Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2018/11/02 9:8 p.m.77 views

Friday Squid Blogging: Eating More Squid

This research paper concludes that we'll be eating more squid in the future. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/02 11:1 a.m.86 views

How to Punish Cybercriminals

Interesting policy paper by Third Way: "To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors": In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/11/01 11:18 a.m.34 views

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easie...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/31 5:44 p.m.105 views

Was the Triton Malware Attack Russian in Origin?

The conventional story is that Iran targeted Saudi Arabia with Triton in 2017. New research from FireEye indicates that it might have been Russia. I don't know. FireEye likes to attribute all sorts of things to Russia, but the evidence here looks pretty good...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/31 11:53 a.m.28 views

ID Systems Throughout the 50 States

Jim Harper at CATO has a good survey of state ID systems in the US...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/30 11:38 a.m.34 views

Cell Phone Security and Heads of State

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potenti...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/29 8:19 p.m.70 views

More on the Supermicro Spying Story

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge. We don't know anything more, but this is the...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/29 11:18 a.m.30 views

Security Vulnerability in Internet-Connected Construction Cranes

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. "These devices...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/26 9:2 p.m.190 views

Friday Squid Blogging: Squid Falsely Labeled as Octopus

Two New Yorkers have been charged with importing squid from Peru and then reselling it as octopus. Yet another problem that a blockchain-enabled supply-chain system won't solve. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read ...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/26 2:1 p.m.166 views

Detecting Fake Videos

This story nicely illustrates the arms race between technologies to create fake videos and technologies to detect fake videos: These fakes, while convincing if you watch a few seconds on a phone screen, aren't perfect yet. They contain tells, like creepily ever-open eyes, from flaws in their...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/25 11:49 a.m.83 views

Android Ad-Fraud Scheme

BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users' behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme. After being provided with a list of the apps and websites connected to the scheme,...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/24 11:0 a.m.84 views

China's Hacking of the Border Gateway Protocol

This is a long -- and somewhat technical -- paper by Chris C. Demchak and Yuval Shavitt about China's repeated hacking of the Internet Border Gateway Protocol BGP: "China's Maxim ­ Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking." BGP hacking is how large...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/23 11:39 a.m.59 views

On Disguise

The former CIA Chief of Disguise has a fascinating video about her work...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/22 1:13 p.m.56 views

Are the Police Using Smart-Home IoT Devices to Spy on People?

IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer or by some third party the manufacture...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/19 9:0 p.m.104 views

Friday Squid Blogging: Roasted Squid with Tomatillo Salsa

Recipe and commentary. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/19 11:17 a.m.60 views

West Virginia Using Internet Voting

This is crazy and dangerous. West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain -- presumably because they have no idea what the security issues with voting actually are...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/18 11:27 a.m.40 views

Government Perspective on Supply Chain Security

This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/16 11:4 a.m.37 views

Privacy for Tigers

Ross Anderson has some new work: As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/15 2:34 p.m.57 views

How DNA Databases Violate Everyone's Privacy

If you're an American of European descent, there's a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper: "Identity inference of genomic data using...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/14 11:1 a.m.62 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Data in Smarter Cities in New York City on October 23, 2018. I'm speaking at the Cyber Security Summit in Minneapolis, Minnesota on October 24, 2018. I'm speaking at ISF's 29th Annual World Congress in Las Vegas,...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/12 9:1 p.m.104 views

Friday Squid Blogging: Eat Less Squid

The UK's Marine Conservation Society is urging people to eat less squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/12 1:14 p.m.53 views

Security in a World of Physically Capable Computers

It's no secret that computers are insecure. Stories like the recent Facebook hack, the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg. Th...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/11 11:29 a.m.26 views

Another Bloomberg Story about Supply-Chain Hardware Attacks from China

Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. I linked to other...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/10 11:21 a.m.32 views

Security Vulnerabilities in US Weapons Systems

The US Government Accounting Office just published a new report: "Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities" summary here. The upshot won't be a surprise to any of my regular readers: they're vulnerable. From the summary: Automation and connectivi...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/09 7:32 p.m.51 views

Access Now Is Looking for a Chief Security Officer

The international digital human rights organization Access Now I am on the board is looking to hire a Chief Security Officer. I believe that, somewhere, there is a highly qualified security person who has had enough of corporate life and wants instead to make a difference in the world. If that's...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/09 11:1 a.m.33 views

The US National Cyber Strategy

Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and dat...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/08 10:33 a.m.25 views

Defeating the "Deal or No Deal" Arcade Game

Two teenagers figured out how to beat the "Deal or No Deal" arcade game by filming the computer animation and then slowing it down enough to determine where the big prize was hidden...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/05 9:19 p.m.52 views

Friday Squid Blogging: Watch Squid Change Colors

This is an amazing short video of a squid -- I don't know the species -- changing its color instantly. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/05 11:44 a.m.23 views

Detecting Credit Card Skimmers

Interesting research paper: "Fear the Reaper: Characterization and Fast Detection of Card Skimmers": Abstract: Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card data using skimmers, which are attached to legitimate payment devices includin...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/04 8:3 p.m.64 views

Conspiracy Theories around the "Presidential Alert"

Noted conspiracy theorist John McAfee tweeted: The "Presidential alerts": they are capable of accessing the E911 chip in your phones -- giving them full access to your location, microphone, camera and every function of your phone. This not a rant, this is from me, still one of the leading...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/04 4:30 p.m.52 views

Chinese Supply Chain Hardware Attack

Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China. I've written about alternate link this threat more generally. Supply-chain security is an insurmountably hard problem. Our IT industry is inexorably international, and...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/04 11:32 a.m.33 views

Helen Nissenbaum on Data Privacy and Consent

This is a fantastic Q with Cornell Tech Professor Helen Nissenbaum on data privacy and why it's wrong to focus on consent. I'm not going to pull a quote, because you should read the whole thing...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/03 8:24 p.m.59 views

The Effects of GDPR's 72-Hour Notification Rule

The EU's GDPR regulation requires companies to report a breach within 72 hours. Alex Stamos, former Facebook CISO now at Stanford University, points out how this can be a problem: Interesting impact of the GDPR 72-hour deadline: companies announcing breaches before investigations are complete. 1...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/03 12:11 p.m.28 views

Terahertz Millimeter-Wave Scanners

Interesting article on terahertz millimeter-wave scanners and their uses to detect terrorist bombers. The heart of the device is a block of electronics about the size of a 1990s tower personal computer. It comes housed in a musician's black case, akin to the one Spinal Tap might use on tour. At t...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/02 8:9 p.m.63 views

Sophisticated Voice Phishing Scams

Brian Krebs is reporting on some new and sophisticated phishing scams over the telephone. I second his advice: "never give out any information about yourself in response to an unsolicited phone call." Always call them back, and not using the number offered to you by the caller. Always. EDITED TO...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/02 10:53 a.m.25 views

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

From Kashmir Hill: Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn't hand over at all, but that was collected from other...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/10/01 11:22 a.m.31 views

More on the Five Eyes Statement on Encryption and Backdoors

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. Short summary: they like them. One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/28 9:11 p.m.48 views

Friday Squid Blogging: Squid Protein Used in Variable Thermal Conductivity Material

This is really neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/28 6:19 p.m.33 views

Major Tech Companies Finally Endorse Federal Privacy Regulation

The major tech companies, scared that states like California might impose actual privacy regulations, have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. I'm sure they'll still do all they can to...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/28 11:24 a.m.17 views

Yet Another IoT Cybersecurity Document

This one is from NIST: "Considerations for Managing Internet of Things IoT Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/27 12:43 p.m.26 views

Counting People Through a Wall with WiFi

Interesting research: In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose receiv...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/25 11:50 a.m.40 views

Evidence for the Security of PKCS #1 Digital Signatures

This is interesting research: "On the Security of the PKCS1 v1.5 Signature Scheme": Abstract: The RSA PKCS1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/24 11:52 a.m.27 views

New Variants of Cold-Boot Attack

If someone has physical access to your locked -- but still running -- computer, they can probably break the hard drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/21 9:14 p.m.44 views

Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction

On James Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/21 7:14 p.m.63 views

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms li...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/21 11:37 a.m.33 views

AES Resulted in a $250-Billion Economic Benefit

NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I d...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/20 11:45 a.m.31 views

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't thin...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/19 10:19 a.m.50 views

Pegasus Spyware Used in 45 Countries

Citizen Lab has published a new report about the Pegasus spyware. From a ZDNet article: The malware, known as Pegasus or Trident, was created by Israeli cyber-security firm NSO Group and has been around for at least three years -- when it was first detailed in a report over the summer of 2016. Th...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/18 11:11 a.m.24 views

Public Shaming of Companies for Bad Security

Troy Hunt makes some good points, with good examples...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/17 11:12 a.m.32 views

NSA Attacks Against Virtual Private Networks

A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems." It's...

2.9AI score
Exploits0
Total number of security vulnerabilities2979