Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
•added 2018/05/29 2:31 p.m.•22 views

Kidnapping Fraud

Fake kidnapping fraud: "Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they're being held...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/25 9:18 p.m.•10 views

Friday Squid Blogging: Squid Comic

It's not very good, but it has a squid in it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/25 6:57 p.m.•14 views

Security and Human Behavior (SHB 2018)

I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the roo...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/25 11:25 a.m.•116 views

Detecting Lies through Mouse Movements

Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/24 11:29 a.m.•33 views

Font Steganography

Interesting research in steganography at the font level...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/23 11:11 a.m.•29 views

Supermarket Shoplifting

The rise of self-checkout has caused a corresponding rise in shoplifting...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/22 2:38 p.m.•45 views

Another Spectre-Like CPU Vulnerability

Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called "Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown i...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/21 2:54 p.m.•42 views

Japan's Directorate for Signals Intelligence

The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/18 9:20 p.m.•82 views

Friday Squid Blogging: Flying Squid

Flying squid are real. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/18 11:20 a.m.•57 views

Maliciously Changing Someone's Address

Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later. The problem, of course, is that in the US there isn't any authentication of change-of-address submissions: According to the Postal Service, nearly 37 million...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/17 11:23 a.m.•30 views

White House Eliminates Cybersecurity Position

The White House has eliminated the cybersecurity coordinator position. This seems like a spectacularly bad idea...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/16 11:16 a.m.•22 views

Accessing Cell Phone Location Information

The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant: The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/15 11:13 a.m.•28 views

Sending Inaudible Commands to Voice Assistants

Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear t...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/14 6:36 p.m.•52 views

Details on a New PGP Vulnerability

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/14 2:33 p.m.•35 views

Critical PGP Vulnerability

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/11 9:17 p.m.•9 views

Friday Squid Blogging: How the Squid Lost Its Shell

Squids used to have shells. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/11 11:24 a.m.•34 views

Airline Ticket Fraud

New research: "Leaving on a jet plane: the trade in fraudulently obtained airline tickets:" Abstract: Every day, hundreds of people fly on airline tickets that have been obtained fraudulently. This crime script analysis provides an overview of the trade in these tickets, drawing on interviews wit...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/10 2:11 p.m.•42 views

Supply-Chain Security

Earlier this month, the Pentagon stopped selling phones made by the Chinese companies ZTE and Huawei on military bases because they might be used to spy on their users. It's a legitimate fear, and perhaps a prudent action. But it's just one instance of the much larger issue of securing our supply...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/09 2:42 p.m.•28 views

Virginia Beach Police Want Encrypted Radios

This article says that the Virginia Beach police are looking to buy encrypted radios. Virginia Beach police believe encryption will prevent criminals from listening to police communications. They said officer safety would increase and citizens would be better protected. Someone should ask them if...

3.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/08 2:7 p.m.•27 views

The US Is Unprepared for Election-Related Hacking in 2018

This survey and report is not surprising: The survey of nearly forty Republican and Democratic campaign operatives, administered through November and December 2017, revealed that American political campaign staff -- primarily working at the state and congressional levels -- are not only unprepare...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/07 2:32 p.m.•51 views

Ray Ozzie's Encryption Backdoor

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It's a weird article. It paints Ozzie's proposal as something that "attains the impossible" and "satisfies both law enforcement and privacy purists," when 1 it's bare...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/04 9:18 p.m.•38 views

Friday Squid Blogging: US Army Developing 3D-Printable Battlefield Robot Squid

The next major war will be super weird. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/04 11:19 a.m.•8 views

Detecting Laptop Tampering

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/03 11:42 a.m.•123 views

LC4: Another Pen-and-Paper Cipher

Interesting symmetric cipher: LC4: Abstract: ElsieFour LC4 is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/02 11:40 a.m.•18 views

NIST Issues Call for "Lightweight Cryptography" Algorithms

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will functio...

Exploits0
Schneier on Security
Schneier on Security
•added 2018/05/01 11:32 a.m.•15 views

IoT Inspector Tool from Princeton

Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post: Finding 3: Many IoT...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/30 11:2 a.m.•40 views

Security Vulnerabilities in VingCard Electronic Locks

Researchers have disclosed a massive vulnerability in the VingCard eletronic lock system, used in hotel rooms around the world: With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/27 9:37 p.m.•87 views

Friday Squid Blogging: Bizarre Contorted Squid

This bizarre contorted squid might be a new species, or a previously known species exhibiting a new behavior. No one knows. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/27 11:0 a.m.•66 views

TSB Bank Disaster

This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over t...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/26 11:5 a.m.•45 views

New NSA/Cyber Command Head Confirmed by Senate

It's Lt. Gen. Paul Nakasone. I know nothing about him...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/25 11:54 a.m.•44 views

Two NSA Algorithms Rejected by the ISO

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/24 7:9 p.m.•52 views

Baseball Code

Info on the coded signals used by the Colorado Rockies...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/24 11:4 a.m.•30 views

Computer Alarm that Triggers When Lid Is Opened

"Do Not Disturb" is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering. Wired article: Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/23 7:15 p.m.•38 views

Russia is Banning Telegram

Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses, many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/23 12:48 p.m.•31 views

Yet Another Biometric: Ear Shape

This acoustic technology identifies individuals by their ear shapes. No information about either false positives or false negatives...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/20 9:26 p.m.•80 views

Friday Squid Blogging: Squid Prices Rise as Catch Decreases

In Japan: Last year's haul sank 15% to 53,000 tons, according to the JF Zengyoren national federation of fishing cooperatives. The squid catch has fallen by half in just two years. The previous low was plumbed in 2016. Lighter catches have been blamed on changing sea temperatures, which impedes t...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/20 11:44 a.m.•21 views

Securing Elections

Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems ar...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/19 11:51 a.m.•50 views

Lifting a Fingerprint from a Photo

Police in the UK were able to read a fingerprint from a photo of a hand: Staff from the unit's specialist imaging team were able to enhance a picture of a hand holding a number of tablets, which was taken from a mobile phone, before fingerprint experts were able to positively identify that the ha...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/18 11:29 a.m.•35 views

Oblivious DNS

Interesting idea: ...we present Oblivious DNS ODNS, which is a new design of the DNS ecosystem that allows current DNS servers to remain unchanged and increases privacy for data in motion and at rest. In the ODNS system, both the client is modified with a local resolver, and there is a new...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/17 11:29 a.m.•23 views

Hijacking Emergency Sirens

Turns out it's easy to hijack emergency sirens with a radio transmitter...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/16 11:46 a.m.•17 views

The DMCA and its Chilling Effects on Research

The Center for Democracy and Technology has a good summary of the current state of the DMCA's chilling effects on security research. To underline the nature of chilling effects on hacking and security research, CDT has worked to describe how tinkerers, hackers, and security researchers of all typ...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/13 9:24 p.m.•43 views

Friday Squid Blogging: Eating Firefly Squid

In Tokama, Japan, you can watch the firefly squid catch and eat them in various ways: "It's great to eat hotaruika around when the seasons change, which is when people tend to get sick," said Ryoji Tanaka, an executive at the Toyama prefectural federation of fishing cooperatives. "In addition to...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/13 11:43 a.m.•29 views

COPPA Compliance

Interesting research: "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/12 11:36 a.m.•30 views

Cybersecurity Insurance

Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Companies like retailers, banks, and healthcare providers began seeking out cyberinsurance in the early 2000s, when states first passed data breach notification laws. But...

1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/11 11:33 a.m.•48 views

The Digital Security Exchange Is Live

Last year I wrote about the Digital Security Exchange. The project is live: The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/10 11:11 a.m.•23 views

DARPA Funding in AI-Assisted Cybersecurity

DARPA is launching a program aimed at vulnerability discovery via human-assisted AI. The new DARPA program is called CHESS Computers and Humans Exploring Software Security, and they're holding a proposers day in a week and a half. This is the kind of thing that can dramatically change the...

2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/09 11:30 a.m.•26 views

Obscure E-Mail Vulnerability

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so [email protected] is the same as [email protected] is the same as [email protected]. Note: I do not own any of those email addresse...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/06 8:59 p.m.•44 views

Friday Squid Blogging: Sake Decanters Made of Dried Squid

This is interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/04 1:3 p.m.•56 views

Subverting Backdoored Encryption

This is a really interesting research result. This paper proves that two parties can create a secure communications channel using a communications system with a backdoor. It's a theoretical result, so it doesn't talk about how easy that channel is to create. And the assumptions on the adversary a...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/04/03 11:22 a.m.•38 views

Public Hearing on IoT Risks

The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission CPSC, Commission, or we will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with...

7AI score
Exploits0
Total number of security vulnerabilities2979