Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2018/12/24 12:25 p.m.86 views

MD5 and SHA-1 Still Used in 2018

Last week, the Scientific Working Group on Digital Evidence published a draft document -- "SWGDE Position on the Use of MD5 and SHA1 Hash Algorithms in Digital and Multimedia Forensics" -- where it accepts the use of MD5 and SHA-1 in digital forensics applications: While SWGDE promotes the adopti...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/21 10:14 p.m.119 views

Friday Squid Blogging: Illegal North Korean Squid Fishing

North Korea is engaged in even more illegal squid fishing than previously. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/21 12:24 p.m.94 views

Drone Denial-of-Service Attack against Gatwick Airport

Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen. He told BBC News: "There are 110,000...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/20 12:21 p.m.59 views

Fraudulent Tactics on Amazon Marketplace

Fascinating article about the many ways Amazon Marketplace sellers sabotage each other and defraud customers. The opening example: framing a seller for false advertising by buying fake five-star reviews for their products. Defacement: Sellers armed with the accounts of Amazon distributors sometim...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/19 12:0 p.m.57 views

Congressional Report on the 2017 Equifax Data Breach

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/18 12:31 p.m.86 views

Teaching Cybersecurity Policy

Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/17 12:30 p.m.45 views

New Shamoon Variant

A new variant of the Shamoon malware has destroyed significant amounts of data at a UAE "heavy engineering company" and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no ide...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/14 4:2 p.m.115 views

Real-Time Attacks Against Two-Factor Authentication

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/13 10:23 p.m.80 views

Friday Squid Blogging: More Problems with the Squid Emoji

Piling on from last week's post, the squid emoji's siphon is in the wrong place. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/13 12:37 p.m.27 views

Marriott Hack Reported as Chinese State-Sponsored

The New York Times and Reuters are reporting that China was behind the recent hack of Marriott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/12 3:18 p.m.78 views

New Australian Backdoor Law

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things. And two,...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/10 3:27 p.m.81 views

2018 Annual Report from AI Now

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/07 10:0 p.m.52 views

Friday Squid Blogging: Problems with the Squid Emoji

The Monterey Bay Aquarium has some problems with the squid emoji. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/07 6:6 p.m.64 views

Back Issues of the NSA's Cryptolog

Five years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course. What's new is a nice user interface for the issues, noting highlights and levels of redaction...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/07 4:50 p.m.73 views

Banks Attacked through Malicious Hardware Connected to the Local Network

Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/06 1:33 p.m.28 views

Your Personal Data is Already Stolen

In an excellent blog post, Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality 1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheles...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/05 12:30 p.m.30 views

Security Risks of Chatbots

Good essay on the security risks -- to democratic discourse -- of chatbots...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/04 12:28 p.m.33 views

Bad Consumer Security Advice

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public unsecured Wi-Fi such as the Wi-Fi in a café, hotel or airport. To...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/03 12:37 p.m.23 views

The DoJ's Secret Legal Arguments to Break Cryptography

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 10:20 p.m.62 views

Friday Squid Blogging: Japanese Squid-Fishing Towns in Decline

It's a problem: But now, fluctuations in ocean temperatures, years of overfishing and lax regulatory oversight have drastically depleted populations of the translucent squid in waters around Japan. As usual, you can also use this squid post to talk about the security stories in the news that I...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 8:29 p.m.75 views

Click Here to Kill Everybody News

My latest book is doing well. And I've been giving lots of talks and interviews about it. I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer. My book talk at Google is also available. The Audible version w...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 2:7 p.m.33 views

Three-Rotor Enigma Machine Up for Auction Today

Sotheby's is auctioning off a working, I think three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/30 12:28 p.m.23 views

That Bloomberg Supply-Chain-Hack Story

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it including the US DHS and the UK NCSC. Bloomberg has stood by its story -- and is...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/29 12:17 p.m.45 views

FBI Takes Down a Massive Advertising Fraud Ring

The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people: A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/28 12:48 p.m.25 views

Distributing Malware By Becoming an Admin on an Open-Source Project

The module "event-stream" was infected with malware by an anonymous someone who became an admin on the project. Cory Doctorow points out that this is a clever new attack vector: Many open source projects attain a level of "maturity" where no one really needs any new features and there aren't a lo...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/27 1:43 p.m.70 views

Propaganda and the Weakening of Trust in Government

On November 4, 2016, the hacker "Guccifer 2.0,: a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections. On November 9, 2018, President Donald Trump started tweeting about the senatorial...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/26 12:54 p.m.44 views

How Surveillance Inhibits Freedom of Expression

In my book Data and Goliath, I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure. B...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/23 10:5 p.m.58 views

Friday Squid Blogging: Good Squid Fishing in the Exmouth Gulf

The conditions are ideal for squid fishing in the Exmouth Gulf in West Australia. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/23 12:11 p.m.27 views

Using Machine Learning to Create Fake Fingerprints

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctiv...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/21 1:48 p.m.45 views

Information Attacks against Democracies

Democracy is an information system. That's the starting place of our new paper: "Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/20 12:44 p.m.40 views

The PCLOB Needs a Director

The US Privacy and Civil Liberties Oversight Board is looking for a director. Among other things, this board has some oversight role over the NSA. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/19 12:50 p.m.18 views

What Happened to Cyber 9/11?

A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I made fun of those warnings back then. Th...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/18 7:12 p.m.104 views

Worst-Case Thinking Breeds Fear and Irrationality

Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center. Instead of thinking "it must be a father and daughter, which happens millions of times a day and is perfectly normal," he thinks "this is obviously a case of child abduction and I must ale...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/18 12:26 p.m.67 views

Israeli Surveillance Gear

The Israeli Defense Force mounted a botched raid in Gaza. They were attempting to install surveillance gear, which they ended up leaving behind. There are photos -- scroll past the video. Israeli media is claiming that the capture of this gear by Hamas causes major damage to Israeli electronic...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/16 10:5 p.m.66 views

Friday Squid Blogging: Squid Sculptures

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/16 8:11 p.m.73 views

Mailing Tech Support a Bomb

I understand his frustration, but this is extreme: When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb ­ or, rather, two pipe bombs, which is what investigators found when they picked apart the explosive package ­ the only thing the company could think of...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/16 12:2 p.m.64 views

Hidden Cameras in Streetlights

Both the US Drug Enforcement Administration DEA and Immigration and Customs Enforcement ICE are hiding surveillance cameras in streetlights. According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since June 20...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/15 12:24 p.m.42 views

Chip Cards Fail to Reduce Credit Card Fraud in the US

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold. One, the US uses chip-and-signature instead of chip-and-PIN, obviating the...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/14 9:30 p.m.57 views

More Spectre/Meltdown-Like Attacks

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn't be surprising that microprocessor designers have been building...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/14 2:3 p.m.48 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018. I'm appearing on IBM Resilient's End of Year Review webinar on "The Top Cyber Security Trends in 2018 and Predictions for the Year Ahead," December 6, 2018 at...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/14 12:46 p.m.35 views

Oracle and "Responsible Disclosure"

I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software vendors. Researchers agree to withhold their work until software companies fix the vulnerabilities, and software vendors agree not to...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/13 1:4 p.m.35 views

New IoT Security Regulations

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communicatio...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/12 12:17 p.m.52 views

Hiding Secret Messages in Fingerprints

This is a fun steganographic application: hiding a message in a fingerprint image. Can't see any real use for it, but that's okay...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/09 10:7 p.m.40 views

Friday Squid Blogging: Australian Fisherman Gets Inked

Pretty good video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/09 7:52 p.m.48 views

The Pentagon Is Publishing Foreign Nation-State Malware

This is a new thing: The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain a better understanding of the threat...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/09 12:4 p.m.24 views

Privacy and Security of Data at Universities

Interesting paper: "Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier," by Christine Borgman: Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/08 12:35 p.m.68 views

iOS 12.1 Vulnerability

This is really just to point out that computer security is really hard: Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode...

Exploits0
Schneier on Security
Schneier on Security
added 2018/11/07 12:39 p.m.30 views

Consumer Reports Reviews Wireless Home-Security Cameras

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead, the camera has i...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/06 12:51 p.m.35 views

Security of Solid-State-Drive Encryption

Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives SSDs": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/05 4:24 p.m.106 views

Troy Hunt on Passwords

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why insert thing here isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have...

0.1AI score
Exploits0
Total number of security vulnerabilities2979