Lucene search
K
SchneierRecent

2980 matches found

Schneier on Security
Schneier on Security
added 2020/02/21 8:4 p.m.64 views

Inrupt, Tim Berners-Lee's Solid, and Me

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/21 11:54 a.m.49 views

Policy vs Technology

Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. He didn'...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/20 8:23 p.m.28 views

Internet of Things Candle

There's a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong?...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/18 12:9 p.m.75 views

Hacking McDonald's for Free Food

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/17 12:35 p.m.34 views

Voatz Internet Voting App Is Insecure

This paper describes the flaws in the Voatz Internet voting app: "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections." Abstract: In the 2018 midterm elections, West Virginia became the first state in the...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/14 10:11 p.m.49 views

Friday Squid Blogging: Squids Are as Intelligent as Dogs

More news based on the squid brain MRI scan: the complexity of their brains are comparable to dogs. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/14 7:3 p.m.51 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/14 12:7 p.m.41 views

DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers a minimum of three and up to seven from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper,...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/13 3:20 p.m.24 views

A US Data Protection Agency

The United States is one of the few democracies without some formal data protection agency, and we need one. Senator Gillibrand just proposed creating one...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/12 4:26 p.m.33 views

Companies that Scrape Your Email

Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/11 4:42 p.m.35 views

Crypto AG Was Owned by the CIA

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. They were owned by the CIA: But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/10 12:6 p.m.30 views

Apple's Tracking-Prevention Feature in Safari has a Privacy Bug

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the we...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/07 10:11 p.m.58 views

Friday Squid Blogging: An MRI Scan of a Squid's Brain

This paper30562-0 is filled with brain science that I do not understand news article, but fails to answer what I consider to be the important question: how do you keep a live squid still for long enough to do an MRI scan on them? As usual, you can also use this squid post to talk about the securi...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/07 6:50 p.m.59 views

Security in 2020: Revisited

Ten years ago, I wrote an essay: "Security in 2020." Well, it's finally 2020. I think I did pretty well. Here's what I said back then: There's really no such thing as security in the abstract. Security can only be defined in relation to something else. You're secure from something or against...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/07 3:42 p.m.27 views

New Ransomware Targets Industrial Control Systems

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encry...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/06 12:14 p.m.29 views

A New Clue for the Kryptos Sculpture

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/05 12:10 p.m.41 views

Tree Code

Artist Katie Holten has developed a tree code basically, a font in trees, and New York City is using it to plant secret messages in parks...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/04 12:21 p.m.33 views

New Research on the Adtech Industry

The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space. From a Twitter summary: 1. thread We are filing legal complaints against six...

Exploits0
Schneier on Security
Schneier on Security
added 2020/02/03 12:24 p.m.56 views

Attacking Driverless Cars with Projected Images

Interesting research -- "Phantom Attacks Against Advanced Driving Assistance Systems": Abstract: The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems ADASs and autopilots of semi/fully autonomous cars to validate their virtual perception...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/31 9:58 p.m.62 views

Friday Squid Blogging: The Pterosaur Ate Squid

New research: "Pterosaurs ate soft-bodied cephalopods Coleiodea." News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/31 7:36 p.m.43 views

NSA Security Awareness Posters

From a FOIA request, over a hundred old NSA security awareness posters. Here are the BBC's favorites. Here are Motherboard's favorites. I have a related personal story. Back in 1993, during the first Crypto Wars, I and a handful of other academic cryptographers visited the NSA for some meeting or...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/31 12:46 p.m.32 views

U.S. Department of Interior Grounding All Drones

The Department of Interior is grounding all non-emergency drones due to security concerns: The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/30 2:39 p.m.33 views

Collating Hacked Data Sets

Two Harvard undergraduates completed a project where they went out on the dark web and found a bunch of stolen datasets. Then they correlated all the information, and combined it with additional, publicly available, information. No surprise: the result was much more detailed and personal. "What w...

Exploits0
Schneier on Security
Schneier on Security
added 2020/01/29 12:20 p.m.49 views

Customer Tracking at Ralphs Grocery Store

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here's an article about Ralphs, a California supermarket chain owned by Kroger: ...the form proceeds to state...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/28 12:53 p.m.37 views

Google Receives Geofence Warrants

Sometimes it's hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants, where the police go to...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/27 6:21 p.m.35 views

Modern Mass Surveillance: Identify, Correlate, Discriminate

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts a statewide ban may follow. In December, San Dieg...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/27 12:3 p.m.33 views

Smartphone Election in Washington State

This year: King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, the...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/24 10:18 p.m.65 views

Friday Squid Blogging: More on the Giant Squid's DNA

Following on from last week's post, here's more information on sequencing the DNA of the giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/24 2:34 p.m.35 views

Technical Report of the Bezos Phone Hack

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman. ...investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/23 12:10 p.m.29 views

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/22 12:9 p.m.37 views

Half a Million IoT Device Passwords Published

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT Internet of...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/21 9:23 p.m.26 views

Brazil Charges Glenn Greenwald with Cybercrimes

Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking: Citing intercepted messages between Mr. Greenwald and the...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/21 12:30 p.m.33 views

SIM Hijacking

SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take ov...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/20 2:53 p.m.40 views

Clearview AI and Facial Recognition

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognitio...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/17 10:19 p.m.73 views

Friday Squid Blogging: Giant Squid Genome Analyzed

This is fantastic work: In total, the researchers identified approximately 2.7 billion DNA base pairs, which is around 90 percent the size of the human genome. There's nothing particularly special about that size, especially considering that the axolotl genome is 10 times larger than the human...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/16 4:1 p.m.29 views

Securing Tiffany's Move

Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/15 12:38 p.m.95 views

Critical Windows Vulnerability Discovered by NSA

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a...

5.8CVSS0.2AI score0.89436EPSS
Exploits14
Schneier on Security
Schneier on Security
added 2020/01/14 7:0 p.m.18 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/14 1:42 p.m.26 views

5G Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping i...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/13 2:21 p.m.31 views

Artificial Personas and Public Discourse

Presidential campaign season is officially, officially, upon us now, which means it's time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: artificial personas are coming, and they're poised to take over political debate...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/10 10:9 p.m.60 views

Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta

A Croatian recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/10 2:41 p.m.39 views

Police Surveillance Tools from Special Services Group

Special Services Group, a company that sells surveillance tools to the FBI, DEA, ICE, and other US government agencies, has had its secret sales brochure published. Motherboard received the brochure as part of a FOIA request to the Irvine Police Department in California. "The Tombstone Cam is our...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/08 3:38 p.m.33 views

New SHA-1 Attack

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: ...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/07 12:3 p.m.34 views

USB Cable Kill Switch for Laptops

BusKill is designed to wipe your laptop Linux only if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/06 12:20 p.m.31 views

Mailbox Master Keys

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/03 10:25 p.m.86 views

Friday Squid Blogging: Giant Squid Video from the Gulf of Mexico

Fantastic video: Scientists had used a specialized camera system developed by Widder called the Medusa, which uses red light undetectable to deep sea creatures and has allowed scientists to discover species and observe elusive ones. The probe was outfitted with a fake jellyfish that mimicked the...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/03 12:9 p.m.40 views

Chrome Extension Stealing Cryptocurrency Keys and Passwords

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds ETH coins and ERC0-based tokens managed directly inside the extension are at risk. Denley says that the extension sends the priva...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/02 5:2 p.m.39 views

Mysterious Drones Are Flying over Colorado

No one knows who they belong to. Well, of course someone knows. And my guess is that it's likely that we will know soon. EDITED TO ADD 1/3: Another article...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/30 4:20 p.m.29 views

Hacking School Surveillance Systems

Lance Vick suggesting that students hack their schools' surveillance systems. "This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said. Of course, there are a lot more laws in place against this sort of thing than there...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/27 10:13 p.m.82 views

Friday Squid Blogging: New Species of Bobtail Squid

Euprymna brenneri was discovered in the waters of Okinawa. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2AI score
Exploits0
Total number of security vulnerabilities2980