Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2019/04/12 4:13 p.m.73 views

Maliciously Tampering with Medical Imagery

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don't think the medical device industry has thought at all about data integrity and authentication issues. In a world where...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/12 11:25 a.m.54 views

New Version of Flame Malware Discovered

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. It has recently been linked to more modern malware through new analysis tools that find linkages between different software. Seems that Flame did not disappear after it was discovered, as was previously though...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/11 11:24 a.m.51 views

TajMahal Spyware

Kaspersky has released details about a sophisticated nation-state spyware it calls TajMahal: The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept document...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/10 10:44 a.m.41 views

How the Anonymous Artist Banksy Authenticates His or Her Work

Interesting scheme: It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom. Exactly the sort of things that can be easily copied by someone on a mission to create the...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/09 11:54 a.m.42 views

Hey Secret Service: Don't Plug Suspect USB Sticks into Random Computers

I just noticed this bit from the incredibly weird story of the Chinese woman arrested at Mar-a-Lago: Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhang's thumb drive into his computer, it...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/08 2:50 p.m.31 views

Ghidra: NSA's Reverse-Engineering Tool

Last month, the NSA released Ghidra, a software reverse-engineering tool. Early reactions are uniformly positive. Three news articles...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/05 9:29 p.m.57 views

Friday Squid Blogging: Fried Squid Recipe

This is an easy fried squid recipe with saffron and agrodolce. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/05 2:31 p.m.66 views

Unhackable Cryptography?

A recent article overhyped the release of EverCrypt, a cryptography library created using formal methods to prove security against specific attacks. The Quanta magazine article sets off a series of "snake-oil" alarm bells. The author's Github README is more measured and accurate, and illustrates...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/04 7:10 p.m.56 views

Former Mozilla CTO Harassed at the US Border

This is a pretty awful story of how Andreas Gal, former Mozilla CTO and US citizen, was detained and threatened at the US border. CBP agents demanded that he unlock his phone and computer. Know your rights when you enter the US. The EFF publishes a handy guide. And if you want to encrypt your...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/04 11:18 a.m.47 views

Adversarial Machine Learning against Tesla's Autopilot

Researchers have been able to fool Tesla's autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road. Abstract: Keen Security Lab has maintained the security research work on Tesla vehicle and shared our research...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/03 11:26 a.m.62 views

How Political Campaigns Use Personal Data

Really interesting report from Tactical Tech. Data-driven technologies are an inevitable feature of modern political campaigning. Some argue that they are a welcome addition to politics as normal and a necessary and modern approach to democratic processes; others say that they are corrosive and...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/02 11:16 a.m.53 views

Hacking Instagram to Get Free Meals in Exchange for Positive Reviews

This is a fascinating hack: In today's digital age, a large Instagram audience is considered a valuable currency. I had also heard through the grapevine that I could monetize a large following -- or in my desired case -- use it to have my meals paid for. So I did just that. I created an Instagram...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/01 2:44 p.m.113 views

Recovering Smartphone Typing from Microphone Sounds

Yet another side-channel attack on smartphones: "Hearing your touch: A new acoustic side channel on smartphones," by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/29 9:15 p.m.89 views

Friday Squid Blogging: Restoring the Giant Squid at the Museum of Natural History

It is traveling to Paris. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/29 11:11 a.m.59 views

NSA-Inspired Vulnerability Found in Huawei Laptops

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that techniqu...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/28 11:42 a.m.57 views

Malware Installed in Asus Computers through Hacked Update Process

Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer." In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. The attack took place between June and November 2018 and according to our telemetry, it affected a large...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/27 11:37 a.m.49 views

Programmers Who Don't Understand Security Are Poor at Security

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/26 11:24 a.m.62 views

Personal Data Left on Used Laptops

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/25 2:39 p.m.45 views

Mail Fishing

Not email, paper mail: Thieves, often at night, use string to lower glue-covered rodent traps or bottles coated with an adhesive down the chute of a sidewalk mailbox. This bait attaches to the envelopes inside, and the fish in this case -- mail containing gift cards, money orders or checks, which...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/22 9:45 p.m.150 views

Friday Squid Blogging: New Research on Squid Camouflage

From the New York Times: Now, a paper published last week in Nature Communications suggests that their chromatophores, previously thought to be mainly pockets of pigment embedded in their skin, are also equipped with tiny reflectors made of proteins. These reflectors aid the squid to produce such...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/22 11:16 a.m.62 views

Enigma, Typex, and Bombe Simulators

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/21 10:52 a.m.42 views

First Look Media Shutting Down Access to Snowden NSA Archives

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. I...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/20 5:38 p.m.74 views

Zipcar Disruption

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage: "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software." That didn't just mean people couldn't get ca...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/20 11:3 a.m.50 views

An Argument that Cybersecurity Is Basically Okay

Andrew Odlyzko's new essay is worth reading -- "Cybersecurity is not very important": Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/19 11:48 a.m.61 views

Triton

Good article on the Triton malware which targets industrial control systems...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/18 11:23 a.m.57 views

CAs Reissue Over One Million Weak Certificates

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half th...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/15 9:24 p.m.179 views

Friday Squid Blogging: A Squid-Related Vacation Tour in Hawaii

You can hunt for the Hawaiian bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/15 7:38 p.m.189 views

I Was Cited in a Court Decision

An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption. Here's the first, in footnote 1: We understand the word "password" to be synonymous with other terms that cell phone user...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/15 7:15 p.m.187 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm teaching a live online class called "Spotlight on Cloud: The Future of Internet Security with Bruce Schneier" on O'Reilly's learning platform, Thursday, April 4, at 10:00 AM PT/1:00 PM ET. The list is maintained on this page...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/15 2:44 p.m.140 views

Critical Flaw in Swiss Internet Voting System

Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted -- and that this system in particular should never be deployed, even if the found flaw is fixed...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/14 6:20 p.m.77 views

DARPA Is Developing an Open-Source Voting System

This sounds like a good development: ...a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency DARPA has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/13 11:51 a.m.40 views

Judging Facebook's Privacy Shift

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/12 11:38 a.m.46 views

On Surveillance in the Workplace

Data & Society just published a report entitled "Workplace Monitoring & Surveillance": This explainer highlights four broad trends in employee monitoring and surveillance technologies: Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/11 11:54 a.m.121 views

Russia Is Testing Online Voting

This is a bad idea: A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital's city counci...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/08 10:36 p.m.134 views

Friday Squid Blogging: Squid Proteins Can Be an Alternative to Plastic

Is there anything squids aren't good for? Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/08 8:24 p.m.120 views

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. Video here. I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologist...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/08 11:57 a.m.59 views

Cybersecurity Insurance Not Paying for NotPetya Losses

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/07 7:48 p.m.76 views

Detecting Shoplifting Behavior

This system claims to detect suspicious behavior that indicates shoplifting: Vaak, a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body languag...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/07 12:25 p.m.54 views

Letterlocking

Really good article on the now-lost art of letterlocking...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/06 12:17 p.m.60 views

Digital Signatures in PDFs Are Broken

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/05 12:31 p.m.59 views

Cybersecurity for the Public Interest

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/04 12:4 p.m.63 views

The Latest in Creepy Spyware

The Nest home alarm system shipped with a secret microphone, which -- according to the company -- was only an accidental secret: On Tuesday, a Google spokesperson told Business Insider the company had made an "error." "The on-device microphone was never intended to be a secret and should have bee...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/01 10:24 p.m.131 views

Friday Squid Blogging: Chinese Squid-Processing Facility

China is building the largest squid processing center in the world. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/03/01 11:59 a.m.97 views

Data Leakage from Encrypted Databases

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/28 12:22 p.m.39 views

Can Everybody Read the US Terrorist Watch List?

After years of claiming that the Terrorist Screening Database is kept secret within the government, we have now learned that the DHS shares it "with more than 1,400 private entities, including hospitals and universities...." Critics say that the watchlist is wildly overbroad and mismanaged, and...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/27 12:22 p.m.49 views

"Insider Threat" Detection Software

Notice this bit from an article on the arrest of Christopher Hasson: It was only after Hasson's arrest last Friday at his workplace that the chilling plans prosecutors assert he was crafting became apparent, detected by an internal Coast Guard program that watches for any "insider threat." The...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/26 12:10 p.m.60 views

Attacking Soldiers on Social Media

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/25 12:23 p.m.75 views

On the Security of Password Managers

There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? Al...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/22 10:9 p.m.127 views

Friday Squid Blogging: A Tracking Device for Squid

Really: After years of "making do" with the available technology for his squid studies, Mooney created a versatile tag that allows him to research squid behavior. With the help of Kakani Katija, an engineer adapting the tag for jellyfish at California's Monterey Bay Aquarium Research Institute...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/22 11:35 a.m.90 views

Gen. Nakasone on US Cyber Command

Really interesting article by and interview with Paul M. Nakasone Commander of US Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service in the current issue of Joint Forces Quarterly. He talks about the evolving role of US Cyber Command, and its new...

0.8AI score
Exploits0
Total number of security vulnerabilities2979