Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2019/05/29 11:3 a.m.70 views

Alex Stamos on Content Moderation and Security

Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/28 2:59 p.m.73 views

First American Financial Corp. Data Records Leak

Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and eve...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/24 9:11 p.m.62 views

Friday Squid Blogging: More Materials Science from Squid Skin

Article: "How a Squid's Color-Changing Skin Inspired a New Material That Can Trap or Release Heat." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/24 7:14 p.m.77 views

NSA Hawaii

Recently I've heard Edward Snowden talk about his working at the NSA in Hawaii as being "under a pineapple field." CBS News recently ran a segment on that NSA listening post on Oahu. Not a whole lot of actual information. "We're in office building, in a pineapple field, on Oahu...." And part of i...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/24 1:39 p.m.80 views

Germany Talking about Banning End-to-End Encryption

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. Cory...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/23 7:5 p.m.71 views

German SG-41 Encryption Machine Up for Auction

A German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/23 4:52 p.m.90 views

Thangrycat: A Serious Cisco Vulnerability

Summary: Thangrycat is caused by a series of hardware design flaws within Cisco's Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module TAm is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/22 7:11 p.m.85 views

Visiting the NSA

Yesterday, I visited the NSA. It was Cyber Command's birthday, but that's not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. BERKman hewLETT -- get it? We have a web page, but it's badly out of...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/22 11:24 a.m.120 views

Fingerprinting iPhones

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/21 11:19 a.m.66 views

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/20 6:30 p.m.73 views

The Concept of "Return on Data"

This law review article by Noam Kolt, titled "Return on Data," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility U consumers gain and the data D...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/17 9:13 p.m.114 views

Friday Squid Blogging: On Squid Intelligence

Two links. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/17 11:18 a.m.69 views

Why Are Cryptographers Being Denied Entry into the US?

In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. You can listen to his recorded acceptance speech. I've heard of two other...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/16 6:34 p.m.87 views

More Attacks against Computer Automatic Update Systems

Last month, Kaspersky discovered that Asus's live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation. As we mentioned before, ASUS was not the only company used by the attackers. Studyin...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/16 2:28 p.m.61 views

Another Intel Chip Flaw

Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whol...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/15 7:22 p.m.72 views

WhatsApp Vulnerability Fixed

WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn't even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive...

4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/15 11:28 a.m.37 views

International Spy Museum Reopens

The International Spy Museum has reopened in Washington, DC...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/14 5:15 p.m.36 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at the Code for America Summit in Oakland, California on May 30, 2019. I'm speaking on "Securing a World of Physically Capable Computers" at Oxford University on Monday, June 17, 2019. The list is maintained on this pa...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/14 11:11 a.m.42 views

Cryptanalysis of SIMON-32/64

A weird paper was posted on the Cryptology ePrint Archive working link is via the Wayback Machine, claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/13 11:37 a.m.71 views

Reverse Engineering a Chinese Surveillance App

Human Rights Watch has reverse engineered an app used by the Chinese police to conduct mass surveillance on Turkic Muslims in Xinjiang. The details are fascinating, and chilling. Boing Boing post...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/10 9:18 p.m.129 views

Friday Squid Blogging: Cephalopod Appreciation Society Event

Last Wednesday was a Cephalopod Appreciation Society event in Seattle. I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/10 11:30 a.m.107 views

Cryptanalyzing a Pair of Russian Encryption Algorithms

A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/09 8:17 p.m.72 views

Another NSA Leaker Identified and Charged

In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/09 10:58 a.m.68 views

Amazon Is Losing the War on Fraudulent Sellers

Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. Sometimes, these black hat companies brib...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/08 4:30 p.m.92 views

Leaked NSA Hacking Tools

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/08 11:3 a.m.61 views

Malicious MS Office Macro Creator

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code via p-code and confuse...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/07 11:22 a.m.35 views

Locked Computers

This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn't talk about is RAM theft. When RAM was expensive, stealing it was a problem...

4.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/06 9:9 p.m.44 views

First Physical Retaliation for a Cyberattack

Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter: CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a buildi...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/06 12:8 p.m.36 views

Protecting Yourself from Identity Theft

I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections,...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/03 9:15 p.m.51 views

Friday Squid Blogging: Squid Skin "Inspires" New Thermal Sheeting

Researchers are making space blankets using technology based on squid skin. Honestly, it's hard to tell how much squid is actually involved in this invention. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/03 9:33 a.m.31 views

Cybersecurity for the Public Interest

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/02 10:17 a.m.27 views

Why Isn't GDPR Being Enforced?

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of caterin...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/05/01 11:14 a.m.26 views

On Security Tokens

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the user needing to verify the site, the site has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of th...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/30 11:59 a.m.21 views

Defending Democracies Against Information Attacks

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security an...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/29 11:39 a.m.39 views

Stealing Ethereum by Guessing Weak Private Keys

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/26 9:14 p.m.46 views

Friday Squid Blogging: Toraiz SQUID Digital Sequencer

Pioneer DJ has a new sequencer: the Toraiz SQUID: Sequencer Inspirational Device. The 16-track sequencer is designed around jamming and performance with a host of features to create "happy accidents" and trigger random sequences, modulations and chords. There are 16 RGB pads for playing in your...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/26 7:20 p.m.40 views

Interview of Me in Taiwan

Business Weekly in Taiwan interviewed me. Here's a translation courtesy of Google. It was a surprisingly intimate interview. I hope the Chinese reads better than the translation...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/26 11:9 a.m.35 views

Towards an Information Operations Kill Chain

Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to something called the "cybersecurity kill chain": a way of thinking about cyber defense in terms of disrupting the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/25 11:31 a.m.30 views

Fooling Automated Surveillance Cameras with Patchwork Color Printout

Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/24 11:23 a.m.45 views

Vulnerability in French Government Tchap Chat App

A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ i...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/23 2:14 p.m.19 views

G7 Comes Out in Favor of Encryption Backdoors

From a G7 meeting of interior ministers in Paris this month, an "outcome document": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when i...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/22 1:45 p.m.30 views

Excellent Analysis of the Boeing 737 Max Software Problems

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/19 9:27 p.m.11 views

Friday Squid Blogging: New Squid Species off the New Zealand Coast

There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/19 1:12 p.m.7 views

Iranian Cyberespionage Tools Leaked Online

The source code of a set of Iranian cyberespionage tools was leaked online...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/18 10:13 a.m.58 views

New DNS Hijacking Attacks

DNS hijacking isn't new, but this seems to be an attack of unprecedented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/17 12:57 p.m.21 views

A "Department of Cybersecurity"

Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wron...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/16 11:10 a.m.39 views

More on the Triton Malware

FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good -- but older -- article on Triton. We don't know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/15 7:0 p.m.59 views

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/15 11:30 a.m.72 views

China Spying on Undersea Internet Cables

Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables: But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/12 9:19 p.m.107 views

Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery

Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Total number of security vulnerabilities2979