Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
•added 2018/02/08 5:55 p.m.•25 views

Water Utility Infected by Cryptocurrency Mining Software

A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I've seen it infect SCADA systems, though. It seems that this mining software is...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/02/07 12:19 p.m.•12 views

Cabinet of Secret Documents from Australia

This story of leaked Australian government secrets is unlike any other I've heard: It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/02/06 12:33 p.m.•11 views

Poor Security at the UK National Health Service

The Guardian is reporting that "every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required." This is the same NHS that was debilitated by WannaCry. EDITED TO ADD 2/13: More news. And don't think that US hospitals are much better...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/02/05 9:46 p.m.•8 views

Sensitive Super Bowl Security Documents Left on an Airplane

A CNN reporter found some sensitive -- but, technically, not classified -- documents about Super Bowl security in the front pocket of an airplane seat...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/02/02 10:36 p.m.•13 views

Friday Squid Blogging: Kraken Pie

Pretty, but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/02/02 12:38 p.m.•19 views

Signed Malware

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/02/01 12:23 p.m.•43 views

Jackpotting Attacks Against US ATMs

Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside. The Secret Service alert explains that the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/31 8:37 p.m.•51 views

Israeli Scientists Accidentally Reveal Classified Information

According to this story non-paywall English version here, Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/31 12:6 p.m.•45 views

After Section 702 Reauthorization

For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/30 12:26 p.m.•35 views

Subway Elevators and Movie-Plot Threats

Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awf...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/29 8:17 p.m.•34 views

Locating Secret Military Bases via Fitness Data

In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. New...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/29 12:18 p.m.•37 views

Estimating the Cost of Internet Insecurity

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples":...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/26 10:23 p.m.•98 views

Friday Squid Blogging: Squid that Mate, Die, and Then Sink

The mating and death characteristics of some squid are fascinating. Research paper. EDITED TO ADD 2/5: Additional info and photos. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/26 12:12 p.m.•41 views

The Effects of the Spectre and Meltdown Vulnerabilities

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/25 12:47 p.m.•42 views

WhatsApp Vulnerability

A new vulnerability in WhatsApp has been discovered: ...the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/24 11:28 a.m.•46 views

Detecting Drone Surveillance with Traffic Analysis

This is clever: Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They fir...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/23 12:41 p.m.•37 views

New Malware Hijacks Cryptocurrency Mining

This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/22 6:6 p.m.•24 views

Skygofree: New Government Malware for Android

Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/22 12:38 p.m.•31 views

Dark Caracal: Global Espionage Malware from Lebanon

The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/19 10:48 p.m.•57 views

Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated

The New Zealand home of the colossal squid exhibit is behind renovated. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/19 12:6 p.m.•112 views

Security Breaches Don't Affect Stock Price

Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/18 1:12 p.m.•47 views

Student Cracks Inca Knot Code

Interesting...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/17 12:23 p.m.•27 views

Article from a Former Chinese PLA General on Cyber Sovereignty

Interesting article by Major General Hao Yeli, Chinese People's Liberation Army ret., a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/16 12:58 p.m.•43 views

Jim Risen Writes about Reporting Government Secrets

Jim Risen writes a long and interesting article about his battles with the US government and the New York Times to report government secrets...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/15 12:43 p.m.•41 views

Fighting Ransomware

No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/12 10:12 p.m.•60 views

Friday Squid Blogging: Japanese "Dude Food" Includes Squid

This seems to be a trend. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/12 6:51 p.m.•23 views

XKCD's Smartphone Security System

Funny...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/12 12:29 p.m.•31 views

Facial Recognition Is Coming to Retail

Summary article...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/11 6:50 p.m.•25 views

Fingerprinting Digital Documents

In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/11 1:5 p.m.•31 views

Yet Another FBI Proposal for Insecure Communications

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/10 7:42 p.m.•22 views

Susan Landau's New Book: Listening In

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how la...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/10 1:27 p.m.•31 views

Cybersecurity and the 2017 US National Security Strategy

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/09 9:26 p.m.•17 views

Daniel Miessler on My Writings about IoT Security

Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything i...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/09 11:58 a.m.•38 views

NSA Morale

The Washington Post is reporting that poor morale at the NSA is causing a significant talent shortage. A November New York Times article said much the same thing. The articles point to many factors: the recent reorganization, low pay, and the various leaks. I have been saying for a while that the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/08 12:34 p.m.•41 views

Tourist Scams

A comprehensive list. Most are old and obvious, but there are some clever variants...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/05 10:42 p.m.•51 views

Friday Squid Blogging: How the Optic Lobe Controls Squid Camouflage

Experiments on the oval squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/05 8:22 p.m.•18 views

Spectre and Meltdown Attacks Against Microprocessors

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/05 6:45 p.m.•12 views

New Book Coming in September: "Click Here to Kill Everybody"

My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE. The table of contents has changed since I last blogged about this, and ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/05 3:0 p.m.•28 views

Detecting Adblocker Blockers

Interesting research on the prevalence of adblock blockers: "Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis": Abstract: Millions of people use adblockers to remove intrusive and malicious ads as well as protect themselves against tracking and pervasive surveillance...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/04 12:28 p.m.•51 views

Spectre and Meltdown Attacks

After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute cod...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/03 12:17 p.m.•34 views

Tamper-Detection App for Android

Edward Snowden and Nathan Freitas have created an Android app that detects when it's being tampered with. The basic idea is to put the app on a second phone and put the app on or near something important, like your laptop. The app can then text you -- and also record audio and video -- when...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/02 12:51 p.m.•35 views

Fake Santa Surveillance Camera

Reka makes a "decorative Santa cam," meaning that it's not a real camera. Instead, it just gets children used to being under constant surveillance. Our Santa Cam has a cute Father Christmas and mistletoe design, and a red, flashing LED light which will make the most logical kids suspend their...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2018/01/01 12:23 p.m.•34 views

Security Vulnerabilities in Star Wars

A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/29 10:23 p.m.•35 views

Friday Squid Blogging: Squid Populations Are Exploding

New research: "Global proliferation of cephalopods" Summary: Human activities have substantially changed the world's oceans in recent decades, altering marine food webs, habitats and biogeochemical processes. Cephalopods squid, cuttlefish and octopuses have a unique set of biological traits,...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/29 12:34 p.m.•35 views

Profile of Reality Winner

New York Magazine published an excellent profile of the single-document leaker Reality Winner...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/28 12:30 p.m.•54 views

The "Extended Random" Feature in the BSAFE Crypto Library

Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUALECPRNG random number generator to weaken TLS...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/27 12:28 p.m.•43 views

Post-Quantum Algorithms

NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. Details of the NIST efforts are here. A timeline for the new algorithms is here...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/26 3:34 p.m.•32 views

Acoustical Attacks against Hard Drives

Interesting destructive attack: "Acoustic Denial of Service Attacks on HDDs": Abstract: Among storage components, hard disk drives HDDs have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/25 12:11 p.m.•37 views

"Santa Claus is Coming to Town" Parody

Funny...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/22 10:5 p.m.•13 views

Friday Squid Blogging: Gonatus Squid Eating a Dragonfish

There's a video: Last July, Choy was on a ship off the shore of Monterey Bay, looking at the video footage transmitted by an ROV many feet below. A Gonatus squid was spotted sucking off the face of a "really huge dragonfish," she says. "It took a little while to figure out what's going on here,...

6.8AI score
Exploits0
Total number of security vulnerabilities2979