Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
•added 2017/12/22 12:25 p.m.•15 views

Amazon's Door Lock Is Amazon's Bid to Control Your Home

Interesting essay about Amazon's smart lock: When you add Amazon Key to your door, something more sneaky also happens: Amazon takes over. You can leave your keys at home and unlock your door with the Amazon Key app -- but it's really built for Amazon deliveries. To share online access with family...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/21 12:49 p.m.•8 views

Security Vulnerability in Apple's HomeKit

The story of the recent vulnerability in Apple's HomeKit...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/20 12:10 p.m.•14 views

Details on the Mirai Botnet Authors

Brian Krebs has a long article on the Mirai botnet authors, who pled guilty...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/19 12:6 p.m.•9 views

GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability

Now this is good news. The UK's National Cyber Security Centre NCSC -- part of GCHQ -- found a serious vulnerability in Windows Defender their anti-virus component. Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/18 12:8 p.m.•9 views

Lessons Learned from the Estonian National ID Security Flaw

Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/15 10:21 p.m.•10 views

Friday Squid Blogging: Baby Sea Otters Prefer Shrimp to Squid

At least, this one does. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/15 12:18 p.m.•10 views

Tracking People Without GPS

Interesting research: The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/12/14 1:1 p.m.•14 views

Security Planner

Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/24 10:31 p.m.•53 views

Friday Squid Blogging: Fake Squid Seized in Cambodia

Falsely labeled squid snacks were seized in Cambodia. I don't know what food product it really was. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/23 6:31 p.m.•29 views

Mozilla's Guide to Privacy-Aware Christmas Shopping

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/22 2:54 p.m.•22 views

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

The security researchers at Princeton are posting You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, an...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/21 12:16 p.m.•34 views

Amazon Creates Classified US Cloud

Amazon has a cloud for US classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/20 12:19 p.m.•21 views

Vulnerability in Amazon Key

Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don't abuse their one-time access privilege. Cloud Cam has been hacked: But now security...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/17 11:4 p.m.•62 views

Friday Squid Blogging: Peru and Chile Address Squid Overfishing

Peru and Chile have a new plan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/17 12:2 p.m.•42 views

New White House Announcement on the Vulnerability Equities Process

The White House has released a new version of the Vulnerabilities Equities Process VEP. This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/16 12:53 p.m.•47 views

Motherboard Digital Security Guide

This digital security guide by Motherboard is very good. I put alongside EFF's "Surveillance Self-Defense" and John Scott-Railton's "Digital Security Low Hanging Fruit." There's also "Digital Security and Privacy for Human Rights Defenders." There are too many of these...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/15 12:54 p.m.•29 views

Apple FaceID Hacked

It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlockin...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/14 12:8 p.m.•47 views

Long Article on NSA and the Shadow Brokers

The New York Times just published a long article on the Shadow Brokers and their effects on NSA operations. Summary: it's been an operational disaster, the NSA still doesn't know who did it or how, and NSA morale has suffered considerably. This is me on the Shadow Brokers from last May...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/13 12:11 p.m.•42 views

Google's Data on Login Thefts

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/10 10:18 p.m.•59 views

Friday Squid Blogging: Squid Season May Start Earlier Next Year

Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/10 12:6 p.m.•35 views

New Research in Invisible Inks

It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly if only you could see them in the data-encryption/decryption arena lately.... But some of the materials are costly or difficult to prepare, and many of these inks remain...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/09 8:45 p.m.•38 views

Hacking a Fingerprint Biometric

Embedded in this story about infidelity and a mid-flight altercation, there's an interesting security tidbit: The woman had unlocked her husband's phone using his thumb impression when he was sleeping...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/09 12:23 p.m.•35 views

Facebook Fingerprinting Photos to Prevent Revenge Porn

This is a pilot project in Australia: Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner or ex-partner might distribute them without their consent can use Messenger to send the images to be "hashed." This means that the company converts the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/08 12:33 p.m.•52 views

Me on the Equifax Breach

Testimony and Statement for the Record of Bruce Schneier Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet and Society at Harvard Law School Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerc...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/07 12:37 p.m.•51 views

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

There's a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company's or realty agent's email account, track upcoming...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/06 12:12 p.m.•36 views

Daphne Caruana Galizia's Murder and the Security of WhatsApp

Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/03 9:12 p.m.•66 views

Friday Squid Blogging: Squid Product Recall

Lidl is recalling two of its packaged squid products because of the presence of struvite salt crystals. The danger is unclear. The article says that struvite crystals "may be mistaken as glass fragments," which isn't actually dangerous. It also says: "As these salt crystals may cause injury, the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/03 11:35 a.m.•55 views

Fraud Detection in PokƩmon Go

I play PokƩmon Go. There, I've admitted it. One of the interesting aspects of the game I've been watching is how the game's publisher, Niantic, deals with cheaters. There are three basic types of cheating in PokƩmon Go. The first is botting, where a computer plays the game instead of a person. Th...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/11/02 10:1 a.m.•41 views

Heart Size: Yet Another Biometric

Turns out that heart size doesn't change throughout your adult life, and you can use low-level Doppler radar to scan the size -- even at a distance -- as a biometric. Research paper to be available soon...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/31 3:29 p.m.•36 views

Attack on Old ANSI Random Number Generator

Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here's the research paper, the website -- complete with cute logo -- for the attack, and Matthew...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/30 5:23 p.m.•34 views

Google Login Security for High-Risk Users

Google has a new login service for high-risk users. It's good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into yo...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/27 9:28 p.m.•59 views

Friday Squid Blogging: Steel Mesh Giant Squid Used as Artificial Reef

Researchers in the British Virgin Islands have sunk a giant squid made out of steel mesh to serve as an artificial reef. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/27 7:45 p.m.•18 views

FBI Increases Its Anti-Encryption Rhetoric

Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law -- or something like that. The EFF's Kurt Opsahl takes it apart pretty thoroughly. Last week, FBI Director Christopher Wray said much the same thing. This is an ide...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/26 10:9 a.m.•42 views

The Science of Interrogation

Fascinating article about two psychologists who are studying interrogation techniques. Now, two British researchers are quietly revolutionising the study and practice of interrogation. Earlier this year, in a meeting room at the University of Liverpool, I watched a video of the Diola interview...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/25 11:7 a.m.•33 views

CSE Releases Malware Analysis Tool

The Communications Security Establishment of Canada -- basically, Canada's version of the NSA -- has released a suite of malware analysis tools: Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/24 11:1 a.m.•36 views

Reaper Botnet

It's based on the Mirai code, but much more virulent: While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/23 11:16 a.m.•37 views

Hacking Back

Hacking back is a terrible idea that just will not die. Josephine Wolff takes apart the new hacking back bill that was introduced in the House recently...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/20 9:24 p.m.•60 views

Friday Squid Blogging: "How the Squid Lost Its Shell"

Interesting essay by Danna Staaf, the author of Squid Empire. I mentioned the book two weeks ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/20 7:46 p.m.•14 views

Wondermark on Security

Another comic...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/20 2:17 p.m.•24 views

Denuvo DRM Cracked within a Day of Release

Denuvo is probably the best digital-rights management system, used to protect computer games. It's regularly cracked within a day. If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers. But that...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/19 2:18 p.m.•19 views

Security Flaws in Children's Smart Watches

The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children. Press release. News article. This is the same group that found all those security and privacy vulnerabilities in smart dolls. EDITED TO ADD 10/21: Slashdot...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/18 2:58 p.m.•20 views

IoT Cybersecurity: What's Plan B?

In August, four US Senators introduced a bill designed to improve Internet of Things IoT security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn't regulate the IoT market. It doesn't single out any industries for particular attention, or force any...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/17 2:24 p.m.•34 views

Security Flaw in Infineon Smart Cards and TPMs

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith's attack: While all keys generated with the library are much weaker than they...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/16 1:39 p.m.•20 views

New KRACK Attack Against Wi-Fi Encryption

Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This ...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/13 9:26 p.m.•82 views

Friday Squid Blogging: International Squid Awareness Day

It's International Cephalopod Awareness Days this week, and Tuesday was Squid Day. I can't believe I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/13 7:13 p.m.•74 views

My Blogging

Blog regulars will notice that I haven't been posting as much lately as I have in the past. There are two reasons. One, it feels harder to find things to write about. So often it's the same stories over and over. I don't like repeating myself. Two, I am busy writing a book. The title is still:...

7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/13 11:57 a.m.•71 views

Technology to Out Sex Workers

Two related stories: PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names. Facebook somehow managed to link a sex worker's clients unde...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/12 11:43 a.m.•27 views

Impersonating iOS Password Prompts

This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/11 7:54 p.m.•42 views

More on Kaspersky and the Stolen NSA Attack Tools

Both the New York Times and the Washington Post are reporting that Israel has penetrated Kaspersky's network and detected the Russian operation. From the New York Times: Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russia...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
•added 2017/10/10 11:19 a.m.•52 views

Changes in Password Best Practices

NIST recently published its four-volume SP800-63b Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: 1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because...

7.2AI score
Exploits0
Total number of security vulnerabilities2979