Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2019/09/06 11:10 a.m.66 views

Default Password for GPS Trackers

Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win. EDITED TO ADD 9/12: A California law bans default passwords starting in 2020...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/05 10:58 a.m.54 views

The Doghouse: Crown Sterling

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil." I dropped it both because it stopped being fun and because almost everyone converged on...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/04 11:22 a.m.68 views

Credit Card Privacy

Good article in the Washington Post on all the surveillance associated with credit card use...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/09/03 11:9 a.m.67 views

Massive iPhone Hack Targets Uyghurs

China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/30 9:9 p.m.206 views

Friday Squid Blogging: Why Mexican Jumbo Squid Populations Have Declined

A group of scientists conclude that it's shifting weather patterns and ocean conditions. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/30 11:18 a.m.50 views

Attacking the Intel Secure Enclave

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/29 11:17 a.m.60 views

AI Emotion-Detection Arms Race

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/28 11:14 a.m.47 views

The Myth of Consumer-Grade Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/27 10:14 a.m.58 views

The Threat of Fake Academic Research

Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/26 11:41 a.m.72 views

Detecting Credit Card Skimmers

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There's now an app that can detect them: The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/23 11:19 p.m.123 views

Friday Squid Blogging: Vulnerabilities in Squid Server

It's always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service DoS attacks triggered by the exploitation of a heap buffer overflow security flaw...

6.8CVSS9.8AI score0.50454EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/23 11:19 a.m.53 views

License Plate "NULL"

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets ar...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/22 10:21 a.m.71 views

Modifying a Tesla to Become a Surveillance Platform

From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/21 11:46 a.m.53 views

Google Finds 20-Year-Old Microsoft Windows Vulnerability

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/20 11:45 a.m.47 views

Surveillance as a Condition for Humanitarian Aid

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing fo...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/19 11:14 a.m.53 views

Influence Operations Kill Chain

Influence operations are elusive to define. The Rand Corp.'s definition is as good as any: "the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent." Basically, we know it when we see it, from bots...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/16 9:5 p.m.194 views

Friday Squid Blogging: Robot Squid Propulsion

Interesting research: The squid robot is powered primarily by compressed air, which it stores in a cylinder in its nose do squids have noses?. The fins and arms are controlled by pneumatic actuators. When the robot wants to move through the water, it opens a value to release a modest amount of...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/16 11:12 a.m.58 views

Software Vulnerabilities in the Boeing 787

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the...

Exploits0
Schneier on Security
Schneier on Security
added 2019/08/15 11:19 a.m.64 views

Bypassing Apple FaceID's Liveness Detection Feature

Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked: Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/14 5:36 p.m.71 views

Side-Channel Attack against Electronic Locks

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/14 11:18 a.m.83 views

Attorney General Barr and Encryption

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it i...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/13 11:17 a.m.30 views

Exploiting GDPR to Get Private Information

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation GDPR, which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/12 11:14 a.m.61 views

Evaluating the NSA's Telephony Metadata Program

Interesting analysis: "Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended?" by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversi...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/09 9:12 p.m.137 views

Friday Squid Blogging: Sinuous Asperoteuthis Mangoldae Squid

Great video of the Sinuous Asperoteuthis Mangoldae Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/08 4:11 p.m.55 views

Supply-Chain Attack against the Electron Development Platform

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference o...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/08 11:22 a.m.56 views

AT&T Employees Took Bribes to Unlock Smartphones

This wasn't a small operation: A Pakistani man bribed AT call-center employees to install malware and unauthorized hardware as part of a scheme to fraudulently unlock cell phones, according to the US Department of Justice. Muhammad Fahd, 34, was extradited from Hong Kong to the US on Friday and i...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/07 3:48 p.m.50 views

Brazilian Cell Phone Hack

I know there's a lot of politics associated with this story, but concentrate on the cybersecurity aspect for a moment. The cell phones of a thousand Brazilians, including senior government officials, were hacked -- seemingly by actors much less sophisticated than rival governments. Brazil's...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/06 11:20 a.m.43 views

Phone Pharming for Ad Fraud

Interesting article on people using banks of smartphones to commit ad fraud for profit. No one knows how prevalent ad fraud is on the Internet. I believe it is surprisingly high -- here's an article that places losses between $6.5 and $19 billion annually -- and something companies like Google an...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/05 2:14 p.m.41 views

Regulating International Trade in Commercial Spyware

Siena Anstis, Ronald J. Deibert, and John Scott-Railton of Citizen Lab published an editorial calling for regulating the international trade in commercial surveillance systems until we can figure out how to curb human rights abuses. Any regime of rigorous human rights safeguards that would make a...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/02 9:20 p.m.23 views

Friday Squid Blogging: Piglet Squid Video

Really neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/02 7:18 p.m.38 views

More on Backdooring (or Not) WhatsApp

Yesterday, I blogged about a Facebook plan to backdoor WhatsApp by adding client-side scanning and filtering. It seems that I was wrong, and there are no such plans. The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/02 4:53 p.m.31 views

Disabling Security Cameras with Lasers

There's a really interesting video of protesters in Hong Kong using some sort of laser to disable security cameras. I know nothing more about the technologies involved...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/02 11:4 a.m.45 views

How Privacy Laws Hurt Defendants

Rebecca Wexler has an interesting op-ed about an inadvertent harm that privacy laws can cause: while law enforcement can often access third-party data to aid in prosecution, the accused don't have the same level of access to aid in their defense: The proposed privacy laws would make this situatio...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/08/01 11:51 a.m.33 views

Facebook Plans on Backdooring WhatsApp

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/31 11:46 a.m.59 views

Another Attack Against Driverless Cars

In this piece of research, attackers successfully attack a driverless car system -- Renault Captur's "Level 0" autopilot Level 0 systems advise human drivers but do not directly operate cars -- by following them with drones that project images of fake road signs in 100ms bursts. The time is too...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/30 11:19 a.m.76 views

ACLU on the GCHQ Backdoor Proposal

Back in January, two senior GCHQ officials proposed a specific backdoor for communications systems. It was universally derided as unworkable -- by me, as well. Now Jon Callas of the ACLU explains why...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/29 11:15 a.m.68 views

Wanted: Cybersecurity Imagery

Eli Sugarman of the Hewlettt Foundation laments about the sorry state of cybersecurity imagery: The state of cybersecurity imagery is, in a word, abysmal. A simple Google Image search for the term proves the point: It's all white men in hoodies hovering menacingly over keyboards, green...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/26 9:42 p.m.214 views

Friday Squid Blogging: Humbolt Squid in Mexico Are Getting Smaller

The Humbolt squid are getting smaller: Rawley and the other researchers found a flurry of factors that drove the jumbo squid's demise. The Gulf of California historically cycled between warm-water El Niño conditions and cool-water La Niña phases. The warm El Niño waters were inhospitable to jumbo...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/26 11:5 a.m.168 views

Insider Logic Bombs

Add to the "not very smart criminals" file: According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/25 11:17 a.m.73 views

Software Developers and Security

According to a survey: "68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes." And that's a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developer...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/24 11:43 a.m.74 views

Attorney General William Barr on Encryption Policy

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/23 11:27 a.m.64 views

Science Fiction Writers Helping Imagine Future Threats

The French army is going to put together a team of science fiction writers to help imagine future threats. Leaving aside the question of whether science fiction writers are better or worse at envisioning nonfictional futures, this isn't new. The US Department of Homeland Security did the same thi...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/22 11:17 a.m.65 views

Hackers Expose Russian FSB Cyberattack Projects

More nation-state activity in cyberspace, this time from Russia: Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include: Nautilus -- a project for...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/19 9:4 p.m.97 views

Friday Squid Blogging: Squid Mural

Large squid mural in the Bushwick neighborhood of Brooklyn. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/19 7:38 p.m.102 views

A Harlequin Romance Novel about Hackers

Really...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/19 11:19 a.m.60 views

John Paul Stevens Was a Cryptographer

I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/18 1:21 p.m.89 views

Identity Theft on the Job Market

Identity theft is getting more subtle: "My job application was withdrawn by someone pretending to be me": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to him by Friday, but they never did. At first, he assumed he was...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/16 5:54 p.m.75 views

Zoom Vulnerability

The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera. It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/15 11:12 a.m.79 views

Palantir's Surveillance Service for Law Enforcement

Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/13 9:18 p.m.132 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thursday, August 8, 2019. I'm speaking on "Information Security in the Public Interest" at DefCon 27 in Las Vegas on Saturday, August 10, 2019. The list is...

1.4AI score
Exploits0
Total number of security vulnerabilities2979