Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2020/06/15 11:6 a.m.22 views

Examining the US Cyber Budget

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5...

Exploits0
Schneier on Security
Schneier on Security
added 2020/06/12 9:3 p.m.22 views

Friday Squid Blogging: Human Cells with Squid-Like Transparency

I think we need more human organs with squid-like features. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/12 11:23 a.m.32 views

Facebook Helped Develop a Tails Exploit

This is a weird story: Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. According to Vice, the FBI ha...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/11 11:40 a.m.25 views

Another Intel Speculative Execution Vulnerability

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research into the Intel ME vulnerability -- have shown researchers where to look, more is coming --...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/10 11:31 a.m.22 views

Availability Attacks against Neural Networks

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/09 11:26 a.m.26 views

Security Analysis of the Democracy Live Online Voting System

New research: "Security Analysis of the Democracy Live Online Voting System": Abstract: Democracy Live's OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and optionally online voting. Three states -- Delaware, West Virginia, and New Jersey -- recently announced...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/08 6:33 p.m.24 views

Gene Spafford on Internet Voting

Good interview...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/08 11:13 a.m.41 views

Phishing Attacks against Trump and Biden Campaigns

Google's threat analysts have identified state-level attacks from China. I hope both campaigns are working under the assumption that everything they say and do will be dumped on the Internet before the election. That feels like the most likely outcome...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/05 9:19 p.m.51 views

Friday Squid Blogging: Shark vs. Squid

National Geographic has a photo of a 7-foot long shark that fought a giant squid and lived to tell the tale. Or, at least, lived to show off the suction marks on his skin. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blo...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/05 11:13 a.m.27 views

New Research: "Privacy Threats in Intimate Relationships"

I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/04 11:24 a.m.31 views

Zoom's Commitment to User Security Depends on Whether you Pay It or Not

Zoom was doing so well.... And now we have this: Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure ...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/03 11:11 a.m.25 views

Wallpaper that Crashes Android Phones

This is interesting: The image, a seemingly innocuous sunset or dawn sky above placid waters, may be viewed without harm. But if loaded as wallpaper, the phone will crash. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe's Twitter...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/02 11:27 a.m.32 views

"Sign in with Apple" Vulnerability

Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD 6/2: Another story...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/01 11:8 a.m.30 views

Password Changing After a Breach

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/29 9:7 p.m.42 views

Friday Squid Blogging: Humboldt Squid Communication

Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/29 5:2 p.m.32 views

Bogus Security Technology: An Anti-5G USB Stick

The 5GBioShield sells for £339.60, and the description sounds like snake oil: ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/29 11:37 a.m.41 views

Facebook Announces Messenger Security Features that Don't Compromise Privacy

Note that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provid...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/28 11:50 a.m.26 views

Thermal Imaging as Security Theater

Seems like thermal imaging is the security theater technology of today. These features are so tempting that thermal cameras are being installed at an increasing pace. They're used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/27 11:45 a.m.38 views

Websites Conducting Port Scans

Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors. Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/26 11:54 a.m.29 views

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability called BIAS that allows someone to impersonate a trusted device: Abstract: Bluetooth BR/EDR is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/22 9:12 p.m.101 views

Friday Squid Blogging: Squid Can Edit Their Own Genomes

This is new news: Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon -- the long, slender neural projections that transmit electrical...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/21 11:29 a.m.37 views

Ann Mitchell, Bletchley Park Cryptanalyst, Dies

Obituary...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/20 7:8 p.m.33 views

Bart Gellman on Snowden

Bart Gellman's long-awaited at least by me book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State, will finally be published in a couple of weeks. There is an adapted excerpt in the Atlantic. It's an interesting read, mostly about the government surveillance of hi...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/20 11:26 a.m.40 views

Criminals and the Normalization of Masks

I was wondering about this: Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/19 11:18 a.m.33 views

AI and Cybersecurity

Ben Buchanan has written "A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It's really good -- well worth reading...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/18 11:15 a.m.35 views

Ramsey Malware

A new malware, called Ramsey, can jump air gaps: ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 Ramsay v1, and two others in early and late March 2020 Ramsay v2.a and v2.b. Each version was different and infected victims...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/15 9:19 p.m.46 views

Friday Squid Blogging: Vegan "Squid" Made from Chickpeas

It's beyond Beyond Meat. A Singapore company wants to make vegan "squid" -- and shrimp and crab -- from chickpeas. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/15 11:43 a.m.35 views

On Marcus Hutchins

Long and nuanced story about Marcus Hutchins, the British hacker who wrote most of the Kronos malware and also stopped WannaCry in real time. Well worth reading...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/14 11:29 a.m.43 views

US Government Exposes North Korean Malware

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. The first of the new malware variants, COPPERHEDGE, is described as a Remote Access Tool RAT "used by advanced persistent threat APT cyber...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/13 1:49 p.m.23 views

New US Electronic Warfare Platform

The Army is developing a new electronic warfare pod capable of being put on drones and on trucks. ...the Silent Crow pod is now the leading contender for the flying flagship of the Army's rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/12 11:9 a.m.34 views

Attack Against PC Thunderbolt Port

The attack requires physical access to the computer, but it's pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/11 3:58 p.m.29 views

Another California Data Privacy Law

The California Consumer Privacy Act is a lesson in missed opportunities. It was passed in haste, to stop a ballot initiative that would have been even more restrictive: In September 2017, Alastair Mactaggart and Mary Ross proposed a statewide ballot initiative entitled the "California Consumer...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/08 9:17 p.m.63 views

Friday Squid Blogging: Jurassic Squid Attack

It's the oldest squid attack on record: An ancient squid-like creature with 10 arms covered in hooks had just crushed the skull of its prey in a vicious attack when disaster struck, killing both predator and prey, according to a Jurassic period fossil of the duo found on the southern coast of...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/08 2:46 p.m.22 views

Used Tesla Components Contain Personal Information

Used Tesla components, sold on eBay, still contain personal information, even after a factory reset. This is a decades-old problem. It's a problem with used hard drives. It's a problem with used photocopiers and printers. It will be a problem with IoT devices. It'll be a problem with everything,...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/07 2:56 p.m.50 views

iOS XML Bug

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS and MacOS...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/06 11:47 a.m.24 views

ILOVEYOU Virus

It's the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design...

4.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/05 11:3 a.m.27 views

Malware in Google Apps

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam. At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/04 11:42 a.m.10 views

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/01 9:6 p.m.46 views

Friday Squid Blogging: Cocaine Smuggled in Squid

Makes sense; there's room inside a squid's body cavity: Latin American drug lords have sent bumper shipments of cocaine to Europe in recent weeks, including one in a cargo of squid, even though the coronavirus epidemic has stifled legitimate transatlantic trade, senior anti-narcotics officials sa...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/01 11:22 a.m.55 views

Me on COVID-19 Contact Tracing Apps

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mea...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/30 3:24 p.m.30 views

Securing Internet Videoconferencing Apps: Zoom and Others

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/29 5:29 p.m.27 views

How Did Facebook Beat a Federal Wiretap Demand?

This is interesting: Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Lawyers for the ACLU and t...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/28 3:38 p.m.28 views

Fooling NLP Systems Through Word Swapping

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/27 11:13 a.m.31 views

Automatic Instacart Bots

Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/24 9:15 p.m.47 views

Friday Squid Blogging: Humboldt Squid Backlight Themselves to Communicate More Clearly

This is neat: Deep in the Pacific Ocean, six-foot-long Humboldt squid are known for being aggressive, cannibalistic and, according to new research, good communicators. Known as "red devils," the squid can rapidly change the color of their skin, making different patterns to communicate, something...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/24 11:2 a.m.30 views

Global Surveillance in the Wake of COVID-19

OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/23 5:1 p.m.40 views

Chinese COVID-19 Disinformation Campaign

The New York Times is reporting on state-sponsored disinformation campaigns coming out of China: Since that wave of panic, United States intelligence agencies have assessed that Chinese operatives helped push the messages across platforms, according to six American officials, who spoke on the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/22 2:12 p.m.36 views

New iPhone Zero-Day Discovered

Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/21 11:22 a.m.28 views

Another Story of Bad 1970s Encryption

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/20 11:22 a.m.37 views

Vulnerability Finding Using Machine Learning

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply mo...

0.3AI score
Exploits0
Total number of security vulnerabilities2980