Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2017/10/09 11:10 a.m.58 views

White House Chief of Staff John Kelly's Cell Phone was Tapped

Politico reports that White House Chief of Staff John Kelly's cell phone was compromised back in December. I know this is news because of who he is, but I hope every major government official of any country assumes that their commercial off-the-shelf cell phone is compromised. Even allies spy on...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/06 9:21 p.m.124 views

Friday Squid Blogging: Baby Ichthyosaurus Fed on Squid

New discovery: paper and article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/06 1:6 p.m.57 views

Yet Another Russian Hack of the NSA -- This Time with Kaspersky's Help

The Wall Street Journal has a bombshell of a story. Yet another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersk...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/05 8:22 p.m.49 views

Replacing Social Security Numbers

In the wake of the Equifax break, I've heard calls to replace Social Security numbers. Steve Bellovin explains why this is hard...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/04 1:8 p.m.46 views

HP Shared ArcSight Source Code with Russians

Reuters is reporting that HP Enterprise gave the Russians a copy of the ArcSight source code. The article highlights that ArcSight is used by the Pentagon to protect classified networks, but the security risks are much broader. Any weaknesses the Russians discover could be used against any ArcSig...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/03 11:45 a.m.45 views

E-Mail Tracking

Interesting survey paper: on the privacy implications of e-mail tracking: Abstract: We show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/02 10:38 a.m.45 views

Remote Malware Attacks on ATMs

This report discusses the new trend of remote malware attacks against ATMs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/29 9:27 p.m.34 views

Friday Squid Blogging: Squid Empire Is a New Book

Regularly I receive mail from people wanting to advertise on, write for, or sponsor posts on my blog. My rule is that I say no to everyone. There is no amount of money or free stuff that will get me to write about your security product or service. With regard to squid, however, I have no such...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/29 11:13 a.m.38 views

Deloitte Hacked

The large accountancy firm Deloitte was hacked, losing client e-mails and files. The hackers had access inside the company's networks for months. Deloitte is doing its best to downplay the severity of this hack, but Brian Krebs reports that the hack "involves the compromise of all administrator...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/28 7:21 p.m.11 views

New Internet Explorer Bug

There's a newly discovered bug in Internet Explorer that allows any currently visited website to learn the contents of the address bar when the user hits enter. This feels important; the site I am at now has no business knowing where I go next...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/28 12:43 p.m.14 views

Department of Homeland Security to Collect Social Media of Immigrants and Citizens

New rules give the DHS permission to collect "social media handles, aliases, associated identifiable information, and search results" as part of people's immigration file. The Federal Register has the details, which seems to also include US citizens that communicate with immigrants. This is part ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/26 12:57 p.m.176 views

The Data Tinder Collects, Saves, and Uses

Under European law, service providers like Tinder are required to show users what information they have on them when requested. This author requested, and this is what she received: Some 800 pages came back containing information such as my Facebook "likes," my photos from Instagram even after I...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/25 1:23 p.m.51 views

GPS Spoofing Attacks

Wired has a story about a possible GPS spoofing attack by Russia: After trawling through AIS data from recent years, evidence of spoofing becomes clear. Goward says GPS data has placed ships at three different airports and there have been other interesting anomalies. "We would find very large oil...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/22 9:7 p.m.185 views

Friday Squid Blogging: Using Squid Ink to Detect Gum Disease

A new dental imagery method, using squid ink, light, and ultrasound. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/22 11:21 a.m.59 views

Boston Red Sox Caught Using Technology to Steal Signs

The Boston Red Sox admitted to eavesdropping on the communications channel between catcher and pitcher. Stealing signs is believed to be particularly effective when there is a runner on second base who can both watch what hand signals the catcher is using to communicate with the pitcher and can...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/21 10:50 a.m.45 views

ISO Rejects NSA Encryption Algorithms

The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It's because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of t...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/20 11:12 a.m.66 views

What the NSA Collects via 702

New York Times reporter Charlie Savage writes about some bad statistics we're all using: Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about the volume of internet communications the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/19 11:44 a.m.64 views

Apple's FaceID

This is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the fact that the police can point the phone at...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/18 11:58 a.m.42 views

Bluetooth Vulnerabilities

A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensiv...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/15 7:53 p.m.382 views

Friday Squid Blogging: Another Giant Squid Caught off the Coast of Kerry

The Flannery family have caught four giant squid, two this year. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/15 11:28 a.m.27 views

Another iPhone Change to Frustrate the Police

I recently wrote about the new ability to disable the Touch ID login on iPhones. This is important because of a weirdness in current US law that protects people's passcodes from forced disclosure in ways it does not protect actions: being forced to place a thumb on a fingerprint reader. There's...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/14 11:17 a.m.22 views

Hacking Robots

Researchers have demonstrated hacks against robots, taking over and controlling their camera, speakers, and movements. News article...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/13 5:49 p.m.31 views

On the Equifax Data Breach

Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/13 11:3 a.m.64 views

Hacking Voice Assistant Systems with Inaudible Voice Commands

Turns out that all the major voice assistants -- Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa -- listen at audio frequencies the human ear can't hear. Hackers can hijack those systems with inaudible commands that their owners can't hear. News articles...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/12 11:12 a.m.24 views

Securing a Raspberry Pi

A Raspberry Pi is a tiny computer designed for makers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/11 11:12 a.m.53 views

A Hardware Privacy Monitor for iPhones

Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/08 9:11 p.m.87 views

Friday Squid Blogging: Make-Your-Own Squid Candy

It's Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/08 11:54 a.m.67 views

ShadowBrokers Releases NSA UNITEDRAKE Manual

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/07 11:5 a.m.48 views

Research on What Motivates ISIS -- and Other -- Fighters

Interesting research from Nature Human Behaviour: "The devoted actor's will to fight and the spiritual dimension of human conflict": Abstract: Frontline investigations with fighters against the Islamic State ISIL or ISIS, combined with multiple online studies, address willingness to fight and die...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/06 11:55 a.m.23 views

Security Vulnerabilities in AT&T Routers

They're actually Arris routers, sold or given away by AT&T.; There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don't know how many routers are affected, and estimates range from thousands to 138,000. Amo...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/05 8:23 p.m.110 views

Security Flaw in Estonian National ID Card

We have no idea how bad this really is: On 30 August, an international team of researchers informed the Estonian Information System Authority RIA of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/04 12:8 p.m.61 views

New Techniques in Fake Reviews

Research paper: "Automated Crowdturfing Attacks and Defenses in Online Review Systems." Abstract: Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers. In this paper, we identify a new...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/01 9:28 p.m.109 views

Friday Squid Blogging: Bioluminescent Squid

There's a beautiful picture of a tiny squid in this New York Times article on bioluminescence -- and a dramatic one of a vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/01 11:39 a.m.79 views

Russian Hacking Tools Codenamed WhiteBear Exposed

Kaspersky Labs exposed a highly sophisticated set of hacking tools from Russia called WhiteBear. From February to September 2016, WhiteBear activity was narrowly focused on embassies and consular operations around the world. All of these early WhiteBear targets were related to embassies and...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/31 11:52 a.m.41 views

Journalists Generally Do Not Use Secure Communication

This should come as no surprise: Alas, our findings suggest that secure communications haven't yet attracted mass adoption among journalists. We looked at 2,515 Washington journalists with permanent credentials to cover Congress, and we found only 2.5 percent of them solicit end-to-end encrypted...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/30 6:22 p.m.51 views

A Framework for Cyber Security Insurance

New paper: "Policy measures and cyber insurance: a framework," by Daniel Woods and Andrew Simpson, Journal of Cyber Policy, 2017. Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/30 11:37 a.m.33 views

Proof that HMAC-DRBG has No Back Doors

New research: "Verified Correctness and Security of mbedTLS HMAC-DRBG," by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG NIST 800-90A, and we have proved its...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/30 11:15 a.m.42 views

The NSA's 2014 Media Engagement and Outreach Plan

Interesting post-Snowden reading, just declassified. U External Communication will address at least one of "fresh look" narratives: 1. U NSA does not access everything. 2. U NSA does not collect indiscriminately on U.S. Persons and foreign nationals. 3. U NSA does not weaken encryption. 4. U NSA...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/29 11:38 a.m.40 views

Ross Anderson on the History of the Crypto Wars in the UK

Ross Anderson gave a talk on the history of the Crypto Wars in the UK. I am intimately familiar with the US story, but didn't know as much about Britain's verson. Hour-long video. Summary...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/28 11:22 a.m.44 views

Hacking a Phone Through a Replacement Touchscreen

Researchers demonstrated a really clever hack: they hid malware in a replacement smart phone screen. The idea is that you would naively bring your smart phone in for repair, and the repair shop would install this malicious screen without your knowledge. The malware is hidden in touchscreen...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/25 9:48 p.m.135 views

Friday Squid Blogging: Prehistoric Dolphins that Ate Squid

Paleontologists have discovered a prehistoric toothless dolphin that fed by vacuuming up squid: There actually are modern odontocetes that don't really use their teeth either. Male beaked whales, for example, usually have one pair of teeth that is only used to fight for females, whose teeth stay...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/25 11:34 a.m.60 views

Military Robots as a Nature Analog

This very interesting essay looks at the future of military robotics and finds many analogs in nature: Imagine a low-cost drone with the range of a Canada goose, a bird that can cover 1,500 miles in a single day at an average speed of 60 miles per hour. Planet Earth profiled a single flock of sno...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/24 11:30 a.m.51 views

Massive Government Data Leak in Sweden

Seems to be incompetence rather than malice, but a good example of the dangers of blindly trusting the cloud...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/23 11:41 a.m.43 views

Your Personal Bodycam

Shonin is a personal bodycam up on Kickstarter. There are a lot of complicated issues surrounding bodycams -- for example, it's obvious that police bodycams reduce violence -- but the one thing everyone is certain about is that they will proliferate. I'm not sure society is fully ready for the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/22 11:40 a.m.50 views

Insider Attack on Lottery Software

Eddie Tipton, a programmer for the Multi-State Lottery Association, secretly installed software that allowed him to predict jackpots. What's surprising to me is how many lotteries don't use real random number generators. What happened to picking golf balls out of wind-blown steel cages on...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/21 11:57 a.m.58 views

iOS 11 Allows Users to Disable Touch ID

A new feature in Apple's new iPhone operating system -- iOS 11 -- will allow users to quickly disable Touch ID. A new setting, designed to automate emergency services calls, lets iPhone users tap the power button quickly five times to call 911. This doesn't automatically dial the emergency servic...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/18 9:27 p.m.116 views

Friday Squid Blogging: Brittle Star Catches a Squid

Watch a brittle star catch a squid, and then lose it to another brittle star. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/18 7:14 p.m.119 views

More on My LinkedIn Account

I have successfully gotten the fake LinkedIn account in my name deleted. To prevent someone from doing this again, I signed up for LinkedIn. This is my first -- and only -- post on that account: My Only LinkedIn Post Yes, Really Welcome to my LinkedIn page. It looks empty because I'm never here. ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/18 11:40 a.m.49 views

Unfixable Automobile Computer Security Vulnerability

There is an unpatchable vulnerability that affects most modern cars. It's buried in the Controller Area Network CAN: Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/17 11:12 a.m.38 views

Do the Police Need a Search Warrant to Access Cell Phone Location Data?

The US Supreme Court is deciding a case that will establish whether the police need a warrant to access cell phone location data. This week I signed on to an amicus brief from a wide array of security technologists outlining the technical arguments as why the answer should be yes. Susan Landau...

6.9AI score
Exploits0
Total number of security vulnerabilities2979