Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2019/02/21 12:33 p.m.96 views

Reverse Location Search Warrants

The police are increasingly getting search warrants for information about all cell phones in a certain location at a certain time: Police departments across the country have been knocking at Google's door for at least the last two years with warrants to tap into the company's extensive stores of...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/20 2:2 p.m.53 views

Details on Recent DNS Hijacking

At the end of January, the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/19 12:36 p.m.51 views

Estonia's Volunteer Cyber Militia

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia. Padar's militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian border, and in the capital,...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/18 8:42 p.m.63 views

I Am Not Associated with Swift Recovery Ltd.

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information -- stories,...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/18 1:45 p.m.58 views

Cataloging IoT Vulnerabilities

Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/15 10:24 p.m.155 views

Friday Squid Blogging: Sharp-Eared Enope Squid

Beautiful photo of a three-inch-long squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/15 12:33 p.m.65 views

Reconstructing SIGSALY

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/14 12:53 p.m.59 views

USB Cable with Embedded Wi-Fi Controller

It's only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/13 12:32 p.m.74 views

Cyberinsurance and Acts of War

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/12 12:25 p.m.44 views

Blockchain and Trust

In his 2008 white paper that first proposed bitcoin, the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain, the system behind bitcoin cryptocurrency. The circumvention of trust is a great...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/08 10:37 p.m.156 views

Friday Squid Blogging: The Hawaiian Bobtail Squid Genome

The Hawaiian Bobtail Squid's genome is half again the size of a human's. Other facts: The Hawaiian bobtail squid has two different symbiotic organs, and researchers were able to show that each of these took different paths in their evolution. This particular species of squid has a light organ tha...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/07 2:15 p.m.88 views

China's AI Strategy and its Security Implications

Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/06 4:24 p.m.77 views

Using Gmail "Dot Addresses" to Commit Fraud

In Gmail addresses, the dots don't matter. The account "[email protected]" maps to the exact same address as "[email protected]" and "[email protected]" -- and so on. Note: I own none of those addresses, if they are actually valid. This fact can be used to commit fraud:...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/05 8:59 p.m.88 views

Major Zcash Vulnerability Fixed

Zcash just fixed a vulnerability that would have allowed "infinite counterfeit" Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governan...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/04 5:7 p.m.65 views

Facebook's New Privacy Hires

The Wired headline sums it up nicely -- "Facebook Hires Up Three of Its Biggest Privacy Critics": In December, Facebook hired Nathan White away from the digital rights nonprofit Access Now, and put him in the role of privacy policy manager. On Tuesday of this week, lawyers Nate Cardozo, of the...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/01 10:38 p.m.154 views

Friday Squid Blogging: Squid with Chorizo, Tomato, and Beans

Nice recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/02/01 3:48 p.m.155 views

Public-Interest Tech at the RSA Conference

Our work in cybersecurity is inexorably intertwined with public policy and­ -- more generally­ -- the public interest. It's obvious in the debates on encryption and vulnerability disclosure, but it's also part of the policy discussions about the Internet of Things, cryptocurrencies, artificial...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/31 4:30 p.m.90 views

Security Flaws in Children's Smart Watches

A year ago, the Norwegian Consumer Council published an excellent security analysis of children's GPS-connected smart watches. The security was terrible. Not only could parents track the children, anyone else could also track the children. A recent analysis checked if anything had improved after...

Exploits0
Schneier on Security
Schneier on Security
added 2019/01/30 4:0 p.m.84 views

Security Analysis of the LIFX Smart Light Bulb

The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered stored in plaintext into the flash memory. No security settings. The device is completely open no secure boot, no debug interface disabled...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/29 7:12 p.m.61 views

iPhone FaceTime Vulnerability

This is kind of a crazy iPhone vulnerability: it's possible to call someone on FaceTime and listen on their microphone -- and see from their camera -- before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it's fixed. But it's hard to...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/28 7:40 p.m.65 views

Japanese Government Will Hack Citizens' IoT Devices

The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to 1 figure out what's insecure, and 2 help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/25 10:18 p.m.214 views

Friday Squid Blogging: Squids on the Tree of Life

Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/25 12:8 p.m.217 views

Hacking the GCHQ Backdoor

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active­ -- silently inserting a secret...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/24 12:38 p.m.187 views

Military Carrier Pigeons in the Era of Electronic Warfare

They have advantages: Pigeons are certainly no substitute for drones, but they provide a low-visibility option to relay information. Considering the storage capacity of microSD memory cards, a pigeon's organic characteristics provide front line forces a relatively clandestine mean to transport...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/23 12:20 p.m.62 views

The Evolution of Darknets

This is interesting: To prevent the problems of customer binding, and losing business when darknet markets go down, merchants have begun to leave the specialized and centralized platforms and instead ventured to use widely accessible technology to build their own communications and operational...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/22 11:59 a.m.79 views

Hacking Construction Cranes

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be easily taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we'v...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/21 12:47 p.m.104 views

Clever Smartphone Malware Concealment Technique

This is clever: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/18 10:41 p.m.205 views

Friday Squid Blogging: Squid Lollipops

Two squid lollipops, handmade by Shinri Tezuka. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/18 11:54 a.m.176 views

Evaluating the GCHQ Exceptional Access Proposal

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI -- and some of their peer agencies in the UK, Australia, and elsewhere -- argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/17 12:33 p.m.77 views

Prices for Zero-Day Exploits Are Rising

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreak...

Exploits0
Schneier on Security
Schneier on Security
added 2019/01/16 12:53 p.m.64 views

El Chapo's Encryption Defeated by Turning His IT Consultant

Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrad...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/15 11:55 a.m.77 views

Alex Stamos on Content Moderation and Security

Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off -- which would be more profitable for them and bad for society. If we ask tech companies to fix ancient societal ills...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/14 10:21 p.m.54 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference MCSC on February 14, 2019. The list is maintained on this page...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/14 5:13 p.m.72 views

Why Internet Security Is So Bad

I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/11 8:48 p.m.138 views

Friday Squid Blogging: New Giant Squid Video

This is a fantastic video of a young giant squid named Heck swimming around Toyama Bay near Tokyo. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/11 12:38 p.m.73 views

Using a Fake Hand to Defeat Hand-Vein Biometrics

Nice work: One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/10 11:52 a.m.138 views

Security Vulnerabilities in Cell Phone Systems

Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/09 1:5 p.m.47 views

EU Offering Bug Bounties on Critical Open-Source Software

The EU is offering "bug bounties on Free Software projects that the EU institutions rely on." Slashdot thread...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/08 12:13 p.m.92 views

Machine Learning to Detect Software Vulnerabilities

No one doubts that artificial intelligence AI and machine learning ML will transform cybersecurity. We just don't know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders ­ and the resultant arms race between the two ­ I want to talk about...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/07 12:13 p.m.70 views

New Attack Against Electrum Bitcoin Wallets

This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users t...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/04 10:16 p.m.204 views

Friday Squid Blogging: The Future of the Squid Market

It's growing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/03 3:9 p.m.79 views

Podcast Interview with Eva Galperin

Nice interview with the EFF's director of cybersecurity, Eva Galperin...

4.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/01/02 3:29 p.m.77 views

Long-Range Familial Searching Forensics

Good article on using long-range familial searching -- basically, DNA matching of distant relatives -- as a police forensics tool. EDITED TO ADD 1/5: A smattering of papers on the topic...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/31 11:57 a.m.63 views

China's APT10

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's "I Hunt Sysadmins" presentation, published by the Intercept. EDITED TO ADD 1/5: Another article on the...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/28 10:4 p.m.68 views

Friday Squid Blogging: Squid-Focused Menus in Croatia

This is almost over: From 1 December 2018 -- 6 January 2019, Days of Adriatic squid will take place at restaurants all over north-west Istria. Restaurants will be offering affordable full-course menus based on Adriatic squid, combined with quality local olive oil and fine wines. As usual, you can...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/28 6:11 p.m.92 views

Click Here to Kill Everybody Available as an Audiobook

Click Here to Kill Everybody is finally available on Audible.com. I have ten download codes. Not having anything better to do with them, here they are: 1. HADQSSFC98WCQ 2. LDLMC6AJLBDJY 3. YWSY8CXYMQNJ6 4. JWM7SGNUXX7DB 5. UPKAJ6MHB2LEF 6. M85YN36UR926H 7. 9ULE4NFAH2SLF 8. GU7A79GSDCXAT 9...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/28 12:43 p.m.28 views

Massive Ad Fraud Scheme Relied on BGP Hijacking

This is a really interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol: Members of 3ve pronounced "eve" used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect. The scheme employed a...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/27 12:25 p.m.16 views

Stealing Nativity Displays

The New York Times is reporting on the security measures people are using to protect nativity displays...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/26 12:27 p.m.99 views

Human Rights by Design

Good essay: "Advancing Human-Rights-By-Design In The Dual-Use Technology Industry," by Jonathon Penney, Sarah McKune, Lex Gill, and Ronald J. Deibert: But businesses can do far more than these basic measures. They could adopt a "human-rights-by-design" principle whereby they commit to designing...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/25 12:13 p.m.48 views

Glitter Bomb against Package Thieves

Stealing packages from unattended porches is a rapidly rising crime, as more of us order more things by mail. One person hid a glitter bomb and a video recorder in a package, posting the results when thieves opened the box. At least, that's what might have happened. At least some of the video was...

0.7AI score
Exploits0
Total number of security vulnerabilities2979