key Derivation or CTKD, for short. When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKDs role is to set up two separate authentication keys for that phone: one for a...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/16 11:0 a.m.25 views

How the FIN7 Cybercrime Gang Operates

The Grugq has written an excellent essay on how the Russian cybercriminal gang FIN7 operates. An excerpt: The secret of FIN7’s success is their operational art of cyber crime. They managed their resources and operations effectively, allowing them to successfully attack and exploit hundreds of...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/15 11:10 a.m.19 views

Privacy Analysis of Ambient Light Sensors

Interesting privacy analysis of the Ambient Light Sensor API. And a blog post. Especially note the "Lessons Learned" section...

3.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/15 2:15 a.m.33 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Cybersecurity Law & Policy Scholars Virtual Conference on September 17, 2020. I’m keynoting the Canadian Internet Registration Authority’s online symposium, Canadians Connected, on Wednesday, September 23, 2020...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/14 11:21 a.m.24 views

Interesting Attack on the EMV Smartcard Payment Standard

Its complicated, but its basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able...

0.4AI score
Exploits0
Total number of security vulnerabilities2979