Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2020/09/14 11:21 a.m.24 views

Interesting Attack on the EMV Smartcard Payment Standard

Its complicated, but its basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/11 9:5 p.m.15 views

Friday Squid Blogging: Calamari vs. Squid

St. Louis Magazine answers the important question: "Is there a difference between calamari and squid?" Short answer: no. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/11 11:15 a.m.23 views

Ranking National Cyber Power

Harvard Kennedy Schools Belfer Center published the "National Cyber Power Index 2020: Methodology and Analytical Considerations." The rankings: 1. US, 2. China, 3. UK, 4. Russia, 5. Netherlands, 6. France, 7. Germany, 8. Canada, 9. Japan, 10. Australia, 11. Israel. More countries are in the...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/10 11:26 a.m.28 views

The Third Edition of Ross Anderson’s Security Engineering

Ross Andersons fantastic textbook, Security Engineering, will have a third edition. The book wont be published until December, but Ross has been making drafts of the chapters available online as he finishes them. Now that the book is completed, I expect the publisher to make him take the drafts o...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/09 11:37 a.m.24 views

US Space Cybersecurity Directive

The Trump Administration just published "Space Policy Directive - 5": "Cybersecurity Principles for Space Systems." Its pretty general: Principles. a Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/08 11:12 a.m.22 views

More on NIST's Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: We're in the process of moving this blog to Wordpress. Comments will be disabled until the move it...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/08 6:12 a.m.10 views

More on NIST’s Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/08 6:12 a.m.13 views

More on NIST’s Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/06 1:1 a.m.54 views

Schneier.com is Moving

I'm switching my website software from Movable Type to Wordpress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/05 8:1 p.m.9 views

Schneier.com is Moving

Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/05 8:1 p.m.13 views

Schneier.com is Moving

Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 9:53 p.m.34 views

Friday Squid Blogging: Morning Squid

Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 4:53 p.m.13 views

Friday Squid Blogging: Morning Squid

Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 4:53 p.m.14 views

Friday Squid Blogging: Morning Squid

Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 11:2 a.m.23 views

Hacking AI-Graded Tests

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 6:2 a.m.16 views

Hacking AI-Graded Tests

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 6:2 a.m.10 views

Hacking AI-Graded Tests

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 11:18 a.m.21 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 6:18 a.m.14 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 6:18 a.m.6 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 12:2 p.m.20 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.6 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.9 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 11:17 a.m.19 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 6:17 a.m.9 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 6:17 a.m.12 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 10:45 a.m.21 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 5:45 a.m.6 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 5:45 a.m.11 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 9:10 p.m.37 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 4:10 p.m.9 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 4:10 p.m.12 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 11:40 a.m.24 views

US Postal Service Files Blockchain Voting Patent

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 6:40 a.m.15 views

US Postal Service Files Blockchain Voting Patent

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 6:40 a.m.11 views

US Postal Service Files Blockchain Voting Patent

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/27 11:33 a.m.25 views

Cory Doctorow on The Age of Surveillance Capitalism

Cory Doctorow has writtten an extended rebuttal of The Age of Surveillance Capitalism by Shoshana Zuboff. He summarized the argument on Twitter. Shorter summary: it's not the surveillance part, it's the fact that these companies are monopolies. I think it's both. Surveillance capitalism has some...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/26 11:31 a.m.12 views

Amazon Supplier Fraud

Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different goods instead. In one instance, Amazon ordered 12 canisters of disinfectant spray costing $94.03. The defendants allegedly shipped...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/25 11:28 a.m.14 views

Identifying People by Their Browsing Histories

Interesting paper: "Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/24 11:23 a.m.27 views

DiceKeys

DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig, and then use an app to convert those dice into a key. You can then use that key for a variety of purposes, and regenerate it from the...

Exploits0
Schneier on Security
Schneier on Security
added 2020/08/21 9:11 p.m.32 views

Friday Squid Blogging: Rhode Island's State Appetizer Is Calamari

Rhode Island has an official state appetizer, and it's calamari. Who knew? As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/21 11:3 a.m.21 views

Yet Another Biometric: Bioacoustic Signatures

Sound waves through the body are unique enough to be a biometric: "Modeling allowed us to infer what structures or material features of the human body actually differentiated people," explains Joo Yong Sim, one of the ETRI researchers who conducted the study. "For example, we could see how the...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/20 11:22 a.m.30 views

Copying a Key by Listening to It in Action

Researchers are using recordings of keys being used in locks to create copies. Once they have a key-insertion audio file, SpiKey's inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock's pins and you can hear those filtered clicks...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/18 3:3 p.m.18 views

Using Disinformation to Cause a Blackout

Interesting paper: "How weaponizing disinformation can bring down a city's power grid": Abstract: Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/18 11:3 a.m.20 views

Vaccine for Emotet Malware

Interesting story of a vaccine for the Emotet malware: Through trial and error and thanks to subsequent Emotet updates that refined how the new persistence mechanism worked, Quinn was able to put together a tiny PowerShell script that exploited the registry key mechanism to crash Emotet itself. T...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/17 11:22 a.m.26 views

Robocall Results from a Telephony Honeypot

A group of researchers set up a telephony honeypot and tracked robocall behavior: NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls -- even if they never made their phone numbers publ...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/14 9:5 p.m.58 views

Friday Squid Blogging: Editing the Squid Genome

Scientists have edited the genome of the Doryteuthis pealeii squid with CRISPR. A first. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/14 5:15 p.m.29 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving a keynote address at the Cybersecurity and Data Privacy Law virtual conference on September 9, 2020. The list is maintained on this page...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/14 1:59 p.m.32 views

Drovorub Malware

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/13 2:28 p.m.16 views

UAE Hack and Leak Operations

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates UAE, Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" ­-- deliberate...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/12 11:8 a.m.17 views

Cryptanalysis of an Old Zip Encryption Algorithm

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here...

1.9AI score
Exploits0
Total number of security vulnerabilities2980