Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2018/09/14 9:13 p.m.59 views

Friday Squid Blogging: Dissecting a Giant Squid

Lessons learned. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/14 7:14 p.m.76 views

Click Here to Kill Everybody Reviews and Press Mentions

It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin. I've also done a bunch of interviews -- either written or radio/podca...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/14 11:15 a.m.18 views

Quantum Computing and Cryptography

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/13 2:8 p.m.64 views

Security Risks of Government Hacking

Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vulnerability disclosure Cultivation of a market...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/12 11:19 a.m.25 views

Security Vulnerability in Smart Electric Outlets

A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register: The bug underscores the primary risk posed by IoT devices and connected appliances. Because...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/11 11:25 a.m.29 views

Using Hacked IoT Devices to Disrupt the Power Grid

This is really interesting research: "BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid": Abstract: We demonstrate that an Internet of Things IoT botnet of high wattage devices -- such as air conditioners and heaters -- gives a unique ability to adversaries to launch...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/07 9:13 p.m.98 views

Friday Squid Blogging: 100-kg Squid Caught Off the Coast of Madeira

News. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/07 7:22 p.m.86 views

Reddit AMA

I did a Reddit AMA on Thursday, September 6...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/06 11:41 a.m.22 views

Five-Eyes Intelligence Services Choose Surveillance Over Security

The Five Eyes -- the intelligence consortium of the rich English-speaking countries the US, Canada, the UK, Australia, and New Zealand -- have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone's needs for securi...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/05 11:5 a.m.31 views

Using a Smartphone's Microphone and Speakers to Eavesdrop on Passwords

It's amazing that this is even possible: "SonarSnoop: Active Acoustic Side-Channel Attacks": Abstract: We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a sma...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/04 11:20 a.m.31 views

New Book Announcement: Click Here to Kill Everybody

I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security. I argue that this changes everything about security. Attac...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/31 9:8 p.m.46 views

Friday Squid Blogging: Giant Squid Washes up on Wellington Beach

Another giant squid washed up on a beach, this time in Wellington, New Zealand. Is this a global trend? As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/31 7:6 p.m.58 views

I'm Doing a Reddit AMA

On Thursday, September 6, starting at 10:00 am CDT, I'll be doing a Reddit "Ask Me Anything" in association with the Ford Foundation. It's about my new book, but -- of course -- you can ask me anything. No promises that I will answer everything...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/31 6:37 p.m.57 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving a book talk on Click Here to Kill Everybody at the Ford Foundation in New York City, on September 5, 2018. The Aspen Institute's Cybersecurity & Technology Program is holding a book launch for Click Here to Kill Everybod...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/31 11:29 a.m.62 views

Eavesdropping on Computer Screens through the Webcam Mic

Yet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/30 11:34 a.m.23 views

Cheating in Bird Racing

I've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved training the pigeons to believe they had tw...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/29 1:10 p.m.16 views

CIA Network Exposed through Insecure Communications System

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/28 11:49 a.m.31 views

NotPetya

Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk. BoingBoing post...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/27 11:16 a.m.26 views

Future Cyberwar

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling. It doesn't just map cyber onto today's tactics, but completely reimagines future tactics that include a cyber component quote starts on pag...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/24 8:37 p.m.53 views

Friday Squid Blogging: Clubhook Squid Washes Up on Oregon Beach

This seems to have happened twice in two weeks. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/23 10:54 a.m.23 views

John Mueller and Mark Stewart on the Risks of Terrorism

Another excellent paper by the Mueller/Stewart team: "Terrorism and Bathtubs: Comparing and Assessing the Risks": Abstract: The likelihood that anyone outside a war zone will be killed by an Islamist extremist terrorist is extremely small. In the United States, for example, some six people have...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/22 10:51 a.m.42 views

Good Primer on Two-Factor Authentication Security

Stuart Schechter published a good primer on the security issues surrounding two-factor authentication. While it's often an important security measure, it's not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/21 10:58 a.m.27 views

"Two Stage" BMW Theft Attempt

Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disable...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/20 1:7 p.m.19 views

James Mickens on the Current State of Computer Security

James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security -- racism, sexism, etc. -- and the problems with machine learning and the Internet. Worth watching...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/17 11:6 p.m.43 views

Friday Squid Blogging: Firefly Squid Museum

The Hotaruika Museum is a museum devoted to firefly squid in Toyama, Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/17 10:26 a.m.33 views

New Ways to Track Internet Browsing

Interesting research on web tracking: "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies: Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/16 4:43 p.m.54 views

Speculation Attack Against Intel's SGX

Another speculative-execution attack against Intel's SGX. At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/15 11:4 a.m.29 views

Hacking Police Bodycams

Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/14 11:22 a.m.39 views

Google Tracks its Users Even if They Opt-Out of Tracking

Google is tracking you, even if you turn off tracking: Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." Tha...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/13 9:2 p.m.59 views

Identifying Programmers by their Coding Style

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/10 9:16 p.m.56 views

Friday Squid Blogging: New Tool for Grabbing Squid and other Fragile Sea Creatures

Interesting video of a robot grabber that's delicate enough to capture squid and even jellyfish in the ocean. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/10 5:36 p.m.61 views

xkcd on Voting Computers

Funny and true...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/10 11:10 a.m.25 views

Don't Fear the TSA Cutting Airport Security. Be Glad That They're Talking about It.

Last week, CNN reported that the Transportation Security Administration is considering eliminating security at U.S. airports that fly only smaller planes -- 60 seats or fewer. Passengers connecting to larger planes would clear security at their destinations. To be clear, the TSA has put forth no...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/09 11:17 a.m.51 views

Detecting Phishing Sites with Machine Learning

Really interesting article: A trained eye or even a not-so-trained one can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io, that allow humans to specifically search through the massive pile of certificate log entries for sites...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/08 2:37 p.m.64 views

SpiderOak's Warrant Canary Died

BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear i...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/07 11:40 a.m.13 views

Measuring the Rationality of Security Decisions

Interesting research: "Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions": Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/06 10:57 a.m.29 views

Hacking the McDonald's Monopoly Sweepstakes

Long and interesting story -- now two decades old -- of massive fraud perpetrated against the McDonald's Monopoly sweepstakes. The central fraudster was the person in charge of securing the winning tickets...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/03 9:15 p.m.46 views

Friday Squid Blogging: Calamari Squid Catching Prey

The calamari squid grabs prey three feet away with its fast tentacles. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/03 7:10 p.m.61 views

Three of My Books Are Available in DRM-Free E-Book Format

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/03 11:21 a.m.25 views

How the US Military Can Better Keep Hackers

Interesting commentary: The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military need...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/02 11:14 a.m.20 views

Using In-Game Purchases to Launder Money

Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/01 7:7 p.m.54 views

GCHQ on Quantum Key Distribution

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services such as verifying identities and data integrity, establishing network sessions, providing access contro...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/01 11:22 a.m.22 views

Backdoors in Cisco Routers

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year...

4.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/31 11:40 a.m.40 views

Hacking a Robot Vacuum

The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/30 5:8 p.m.64 views

The Poor Cybersecurity of US Space Assets

Good policy paper summary here on the threats, current state, and potential policy solutions for the poor security of US space systems...

3.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/30 11:35 a.m.36 views

Identifying People by Metadata

Interesting research: "You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 9:12 p.m.12 views

Friday Squid Blogging: Squid Deception

This is a fantastic video of a squid attracting prey with a tentacle that looks like a smaller squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 5:10 p.m.8 views

New Report on Police Digital Forensics Techniques

According to a new CSIS report, "going dark" is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 11:12 a.m.9 views

Third Annual Cybercrime Conference

Ross Anderson liveblogged the Third Annual Cybercrime Conference...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/26 5:18 p.m.13 views

Google Employees Use a Physical Token as Their Second Authentication Factor

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account access at Google. "We have had no reported or confirmed account takeovers since implementing security key...

2.3AI score
Exploits0
Total number of security vulnerabilities2979