Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2019/12/24 7:13 p.m.85 views

ToTok Is an Emirati Spying Tool

The smartphone messaging app ToTok is actually an Emirati spying tool: But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/20 10:6 p.m.64 views

Friday Squid Blogging: Streamlined Quick Unfolding Investigation Drone

Yet another squid acronym. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/19 12:31 p.m.39 views

Lousy IoT Security

DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards e.g. meeting notes and other sensitive files...

0.3AI score0.02327EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/18 11:34 a.m.47 views

Attacker Causes Epileptic Seizure over the Internet

This isn't a first, but I think it will be the first conviction: The GIF set off a highly unusual court battle that is expected to equip those in similar circumstances with a new tool for battling threatening trolls and cyberbullies. On Monday, the man who sent Eichenwald the moving image, John...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/17 12:5 p.m.41 views

Iranian Attacks on Industrial Control Systems

New details: At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company's threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium,...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/16 12:0 p.m.41 views

Security Vulnerabilities in the RCS Texting Protocol

Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/14 7:0 p.m.67 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020. The list is maintained on this page...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/13 10:2 p.m.67 views

Friday Squid Blogging: Color-Changing Properties of the Opalescent Inshore Squid

Interesting stuff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/13 12:1 p.m.45 views

EFF on the Mechanics of Corporate Surveillance

EFF has published a comprehensible and very readable "deep dive" into the technologies of corporate surveillance, both on the Internet and off. Well worth reading and sharing. Boing Boing post...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/12 12:11 p.m.47 views

Scaring People into Supporting Backdoors

Back in 1998, Tim May warned us of the "Four Horsemen of the Infocalypse": "terrorists, pedophiles, drug dealers, and money launderers." I tended to cast it slightly differently. This is me from 2005: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, an...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/11 12:19 p.m.41 views

Extracting Data from Smartphones

Privacy International has published a detailed, technical examination of how data is extracted from smartphones...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/10 12:16 p.m.14 views

Reforming CDA 230

There's a serious debate on reforming Section 230 of the Communications Decency Act. I am in the process of figuring out what I believe, and this is more a place to put resources and listen to people's comments. The EFF has written extensively on why it is so important and dismantling it will be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/09 11:56 a.m.42 views

Failure Modes in Machine Learning

Interesting taxonomy of machine-learning failures pdf that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for threat modeling...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/06 10:20 p.m.84 views

Friday Squid Blogging: Squidfall Safety

Watchmen supporting material. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/06 12:55 p.m.33 views

Andy Ellis on Risk Assessment

Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I've written about this before. One quote of mine: "The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/05 12:6 p.m.46 views

Election Machine Insecurity Story

Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge's race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across mor...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/04 12:4 p.m.41 views

Becoming a Tech Policy Activist

Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It's a powerful call for public-interest technologists...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/03 8:12 p.m.35 views

RSA-240 Factored

This just in: We are pleased to announce the factorization of RSA-240, from RSA's challenge list, and the computation of a discrete logarithm of the same size 795 bits: RSA-240 = 12462036678171878406583504460810659043482037465167880575481878888328...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/03 12:19 p.m.44 views

The Story of Tiversa

The New Yorker has published the long and interesting story of the cybersecurity firm Tiversa. Watching "60 Minutes," Boback saw a remarkable new business angle. Here was a multibillion-dollar industry with a near-existential problem and no clear solution. He did not know it then, but, as he turn...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/02 11:56 a.m.46 views

Cameras that Automatically Detect Mobile Phone Use

New South Wales is implementing a camera system that automatically detects when a driver is using a mobile phone...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/29 10:13 p.m.75 views

Friday Squid Blogging: Squid-Like Underwater Drone

The Sea Hunting Autonomous Reconnaissance Drone SHARD swims like a squid and can explode on command. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/29 11:43 a.m.85 views

Manipulating Machine Learning Systems by Manipulating Training Data

Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-ti...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/27 9:34 p.m.80 views

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/22 10:19 p.m.52 views

Friday Squid Blogging: T-Shirt

"Squid Pro Quo" T-shirt. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/22 12:16 p.m.36 views

The NSA Warns of TLS Inspection

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection TLSI, also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/21 12:26 p.m.30 views

GPS Manipulation

Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand. The Shanghai "crop circles," which somehow spoof each vessel to a different false location, are something new. "I'm still puzzled by this," says Humphreys. "I...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/20 12:52 p.m.32 views

Iran Has Shut Off its Internet

Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns. TITLE EDITED TO REDUCE CONFUSION...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/18 12:33 p.m.47 views

Security Vulnerabilities in Android Firmware

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and ...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/15 10:13 p.m.95 views

Friday Squid Blogging: Planctotuethis Squid

Neat video, and an impressive-looking squid. I can't figure out how long it is. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/15 3:36 p.m.95 views

TPM-Fail Attacks Against Cryptographic Coprocessors

Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks, by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module TPM serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/14 7:17 p.m.47 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking on "Securing a World of Physically Capable Computers" at the Indian Institute of Science in Bangalore, India on December 12, 2019. The list is maintained on this page...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/14 1:4 p.m.65 views

Technology and Policymakers

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/13 12:16 p.m.52 views

NTSB Investigation of Fatal Driverless Car Accident

Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/12 12:15 p.m.37 views

Identifying and Arresting Ransomware Criminals

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's vid...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/11 12:14 p.m.87 views

Fooling Voice Assistants with Lasers

Interesting: Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible­ -- and sometimes invisible­ -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/08 10:20 p.m.70 views

Friday Squid Blogging: 80-Foot Steel Kraken Deliberately Sunk

The headline gives the story: "An 80-Foot Steel Kraken Will Create an Artificial Coral Reef Near the British Virgin Islands." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/08 12:10 p.m.39 views

xHelper Malware for Android

xHelper is not interesting because of its infection mechanism; the user has to side-load an app onto his phone. It's not interesting because of its payload; it seems to do nothing more than show unwanted ads. it's interesting because of its persistence: Furthermore, even if users spot the xHelper...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/07 12:5 p.m.63 views

Eavesdropping on SMS Messages inside Telco Networks

Fireeye reports on a Chinese-sponsored espionage effort to eavesdrop on text messages: FireEye Mandiant recently discovered a new malware family used by APT41 a Chinese APT group that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/06 12:19 p.m.24 views

Details of an Airbnb Fraud

This is a fascinating article about a bait-and-switch Airbnb fraud. The article focuses on one particular group of scammers and how they operate, using the fact that Airbnb as a company doesn't do much to combat fraud on its platform. But I am more interested in how the fraudsters essentially...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/05 12:15 p.m.44 views

Obfuscation as a Privacy Tool

This essay discusses the futility of opting out of surveillance, and suggests data obfuscation as an alternative. We can apply obfuscation in our own lives by using practices and technologies that make use of it, including: The secure browser Tor, which among other anti-surveillance technologies...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/04 12:6 p.m.51 views

Homemade TEMPEST Receiver

Tom's Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing. Elliott, a researcher at Boston-based...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/01 9:12 p.m.91 views

Friday Squid Blogging: Triassic Kraken

Research paper: "Triassic Kraken: The Berlin Ichthyosaur Death Assemblage Interpreted as a Giant Cephalopod Midden": Abstract: The Luning Formation at Berlin Ichthyosaur State Park, Nevada, hosts a puzzling assemblage of at least 9 huge ≤14 m juxtaposed ichthyosaurs Shonisaurus popularis...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/11/01 11:27 a.m.36 views

Resources for Measuring Cybersecurity

Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/31 11:24 a.m.38 views

A Broken Random Number Generator in AMD Microcode

Interesting story. I always recommend using a random number generator like Fortuna, even if you're using a hardware random source. It's just safer...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/30 2:36 p.m.34 views

WhatsApp Sues NSO Group

WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. I...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/29 11:9 a.m.10 views

ICT Supply-Chain Security

The Carnegie Endowment for Peace published a comprehensive report on ICT information and communication technologies supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/28 11:22 a.m.61 views

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

In an extraordinary essay, the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities­ -- including law enforcement­ -...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/25 9:4 p.m.89 views

Friday Squid Blogging: Researchers Investigating Using Squid Propulsion for Underwater Robots

Interesting article and paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/25 11:14 a.m.38 views

Dark Web Site Taken Down without Breaking Encryption

The US Department of Justice unraveled a dark web child-porn website, leading to the arrest of 337 people in at least 18 countries. This was all accomplished not through any backdoors in communications systems, but by analyzing the bitcoin transactions and following the money: Welcome to Video ma...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/24 11:21 a.m.43 views

Mapping Security and Privacy Research across the Decades

This is really interesting: "A Data-Driven Reflection on 36 Years of Security and Privacy Research," by Aniqua Baset and Tamara Denning: Abstract: Meta-research---research about research---allows us, as a community, to examine trends in our research and make informed decisions regarding the cours...

0.7AI score
Exploits0
Total number of security vulnerabilities2979