Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2019/10/23 11:15 a.m.56 views

NordVPN Breached

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN's network or for a variety...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/22 3:12 p.m.41 views

Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance

Coming out of the Privacy Commissioners' Conference in Albania, Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance. You can sign on as an individual or an organization. I did. You should as well. No, I don't think that...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/22 10:56 a.m.49 views

Calculating the Benefits of the Advanced Encryption Standard

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey...

Exploits0
Schneier on Security
Schneier on Security
added 2019/10/21 11:23 a.m.45 views

Details of the Olympic Destroyer APT

Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired's Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/18 9:11 p.m.86 views

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/18 7:38 p.m.91 views

Why Technologists Need to Get Involved in Public Policy

Last month, I gave a 15-minute talk in London titled: "Why technologists need to get involved in public policy." In it, I try to make the case for public-interest technologists. I also maintain a public-interest tech resources page, which has pretty much everything I can find in this space. If I'...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/18 10:54 a.m.99 views

Adding a Hardware Backdoor to a Networked Computer

Interesting proof of concept: At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minima...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/17 11:8 a.m.49 views

Using Machine Learning to Detect IP Hijacking

This is interesting research: In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/15 3:38 p.m.49 views

Cracking the Passwords of Early Internet Pioneers

Lots of them weren't very good: BSD co-inventor Dennis Ritchie, for instance, used "dmac" his middle name was MacAlistair; Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/14 11:58 a.m.46 views

Factoring 2048-bit Numbers Using 20 Million Qubits

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk. We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/11 9:29 p.m.150 views

Friday Squid Blogging: Apple Fixes Squid Emoji

Apple fixed the squid emoji in iOS 13.1: A squid's siphon helps it move, breathe, and discharge waste, so having the siphon in back makes more sense than having it in front. Now, the poor squid emoji will look like it should, without a siphon on its front. As usual, you can also use this squid po...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/11 7:34 p.m.102 views

I Have a New Book: We Have Root

I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. The first two are Schneier on Security and Carry On. There is nothing in this book is that is not available for free on my website; but if you'd like these essays in an easy-to-carry paperback...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/11 11:14 a.m.72 views

Details on Uzbekistan Government Malware: SandCat

Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group's lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/10 6:49 p.m.66 views

New Reductor Nation-State Malware Compromises TLS

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/10 10:49 a.m.59 views

Wi-Fi Hotspot Tracking

Free Wi-Fi hotspots can track your location, even if you don't connect to them. This is because your phone or computer broadcasts a unique MAC address. What distinguishes location-based marketing hotspot providers like Zenreach and Euclid is that the personal information you enter in the captive...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/09 5:26 p.m.44 views

Cheating at Professional Poker

Interesting story about someone who is almost certainly cheating at professional poker. But then I start to see things that seem so obvious, but I wonder whether they aren't just paranoia after hours and hours of digging into the mystery. Like the fact that he starts wearing a hat that has a...

Exploits0
Schneier on Security
Schneier on Security
added 2019/10/09 11:34 a.m.41 views

Illegal Data Center Hidden in Former NATO Bunker

Interesting: German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. ... Thirteen people aged 20 to 59 are under investigation in all, including thr...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/08 10:15 p.m.44 views

Speakers Censored at AISA Conference in Melbourne

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake, former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus, lecturer ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/08 10:24 a.m.80 views

New Unpatchable iPhone Exploit Allows Jailbreaking

A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's phones. Some details: I wanted to learn how Checkm8 will shape the iPhone experience­ -- particularly as it relates to...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/07 11:53 a.m.59 views

Edward Snowden's Memoirs

Ed Snowden has published a book of his memoirs: Permanent Record. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a shor...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/04 9:23 p.m.126 views

Friday Squid Blogging: Hawaiian Bobtail Squid Squirts Researcher

Cute video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/04 5:4 p.m.104 views

More Cryptanalysis of Solitaire

In 1999, I invented the Solitaire encryption algorithm, designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon, and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I mad...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/04 11:32 a.m.63 views

Tracking by Smart TVs

Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/03 11:28 a.m.39 views

Measuring the Security of IoT Devices

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 varies by vendo...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/02 1:0 p.m.45 views

New Research into Russian Malware

There's some interesting new research about Russian APT malware: The Russian government has fostered competition among the three agencies, which operate independently from one another, and compete for funds. This, in turn, has resulted in each group developing and hoarding its tools, rather than...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/10/01 11:54 a.m.59 views

NSA on the Future of National Cybersecurity

Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The firs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/30 11:36 a.m.47 views

Supply-Chain Security and Trust

The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem ­ which is...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/27 9:23 p.m.164 views

Friday Squid Blogging: Did Super-Intelligent Giant Squid Steal an Underwater Research Station?

There's no proof they did, but there's no proof they didn't. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/27 5:19 p.m.57 views

Superhero Movies and Security Lessons

A paper I co-wrote was just published in Security Journal: "Superheroes on screen: real life lessons for security debates": Abstract: Superhero films and episodic shows have existed since the early days of those media, but since 9/11, they have become one of the most popular and most lucrative...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/26 11:21 a.m.75 views

On Chinese "Spy Trains"

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/25 11:1 a.m.36 views

Ineffective Package Tracking Facilitates Fraud

This article discusses an e-commerce fraud technique in the UK. Because the Royal Mail only tracks packages to the postcode -- and not to the address - it's possible to commit a variety of different frauds. Tracking systems that rely on signature are not similarly vulnerable...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/24 11:33 a.m.76 views

Russians Hack FBI Comms System

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/23 10:59 a.m.66 views

France Outlines Its Approach to Cyberwar

In a document published earlier this month in French, France described the legal framework in which it will conduct cyberwar operations. Lukasz Olejnik explains what it means, and it's worth reading...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/20 9:11 p.m.183 views

Friday Squid Blogging: Piglet Squid

Another piglet squid video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/20 5:50 p.m.122 views

Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago

Earlier this month, I made fun of a company called Crown Sterling, for...for...for being a company that deserves being made fun of. This morning, the company announced that they "decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer." Really. The...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/20 2:34 p.m.37 views

A Feminist Take on Information Privacy

Maria Farrell has a really interesting framing of information/device privacy: What our smartphones and relationship abusers share is that they both exert power over us in a world shaped to tip the balance in their favour, and they both work really, really hard to obscure this fact and keep us...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/20 11:12 a.m.45 views

New Biometrics

This article discusses new types of biometrics under development, including gait, scent, heartbeat, microbiome, and butt shape no, really...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/19 10:57 a.m.61 views

Revisiting Software Vulnerabilities in the Boeing 787

I previously blogged about a Black Hat talk that disclosed security vulnerabilities in the Boeing 787 software. Ben Rothke concludes that the vulnerabilities are real, but not practical...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/18 5:52 p.m.24 views

I'm Looking to Hire a Strategist to Help Figure Out Public-Interest Tech

I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology. All of the details are in the RFP. The selected strategist will work close...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/18 12:42 p.m.30 views

Cracking Forgotten Passwords

Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/16 11:39 a.m.29 views

Another Side Channel in Intel Chips

Not that serious, but interesting: In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard and significantly longer path through t...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/14 11:16 p.m.98 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society in London on September 24, 2019. I'm speaking at Cyber Security Nordic in Helsinki, Finland on...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/13 9:5 p.m.135 views

Friday Squid Blogging: How Scientists Captured the Giant Squid Video

In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/13 4:40 p.m.253 views

When Biology Becomes Software

All of life is based on the coordinated action of genetic parts genes and their controlling sequences found in the genomes the complete DNA sequence of organisms. Genes and genomes are based on code-- just like the digital language of computers. But instead of zeros and ones, four DNA letters ---...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/13 1:22 p.m.147 views

Smart Watches and Cheating on Tests

The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it's becoming very difficult to tell regular watches from smart watches...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/12 11:4 a.m.40 views

Fabricated Voice Used in Financial Fraud

This seems to be an identity theft first: Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 $243,000 in March in what cybercrime experts described as an unusual case of artificial intelligence being used in...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/11 11:11 a.m.64 views

More on Law Enforcement Backdoor Demands

The Carnegie Endowment for International Peace and Princeton University's Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: "Moving the Encryption Policy Conversation Forward. The main...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/10 11:23 a.m.49 views

On Cybersecurity Insurance

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/09 11:29 a.m.41 views

NotPetya

Wired has a long article on NotPetya. EDITED TO ADD 9/12: Another good article on NotPetya...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/06 9:24 p.m.91 views

Friday Squid Blogging: Squid Perfume

It's not perfume for squids. Nor is it perfume made from squids. It's a perfume called Squid, "inspired by life in the sea." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Total number of security vulnerabilities2979