Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2018/07/26 11:4 a.m.11 views

DARPA Wants Research into Resilient Anonymous Communications

DARPA is funding research into resilient anonymous communications systems...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/25 7:8 p.m.236 views

Major Bluetooth Vulnerability

Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with hig...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/25 11:29 a.m.39 views

On Financial Fraud

There are some good lessons in this article on financial fraud: That's how we got it so wrong. We were looking for incidental breaches of technical regulations, not systematic crime. And the thing is, that's normal. The nature of fraud is that it works outside your field of vision, subverting the...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/24 11:29 a.m.42 views

Nicholas Weaver on Cryptocurrencies

This is well-worth reading non-paywalled version. Here's the opening: Cryptocurrencies, although a seemingly interesting idea, are simply not fit for purpose. They do not work as currencies, they are grossly inefficient, and they are not meaningfully distributed in terms of trust. Risks involving...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/23 11:17 a.m.23 views

1Password's Travel Mode

The 1Password password manager has just introduced "travel mode," which allows you to delete your stored passwords when you're in other countries or crossing borders: Your vaults aren't just hidden; they're completely removed from your devices as long as Travel Mode is on. That includes every ite...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/20 9:34 p.m.39 views

Friday Squid Blogging: Dead Squid on Prince Edward Island

A beach on Prince Edward Island is littered with dead squid. No one knows why. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/20 11:38 a.m.19 views

New Report on Chinese Intelligence Cyber-Operations

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/19 11:17 a.m.47 views

Suing South Carolina Because Its Election Machines Are Insecure

A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote. Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/18 11:25 a.m.121 views

Defeating the iPhone Restricted Mode

Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/17 11:20 a.m.20 views

Installing a Credit Card Skimmer on a POS Terminal

Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/16 11:30 a.m.35 views

Reasonably Clever Extortion E-mail Based on Password Theft

Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail that ties the password to a porn site. The...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/13 11:18 a.m.29 views

Gas Pump Hack

This is weird: Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart th...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/12 9:3 p.m.50 views

Friday Squid Blogging: Antifungal Squid-Egg Coating

The Hawaiian bobtail squid coats its eggs with antifungal bacteria. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/12 11:11 a.m.25 views

WPA3

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data fr...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/11 11:8 a.m.22 views

Department of Commerce Report on the Botnet Threat

Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in workin...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/10 11:18 a.m.30 views

Recovering Keyboard Inputs through Thermal Imaging

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we huma...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/09 11:13 a.m.34 views

PROPagate Code Injection Seen in the Wild

Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/06 9:27 p.m.52 views

Friday Squid Blogging: Squid Unexpectedly Playing a Part in US/China Trade War

Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/06 2:16 p.m.49 views

The NSA's Domestic Surveillance Centers

The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/05 12:14 p.m.25 views

Beating Facial Recognition Software with Face Makeup

At least right now, facial recognition algorithms don't work with Juggalo makeup...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/03 3:24 p.m.63 views

California Passes New Privacy Law

The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot initiative was already going to be voted on in November, one...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/02 2:35 p.m.67 views

Traffic Analysis of the LTE Mobile Standard

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting. EDITED TO ADD 7/3: More information. I...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/29 9:5 p.m.43 views

Friday Squid Blogging: Fried Squid with Turmeric

Good-looking recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/29 2:44 p.m.58 views

Conservation of Threat

Here's some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into our laboratory and gave them a...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/28 11:29 a.m.28 views

Manipulative Social Media Practices

The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy. From the executive summary: Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to g...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/27 11:44 a.m.26 views

IEEE Statement on Strong Encryption vs. Backdoors

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms suc...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/26 2:38 p.m.22 views

Bypassing Passcodes in iOS

Last week, a story was going around explaining how to brute-force an iOS password. Basically, the trick was to plug the phone into an external keyboard and trying every PIN at once: We reported Friday on Hickey's findings, which claimed to be able to send all combinations of a user's possible...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/25 10:0 a.m.30 views

Secure Speculative Execution

We're starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems. Here's one. I don't know if this particular design secure. My guess is that we're going to see several iterations of design and attack before we settle on something...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/22 9:7 p.m.52 views

Friday Squid Blogging: Capturing the Giant Squid on Video

In this 2013 TED talk, oceanographer Edith Widder explains how her team captured the giant squid on video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/22 5:58 p.m.72 views

The Effects of Iran's Telegram Ban

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/22 10:52 a.m.29 views

Domain Name Stealing at Gunpoint

I missed this story when it came around last year: someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/21 12:9 p.m.25 views

Algeria Shut Down the Internet to Prevent Students from Cheating on Exams

Algeria shut the Internet down nationwide to prevent high-school students from cheating on their exams. The solution in New South Wales, Australia was to ban smartphones. EDITED TO ADD 6/22: Slashdot thread...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/20 11:51 a.m.30 views

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, bu...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/19 11:54 a.m.22 views

Are Free Societies at a Disadvantage in National Cybersecurity

Jack Goldsmith and Stuart Russell just published an interesting paper, making the case that free and democratic nations are at a structural disadvantage in nation-on-nation cyberattack and defense. From a blog post: It seeks to explain why the United States is struggling to deal with the "soft"...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/18 11:19 a.m.24 views

Ridiculously Insecure Smart Lock

Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that: 1. The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. 2. Any Tapplock account an unlock every lock. 3. You can open the lock...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/15 9:12 p.m.38 views

Friday Squid Blogging: Cephalopod Week on Science Friday

It's Cephalopod Week! "Three hearts, eight arms, can't lose." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/14 11:28 a.m.49 views

Thomas Dullien on Complexity and Security

For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/13 11:55 a.m.39 views

Russian Censorship of Telegram

Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/12 11:23 a.m.26 views

New iPhone OS May Include Device-Unlocking Security

iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not bee...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/11 11:19 a.m.59 views

Router Vulnerability and the VPNFilter Botnet

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming year...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/08 9:4 p.m.52 views

Friday Squid Blogging: Extinct Relatives of Squid

Interesting fossils. Note that a poster is available. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/08 11:48 a.m.22 views

New Data Privacy Regulations

When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the Internet. Right now, the only way we can force these companies to take our privacy more...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/07 10:56 a.m.20 views

An Example of Deterrence in Cyberspace

In 2016, the US was successfully deterred from attacking Russia in cyberspace because of fears of Russian capabilities against the US. I have two citations for this. The first is from the book Russian Roulette: The Inside Story of Putin's War on America and the Election of Donald Trump, by Michae...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/06 11:21 a.m.29 views

The Habituation of Security Warnings

We all know that it happens: when we see a security warning too often -- and without effect -- we start tuning it out. A new paper uses fMRI, eye tracking, and field studies to prove it. EDITED TO ADD 6/6: This blog post summarizes the findings...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/05 11:32 a.m.25 views

Regulating Bitcoin

Ross Anderson has a new paper on cryptocurrency exchanges. From his blog: Bitcoin Redux explains what's going wrong in the world of cryptocurrencies. The bitcoin exchanges are developing into a shadow banking system, which do not give their customers actual bitcoin but rather display a "balance"...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/04 11:33 a.m.41 views

E-Mail Vulnerabilities and Disclosure

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/01 9:24 p.m.30 views

Friday Squid Blogging: Do Cephalopods Contain Alien DNA?

Maybe not DNA, but biological somethings. "Cause of Cambrian explosion -- Terrestrial or Cosmic?": Abstract: We review the salient evidence consistent with or predicted by the Hoyle-Wickramasinghe H-W thesis of Cometary Cosmic Biology. Much of this physical and biological evidence is...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/01 4:14 p.m.41 views

Damaging Hard Drives with an Ultrasonic Attack

Playing a sound over the speakers can cause computers to crash and possibly even physically damage the hard drive. Academic paper...

3.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/31 6:23 p.m.60 views

1834: The First Cyberattack

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could ge...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/30 11:4 a.m.36 views

Numbers Stations

On numbers stations...

2.2AI score
Exploits0
Total number of security vulnerabilities2979