Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2020/04/17 9:10 p.m.69 views

Friday Squid Blogging: On the Efficacy of Squid as Bait

How to use squid as bait. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/17 3:35 p.m.27 views

The DoD Isn't Fixing Its Security Problems

It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/16 3:34 p.m.25 views

California Needlessly Reduces Privacy During COVID-19 Pandemic

This one isn't even related to contact tracing: On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 the Order, which relaxes various telehealth...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/14 6:28 p.m.22 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm being interviewed on "Hacking in the Public Interest" as part of the Black Hat Webcast Series, on Thursday, April 16, 2020 at 2:00 PM EDT. The list is maintained on this page...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/14 12:48 p.m.30 views

Ransomware Now Leaking Stolen Documents

Originally, ransomware didn't involve any data theft. Malware would encrypt the data on your computer, and demand a ransom for the encryption key. Now ransomware is increasingly involving both encryption and exfiltration. Brian Krebs wrote about this in December. It's a further incentive for the...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/13 11:48 a.m.34 views

Contact Tracing COVID-19 Infections via Smartphone Apps

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Details, such as we have them, are here. It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/10 9:4 p.m.66 views

Friday Squid Blogging: Amazingly Realistic Squid Drawings

The squid drawings of Yuuki Tokuda are simply incredible. I tried to figure out how to buy one of them, but everything is in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/10 11:24 a.m.57 views

Kubernetes Security

Attack matrix for Kubernetes, using the MITRE ATT framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/09 11:45 a.m.43 views

Microsoft Buys Corp.com

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as "namespace collision," a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains th...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/08 11:37 a.m.37 views

RSA-250 Factored

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference 2.1GHz: RSA-250 sieving: 2450 physical core-years RSA-25...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/07 3:0 p.m.39 views

Cybersecurity During COVID-19

Three weeks ago could it possibly be that long already?, I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/06 4:26 p.m.37 views

Emotet Malware Causes Physical Damage

Microsoft is reporting that an Emotet malware infection shut down a network by causing computers to overheat and then crash. The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/03 9:30 p.m.53 views

Friday Squid Blogging: On Squid Communication

They can communicate using bioluminescent flashes: New research published this week in Proceedings of the National Academy of Sciences presents evidence for a previously unknown semantic-like ability in Humboldt squid. What's more, these squid can enhance the visibility of their skin patterns by...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/03 3:10 p.m.106 views

Security and Privacy Implications of Zoom

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom. Over that same period, the company has been exposed for...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/03 11:21 a.m.35 views

Bug Bounty Programs Are Being Used to Buy Silence

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/02 4:33 p.m.38 views

Marriott Was Hacked -- Again

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details e.g., name, mailing address, email address, an...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/04/01 11:53 a.m.31 views

Dark Web Hosting Provider Hacked

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/31 12:51 p.m.26 views

Clarifying the Computer Fraud and Abuse Act

A federal court has ruled that violating a website's terms of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/30 11:32 a.m.39 views

Privacy vs. Surveillance in the Age of COVID-19

The trade-offs are changing: As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/27 9:28 p.m.65 views

Friday Squid Blogging: Squid Can Edit Their Own Genome

Amazing: Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon -- the long, slender neural projections that transmit electrical impulses to...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/27 11:3 a.m.24 views

Story of Gus Weiss

This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/26 11:27 a.m.29 views

On Cyber Warranties

Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk as envisioned by Ackerlof's "market for lemons" or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome t...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/25 11:33 a.m.36 views

Facial Recognition for People Wearing Masks

The Chinese facial recognition company Hanwang claims it can recognize people wearing masks: The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/24 11:1 a.m.33 views

Internet Voting in Puerto Rico

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/23 11:19 a.m.31 views

Hacking Voice Assistants with Ultrasonic Waves

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves: Voice assistants -- the demo targeted Siri, Google Assistant, and Bixby -- are designed to respond when they detect the owner's voice after noticing a trigger phrase such as...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/20 9:18 p.m.55 views

Friday Squid Blogging: Squid Orders Down in Italy

COVID-19 is depressing the demand for squid in Italy. The article is a week old, and already seems almost comically quaint. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/20 11:25 a.m.36 views

Emergency Surveillance During COVID-19 Crisis

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With th...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/19 11:49 a.m.35 views

Work-from-Home Security Advice

SANS has made freely available its "Work-from-Home Awareness Kit." When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/18 12:45 p.m.25 views

The Insecurity of WordPress and Apache Struts

Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/16 2:31 p.m.35 views

TSA Admits Liquid Ban Is Security Theater

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/13 9:2 p.m.52 views

Friday Squid Blogging: New Report on Squid Markets

This report costs $2,000. Please don't buy it for me. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/13 11:20 a.m.46 views

The EARN-IT Act

Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it's really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a "National Commission on Online Child Sexual Exploitation...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/12 11:30 a.m.35 views

The Whisper Secret-Sharing App Exposed Locations

This is a big deal: Whisper, the secret-sharing app that called itself the "safest place on the Internet," left years of users' most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/11 3:52 p.m.29 views

LA Covers Up Bad Cybersecurity

This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor...

4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/10 11:18 a.m.32 views

CIA Dirty Laundry Aired

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA's security that it wasn't...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/09 11:36 a.m.31 views

Cybersecurity Law Casebook

Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/06 10:6 p.m.64 views

Friday Squid Blogging: The Effect of Noise on Squid

Two articles. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/06 1:48 p.m.31 views

More on Crypto AG

One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end: ...in South America, for instance, many of the governments that were using Crypto...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/05 12:10 p.m.58 views

Security of Health Information

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization WHO, the US Centers for Disease Control and Prevention CDC, and other public-health agencies are gathering information...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/04 12:46 p.m.64 views

Let's Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/03/03 12:43 p.m.108 views

Wi-Fi Chip Vulnerability

There's a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices,...

2.9CVSS1.1AI score0.07709EPSS
Exploits7
Schneier on Security
Schneier on Security
added 2020/03/02 12:28 p.m.40 views

Facebook's Download-Your-Data Tool Is Incomplete

Privacy International has the details: Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/28 10:8 p.m.56 views

Friday Squid Blogging: Squid Eggs

Cool photo. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. EDITED TO ADD 3/4: I just deleted a slew of comments about COVID 19. I may reinstate some of them later; right now I want some time t...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/28 7:53 p.m.45 views

Humble Bundle's 2020 Cybersecurity Books

For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/28 5:57 p.m.58 views

Deep Learning to Find Malicious Email Attachments

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/27 12:3 p.m.27 views

Securing the Internet of Things through Class-Action Lawsuits

This law journal article discusses the role of class-action litigation to secure the Internet of Things. Basically, the article postulates that 1 market realities will produce insecure IoT devices, and 2 political failures will leave that industry unregulated. Result: insecure IoT. It proposes...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/26 12:8 p.m.33 views

Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigatio...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/25 3:15 p.m.29 views

Firefox Enables DNS over HTTPS

This is good news: Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/24 12:27 p.m.30 views

Russia Is Trying to Tap Transatlantic Cables

The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe. The cables enable millions of people to communicate and allow financi...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/21 10:19 p.m.70 views

Friday Squid Blogging: 13-foot Giant Squid Caught off New Zealand Coast

It's probably a juvenile: Researchers aboard the New Zealand-based National Institute of Water and Atmospheric Research Ltd NIWA research vessel Tangaroa were on an expedition to survey hoki, New Zealand's most valuable commercial fish, in the Chatham Rise ­ an area of ocean floor to the east of...

1AI score
Exploits0
Total number of security vulnerabilities2980