Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2019/07/12 9:32 p.m.177 views

Friday Squid Blogging: When the Octopus and Squid Lost Their Shells

Cephalopod ancestors once had shells. When did they lose them? With the molecular clock technique, which allowed him to use DNA to map out the evolutionary history of the cephalopods, he found that today's cuttlefish, squids and octopuses began to appear 160 to 100 million years ago, during the...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/12 7:16 p.m.184 views

Clickable Endnotes to Click Here to Kill Everybody

In Click Here to Kill Everybody, I promised clickable endnotes. They're finally available...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/12 10:36 a.m.206 views

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

At least one presidential candidate has a policy about quantum computing and encryption. It has two basic planks. One: fund quantum-resistant encryption standards. Note: NIST is already doing this. Two, fund quantum computing. Unlike many far more pressing computer security problems, the market...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/11 11:24 a.m.68 views

Resetting Your GE Smart Light Bulb

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions: Start with your bulb off for at least 5 seconds. 1. Turn on for 8 seconds 2. Turn off for 2 seconds 3. Turn on for 8 seconds 4. Turn off for 2 seconds 5. Turn on...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/10 10:51 a.m.67 views

Details of the Cloud Hopper Attacks

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/09 11:44 a.m.59 views

Cell Networks Hacked by (Probable) Nation-State Attackers

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/08 5:38 p.m.79 views

Cardiac Biometric

MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance: A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/08 12:8 p.m.92 views

Ransomware Recovery Firms Who Secretly Pay Hackers

ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/05 9:4 p.m.243 views

Friday Squid Blogging: Squid Cars

Jalopnik asks the important question: "If squids ruled the earth, what would their cars be like?" As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/05 6:52 p.m.204 views

Applied Cryptography is Banned in Oregon Prisons

My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/05 11:15 a.m.100 views

Research on Human Honesty

New research from Science: "Civic honesty around the globe": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/04 11:38 a.m.124 views

US Journalist Detained When Returning to US

Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/03 11:28 a.m.106 views

Digital License Plates

They're a thing: Developers say digital plates utilize "advanced telematics" -- to collect tolls, pay for parking and send out Amber Alerts when a child is abducted. They also help recover stolen vehicles by changing the display to read "Stolen," thereby alerting everyone within eyeshot. This mak...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/02 11:24 a.m.85 views

Google Releases Basic Homomorphic Encryption Tool

Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article: Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/01 10:55 a.m.23 views

Yubico Security Keys with a Crypto Flaw

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness ...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/28 9:11 p.m.16 views

Friday Squid Blogging: Fantastic Video of a Juvenile Giant Squid

It's amazing: Then, about 20 hours into the recording from the Medusa's fifth deployment, Dr. Robinson saw the sharp points of tentacles sneaking into the camera's view. "My heart felt like exploding," he said on Thursday, over a shaky phone connection from the ship's bridge. At first, the animal...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/28 7:4 p.m.8 views

I'm Leaving IBM

Today is my last day at IBM. If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak,...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/28 11:35 a.m.368 views

Cellebrite Claims It Can Unlock Any iPhone

The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/27 11:41 a.m.99 views

Spanish Soccer League App Spies on Fans

The Spanish Soccer League's smartphone app spies on fans in order to find bars that are illegally streaming its games. The app listens with the microphone for the broadcasts, and then uses geolocation to figure out where the phone is. The Spanish data protection agency has ordered the league to...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/26 6:3 p.m.95 views

MongoDB Offers Field Level Encryption

MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side"...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/26 10:46 a.m.106 views

Person in Latex Mask Impersonated French Minister

Forget deep fakes. Someone wearing a latex mask fooled people on video calls for a period of two years, successfully scamming 80 million euros from rich French citizens...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/25 5:39 p.m.96 views

Florida City Pays Ransomware

Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/25 11:35 a.m.97 views

iPhone Apps Surreptitiously Communicated with Unknown Servers

Long news article alternate source on iPhone privacy, specifically the enormous amount of data your apps are collecting without your knowledge. A lot of this happens in the middle of the night, when you're probably not otherwise using your phone: IPhone apps I discovered tracking me by passing...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/24 11:5 a.m.96 views

Election Security

Stanford University's Cyber Policy Center has published a long report on the security of US elections. Summary: it's not good...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/21 9:25 p.m.198 views

Friday Squid Blogging: Squid Tea Bags

It's pu'er tea -- from Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/21 4:42 p.m.209 views

Backdoor Built into Android Firmware

In 2017, some Android phones came with a backdoor pre-installed: Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles publishe...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/21 10:10 a.m.146 views

Fake News and Pandemics

When the next pandemic strikes, we'll be fighting it on two fronts. The first is the one you immediately think about: understanding the disease, researching a cure and inoculating the population. The second is new, and one you might not have thought much about: fighting the deluge of rumors,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/20 5:27 p.m.104 views

How Apple's "Find My" Feature Works

Matthew Green intelligently speculates about how Apple's new "Find My" feature works. If you haven't already been inspired by the description above, let me phrase the question you ought to be asking: how is this system going to avoid being a massive privacy nightmare? Let me count the concerns: I...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/20 11:56 a.m.93 views

Hacking Hardware Security Modules

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module HSM talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It wi...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/19 6:26 p.m.116 views

Risks of Password Managers

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security an...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/19 10:21 a.m.110 views

Maciej Cegłowski on Privacy in the Information Age

Maciej Cegłowski has a really good essay explaining how to think about privacy today: For the purposes of this essay, I'll call it "ambient privacy" -- the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/17 10:52 a.m.104 views

Data, Surveillance, and the AI Arms Race

According to foreign policy experts and the defense establishment, the United States is caught in an artificial intelligence arms race with China -- one with serious implications for national security. The conventional version of this story suggests that the United States is at a disadvantage...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/14 9:41 p.m.226 views

Friday Squid Blogging: Climate Change Could be Good for Squid

Basically, they thrive in a high CO2 environment, because it doesn't bother them and makes their prey weaker. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/14 6:30 p.m.213 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking on "Securing a World of Physically Capable Computers" at Oxford University on Monday, June 17, 2019. The list is maintained on this page...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/14 5:4 p.m.91 views

Computers and Video Surveillance

It used to be that surveillance cameras were passive. Maybe they just recorded, and no one looked at the video unless they needed to. Maybe a bored guard watched a dozen different screens, scanning for something interesting. In either case, the video was only stored for a few days because storage...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/14 11:28 a.m.116 views

Video Surveillance by Computer

The ACLU's Jay Stanley has just published a fantastic report: "The Dawn of Robot Surveillance" blog post here Basically, it lays out a future of ubiquitous video cameras watched by increasingly sophisticated video analytics software, and discusses the potential harms to society. I'm not going to...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/13 11:21 a.m.141 views

Report on the Stalkerware Industry

Citizen Lab just published an excellent report on the stalkerware industry. Boing Boing post...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/12 11:22 a.m.102 views

Rock-Paper-Scissors Robot

How in the world did I not know about this for three years? Researchers at the University of Tokyo have developed a robot that always wins at rock-paper-scissors. It watches the human player's hand, figures out which finger position the human is about to deploy, and reacts quickly enough to alway...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/11 11:17 a.m.52 views

Workshop on the Economics of Information Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/10 11:18 a.m.76 views

Employment Scam

Interesting story of an old-school remote-deposit capture fraud scam, wrapped up in a fake employment scam. Slashdot thread...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/07 9:18 p.m.113 views

Friday Squid Blogging: Possible New Squid Species

NOAA video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/07 11:24 a.m.97 views

iOS Shortcut for Recording the Police

"Hey Siri; I'm getting pulled over" can be a shortcut: Once the shortcut is installed and configured, you just have to say, for example, "Hey Siri, I'm getting pulled over." Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on "do not disturb"...

Exploits0
Schneier on Security
Schneier on Security
added 2019/06/06 7:16 p.m.70 views

Security and Human Behavior (SHB) 2019

Today is the second day of the twelfth Workshop on Security and Human Behavior, which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/06 12:4 p.m.106 views

Chinese Military Wants to Develop Custom OS

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system: Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/05 11:40 a.m.80 views

Lessons Learned Trying to Secure Congressional Campaigns

Really interesting first-hand experience from Maciej Cegłowski...

3.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/04 11:6 a.m.65 views

The Cost of Cybercrime

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/03 11:30 a.m.80 views

The Importance of Protecting Cybersecurity Whistleblowers

Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a barrage of shocking revelations about data...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/31 10:1 p.m.151 views

The Human Cost of Cyberattacks

The International Committee of the Red Cross has just published a report: "The Potential Human Cost of Cyber-Operations." It's the result of an "ICRC Expert Meeting" from last year, but was published this week. Here's a shorter blog post if you don't want to read the whole thing. And commentary b...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/31 9:15 p.m.120 views

Friday Squid Blogging: Hundred-Million-Year-Old Squid Relative Found in Amber

This is a really interesting find. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/30 2:51 p.m.91 views

Fraudulent Academic Papers

The term "fake news" has lost much of its meaning, but it describes a real and dangerous Internet trend. Because it's hard for many people to differentiate a real news site from a fraudulent one, they can be hoodwinked by fictitious news stories pretending to be real. The result is that otherwise...

7.3AI score
Exploits0
Total number of security vulnerabilities2979