Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2020/08/11 11:0 a.m.19 views

Collecting and Selling Mobile Phone Location Data

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/10 11:23 a.m.21 views

Smart Lock Vulnerability

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/07 9:8 p.m.35 views

Friday Squid Blogging: New SQUID

There's a new SQUID: A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Devi...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/06 5:15 p.m.30 views

The NSA on the Risks of Exposing Location Data

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action bas...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/04 11:2 a.m.27 views

Cybercrime in the Age of COVID-19

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic. EDITED TO ADD 8/12: Interpol report...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/03 4:54 p.m.20 views

BlackBerry Phone Cracked

Australia is reporting that a BlackBerry device has been cracked after five years: An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations. In...

4.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/31 9:3 p.m.33 views

Twitter Hacker Arrested

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments. EDITED TO ADD 8/1: Two others have been charged as well. EDITED TO ADD 8/1...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/31 9:0 p.m.36 views

Friday Squid Blogging: Squid Proteins for a Better Face Mask

Researchers are synthesizing squid proteins to create a face mask that better survives cleaning. And you thought there was no connection between squid and COVID-19. The military thinks this might have applications for self-healing robots. As usual, you can also use this squid post to talk about t...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/31 7:4 p.m.16 views

Data and Goliath Book Placement

Notice the copy of Data and Goliath just behind the head of Maine Senator Angus King. This demonstrates the importance of a vibrant color and a large font...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/30 7:56 p.m.33 views

Fake Stories in Real News Sites

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story: The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NA...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/28 11:40 a.m.22 views

Survey of Supply Chain Attacks

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary: 1. Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/27 2:46 p.m.25 views

Images in Eye Reflections

In Japan, a cyberstalker located his victim by enhancing the reflections in her eye, and using that information to establish a location. Reminds me of the image enhancement scene in Blade Runner. That was science fiction, but now image resolution is so good that we have to worry about it...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/24 9:7 p.m.29 views

Friday Squid Blogging: Introducing the Seattle Kraken

The Kraken is the name of Seattle's new NFL franchise. I have always really liked collective nouns as sports team names like the Utah Jazz or the Minnesota Wild, mostly because it's hard to describe individual players. As usual, you can also use this squid post to talk about the security stories ...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/24 11:36 a.m.21 views

Update on NIST's Post-Quantum Cryptography Program

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology NIST has winnowed the 69...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/23 11:3 a.m.25 views

Adversarial Machine Learning and the CFAA

I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla,...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/22 2:12 p.m.14 views

Fawkes: Digital Image Cloaking

Fawkes is a system for manipulating digital images so that they aren't recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then u...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/21 11:9 a.m.18 views

Hacking a Power Supply

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers. Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can ...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/20 1:49 p.m.24 views

On the Twitter Hack

Twitter was hacked this week. Not a few people's Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. Those are the people trusted to ensure that Twitter functions smoothly. The...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/17 9:13 p.m.41 views

Friday Squid Blogging: Squid Found on Provincetown Sandbar

Headline: "Dozens of squid found on Provincetown sandbar." Slow news day. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/17 11:4 a.m.19 views

Twitter Hackers May Have Bribed an Insider

Motherboard is reporting that this week's Twitter hack involved a bribed insider. Twitter has denied it. I have been taking press calls all day about this. And while I know everyone wants to speculate about the details of the hack, we just don't know -- and probably won't for a couple of weeks...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/15 2:29 p.m.21 views

NSA on Securing VPNs

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents a full and an abridged version on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/14 11:17 a.m.20 views

Enigma Machine for Sale

A four-rotor Enigma machine -- with rotors -- is up for auction...

4.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/13 11:21 a.m.27 views

A Peek into the Fake Review Marketplace

A personal account of someone who was paid to buy products on Amazon and leave fake reviews. Fake reviews are one of the problems that everyone knows about, and no one knows what to do about -- so we all try to pretend doesn't exist...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/10 9:9 p.m.25 views

Friday Squid Blogging: China Closing Its Squid Spawning Grounds

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/10 4:48 p.m.12 views

EFF's 30th Anniversary Livestream

It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more. Stop by. And thank you for supporting EF...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/10 11:12 a.m.29 views

Business Email Compromise (BEC) Criminal Ring

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/09 11:16 a.m.18 views

Traffic Analysis of Home Security Cameras

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/08 11:41 a.m.28 views

Half a Million IoT Passwords Leaked

It is amazing that this sort of thing can still happen: ...the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using 1 factory-set default usernames and passwords, or 2 custom, but easy-to-guess password combinations. Telne...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/07 11:38 a.m.27 views

IoT Security Principles

The BSA -- also known as the Software Alliance, formerly the Business Software Alliance which explains the acronym -- is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things." They call for: Distinguishing between consumer and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/06 11:43 a.m.27 views

ThiefQuest Ransomware for the Mac

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/03 9:7 p.m.15 views

Friday Squid Blogging: Strawberry Squid

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/03 3:39 p.m.36 views

EncroChat Hacked by Police

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/02 2:26 p.m.17 views

The Security Value of Inefficiency

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that's all profitable. Inefficiency, on th...

Exploits0
Schneier on Security
Schneier on Security
added 2020/07/01 2:31 p.m.18 views

Securing the International IoT Supply Chain

Together with Nate Kim former student and Trey Herr Atlantic Council Cyber Statecraft Initiative, I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/30 3:15 p.m.15 views

Android Apps Stealing Facebook Credentials

Google has removed 25 Android apps from its store because they steal Facebook credentials: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/29 3:24 p.m.25 views

iPhone Apps Stealing Clipboard Data

iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a bann...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/26 8:57 p.m.14 views

Friday Squid Blogging: Fishing for Jumbo Squid

Interesting article on the rise of the jumbo squid industry as a result of climate change. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/26 12:0 p.m.19 views

The Unintended Harms of Cybersecurity

Interesting research: "Identifying Unintended Harms of Cybersecurity Countermeasures": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures technologies or procedures to manage risks to their services or systems. In some cases, those countermeasures will produce unintended...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/25 12:9 p.m.20 views

Analyzing IoT Security Best Practices

New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things IoT security have recently attracted considerable attention worldwide from industry and governments, while academic research...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/24 5:32 p.m.43 views

COVID-19 Risks of Flying

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled. This is all a prelude to saying that I have be...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/24 11:30 a.m.28 views

Cryptocurrency Pump and Dump Scams

Really interesting research: "An examination of the cryptocurrency pump and dump ecosystem": Abstract: The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/23 11:22 a.m.24 views

Nation-State Espionage Campaigns against Middle East Defense Contractors

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about "several hints suggesting a possible link" to the Lazarus group aka North Korea, but that's by no means definite. As part of the initial compromise phase, the Operation Interception...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/22 12:35 p.m.30 views

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police c...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/19 9:15 p.m.47 views

Friday Squid Blogging: Giant Squid Washes Up on South African Beach

Fourteen feet long and 450 pounds. It was dead before it washed up. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/19 7:9 p.m.23 views

Security and Human Behavior (SHB) 2020

Today is the second day of the thirteenth Workshop on Security and Human Behavior. It's being hosted by the University of Cambridge, which in today's world means we're all meeting on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/19 11:38 a.m.26 views

New Hacking-for-Hire Company in India

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/18 11:34 a.m.22 views

Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach -- allegedly committed by a CIA employee -- was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/17 6:55 p.m.27 views

Zoom Will Be End-to-End Encrypted for All Users

Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. This is a change; I wrote about the initial decision here. ...we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/17 11:21 a.m.29 views

Bank Card "Master Key" Stolen

South Africa's Postbank experienced a catastrophic security failure. The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/16 3:20 p.m.20 views

Eavesdropping on Sound Using Variations in Light Bulbs

New research is able to recover sound waves in a room by observing minute changes in the room's light bulbs. This technique works from a distance, even from a building across the street through a window. Details: In an experiment using three different telescopes with different lens diameters from...

6.9AI score
Exploits0
Total number of security vulnerabilities2980