Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2017/08/15 11:0 a.m.34 views

Hacking a Gene Sequencer by Encoding Malware in a DNA Strand

One of the common ways to hack a computer is to mess with its input data. That is, if you can feed the computer data that it interprets -- or misinterprets -- in a particular way, you can trick the computer into doing things that it wasn't intended to do. This is basically what a buffer overflow...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/14 11:3 a.m.49 views

Bank Robbery Tactic

This video purports to be a bank robbery in Kiev. He first threatens a teller, who basically ignores him because she's behind bullet-proof glass. But then the robber threatens one of her co-workers, who is on his side of the glass. Interesting example of a security system failing for an unexpecte...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/11 9:24 p.m.119 views

Friday Squid Blogging: Squid Eyeballs

Details on how a squid's eye corrects for underwater distortion: Spherical lenses, like the squids', usually can't focus the incoming light to one point as it passes through the curved surface, which causes an unclear image. The only way to correct this is by bending each ray of light differently...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/11 7:34 p.m.87 views

I Seem to Have a LinkedIn Account

I seem to have a LinkedIn account. This comes as a surprise, since I don't have a LinkedIn account, and have never logged in to LinkedIn. Does anyone have any contacts into the company? I would like to report this fraudulent account, and possibly get control of it. I'm not on LinkedIn, but the be...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/11 11:31 a.m.53 views

Confusing Self-Driving Cars by Altering Road Signs

Researchers found that they could confuse the road sign detection algorithms of self-driving cars by adding stickers to the signs on the road. They could, for example, cause a car to think that a stop sign is a 45 mph speed limit sign. The changes are subtle, though -- look at the photo from the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/10 6:54 p.m.40 views

Turning an Amazon Echo into an Eavesdropping Device

For once, the real story isn't as bad as it seems. A researcher has figured out how to install malware onto an Echo that causes it to stream audio back to a remote controller, but: The technique requires gaining physical access to the target Echo, and it works only on devices sold before 2017. Bu...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/09 11:40 a.m.39 views

More on the Vulnerabilities Equities Process

Richard Ledgett -- a former Deputy Director of the NSA -- argues against the US government disclosing all vulnerabilities: Proponents argue that this would allow patches to be developed, which in turn would help ensure that networks are secure. On its face, this argument might seem to make sense ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/08 2:35 p.m.13 views

Uber Drivers Hacking the System to Cause Surge Pricing

Interesting story about Uber drivers who have figured out how to game the company's algorithms to cause surge pricing: According to the study. drivers manipulate Uber's algorithm by logging out of the app at the same time, making it think that there is a shortage of cars. ... The study said drive...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/07 11:0 a.m.99 views

Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Interesting story: The venture is built on Alex's talent for reverse engineering the algorithms -- known as pseudorandom number generators, or PRNGs -- that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money­insight...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/04 9:24 p.m.80 views

Friday Squid Blogging: Squid Fake News

I never imagined that there would be fake news about squid. That website lets you write your own stories. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/04 11:22 a.m.50 views

Penetrating a Casino's Network through an Internet-Connected Fish Tank

Attackers used a vulnerability in an Internet-connected fish tank to successfully penetrate a casino's network. BoingBoing post...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/03 11:29 a.m.30 views

Splitting the NSA and US Cyber Command

Rumor is that the Trump administration will separate the NSA and US Cyber Command. I have long thought this was a good idea. Here's a good discussion of what it does and doesn't mean...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/02 5:59 p.m.56 views

Voting Machine Security

Last week, DefCon hosted a "Voter Hacker Village" event. Every single voting machine there was easily hackable. Here are detailed details. There should be a summary report soon; I'll add it to this post when it's published...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/02 12:39 p.m.56 views

Detecting Stingrays

Researchers are developing technologies that can detect IMSI-catchers: those fake cell phone towers that can be used to surveil people in the area. This is good work, but it's unclear to me whether these devices can detect all the newer IMSI-catchers that are being sold to governments worldwide...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/01 11:0 a.m.72 views

NSA Collects MS Windows Error Information

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports: One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft's Windows. Every user of the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/01 10:47 a.m.63 views

Vulnerabilities in Car Washes

Articles about serious vulnerabilities in IoT devices and embedded systems are now dime-a-dozen. This one concerns Internet-connected car washes: A group of security researchers have found vulnerabilities in internet-connected drive-through car washes that would let hackers remotely hijack the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/31 5:19 p.m.47 views

Robot Safecracking

Robots can crack safes faster than humans -- and differently: So Seidle started looking for shortcuts. First he found that, like many safes, his SentrySafe had some tolerance for error. If the combination includes a 12, for instance, 11 or 13 would work, too. That simple convenience measure meant...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/31 10:59 a.m.61 views

Measuring Vulnerability Rediscovery

New paper: "Taking Stock: Estimating Vulnerability Rediscovery," by Trey Herr, Bruce Schneier, and Christopher Morris: Abstract: How often do multiple, independent, parties discover the same vulnerability? There are ample models of vulnerability discovery, but little academic work on this issue o...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/28 9:0 p.m.35 views

Friday Squid Blogging: Giant Squids Have Small Brains

New research: In this study, the optic lobe of a giant squid Architeuthis dux, male, mantle length 89 cm, which was caught by local fishermen off the northeastern coast of Taiwan, was scanned using high-resolution magnetic resonance imaging in order to examine its internal structure. It was evide...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/28 7:20 p.m.30 views

Me on Restaurant Surveillance Technology

I attended the National Restaurant Association exposition in Chicago earlier this year, and looked at all the ways modern restaurant IT is spying on people. But there's also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Interne...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/28 11:16 a.m.78 views

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

In April, the Shadow Brokers -- presumably Russia -- released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 -- based on timestamps of the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/27 11:14 a.m.15 views

Firing a Locked Smart Gun

The Armatix IP1 "smart gun" can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/26 11:6 a.m.56 views

Roombas will Spy on You

The company that sells the Roomba autonomous vacuum wants to sell the data about your home that it collects. Some questions: What happens if a Roomba user consents to the data collection and later sells his or her home -- especially furnished -- and now the buyers of the data have a map of a home...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/25 11:52 a.m.59 views

Alternatives to Government-Mandated Encryption Backdoors

Policy essay: "Encryption Substitutes," by Andrew Keane Woods: In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crim...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/24 11:39 a.m.31 views

US Army Researching Bot Swarms

The US Army Research Agency is funding research into autonomous bot swarms. From the announcement: The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of large heterogeneous teams of intelligent...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/21 9:33 p.m.76 views

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

It's the second in two months. Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/21 11:23 a.m.69 views

Hacking a Segway

The Segway has a mobile app. It is hackable: While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn't being used for authentication at every level of the...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/20 2:12 p.m.35 views

Ethereum Hacks

The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they're not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency -- in this case, digital wallets. This is the second Ethereum...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/19 3:35 p.m.50 views

Password Masking

Slashdot asks if password masking -- replacing password characters with asterisks as you type them -- is on the way out. I don't know if that's true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/18 11:38 a.m.49 views

Many of My E-Books for Cheap

Humble Bundle is selling a bunch of cybersecurity books very cheaply. You can get copies of Applied Cryptography, Secrets and Lies, and Cryptography Engineering -- and also Ross Anderson's Security Engineering, Adam Shostack's Threat Modeling, and many others. This is the cheapest you'll ever see...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/17 11:29 a.m.78 views

Australia Considering New Law Weakening Encryption

News from Australia: Under the law, internet companies would have the same obligations telephone companies do to help law enforcement agencies, Prime Minister Malcolm Turnbull said. Law enforcement agencies would need warrants to access the communications. "We've got a real problem in that the la...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/14 9:35 p.m.165 views

Friday Squid Blogging: Eyeball Collector Wants a Giant-Squid Eyeball

They're rare: The one Dubielzig really wants is an eye from a giant squid, which has the biggest eye of any living animal -- it's the size of a dinner plate. "But there are no intact specimens of giant squid eyes, only rotten specimens that have been beached," he says. As usual, you can also use...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/14 5:6 p.m.146 views

Book Review: Twitter and Tear Gas, by Zeynep Tufekci

There are two opposing models of how the Internet has changed protest movements. The first is that the Internet has made protesters mightier than ever. This comes from the successful revolutions in Tunisia 2010-11, Egypt 2011, and Ukraine 2013. The second is that it has made them more ineffectual...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/14 11:51 a.m.44 views

Forged Documents and Microsoft Fonts

A set of documents in Pakistan were detected as forgeries because their fonts were not in circulation at the time the documents were dated...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/13 11:6 a.m.58 views

Tomato-Plant Security

I have a soft spot for interesting biological security measures, especially by plants. I've used them as examples in several of my books. Here's a new one: when tomato plants are attacked by caterpillars, they release a chemical that turns the caterpillars on each other: It's common for...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/12 11:32 a.m.47 views

More on the NSA's Use of Traffic Shaping

"Traffic shaping" -- the practice of tricking data to flow through a particular route on the Internet so it can be more easily surveiled -- is an NSA technique that has gotten much less attention than it deserves. It's a powerful technique that allows an eavesdropper to get access to communicatio...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/11 1:22 p.m.30 views

Hacking Spotify

Some of the ways artists are hacking the music-streaming service Spotify...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/10 11:4 a.m.38 views

The Future of Forgeries

This article argues that AI technologies will make image, audio, and video forgeries much easier in the future. Combined, the trajectory of cheap, high-quality media forgeries is worrying. At the current pace of progress, it may be as little as two or three years before realistic audio forgeries...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/07 7:8 p.m.61 views

Friday Squid Blogging: Why It's Hard to Track the Squid Population

Counting squid is not easy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/07 6:1 p.m.58 views

An Assassin's Teapot

This teapot has two chambers. Liquid is released from one or the other depending on whether an air hole is covered. I want one...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/07 11:20 a.m.51 views

DNI Wants Research into Secure Multiparty Computation

The Intelligence Advanced Research Projects Activity IARPA is soliciting proposals for research projects in secure multiparty computation: Specifically of interest is computing on data belonging to different -- potentially mutually distrusting -- parties, which are unwilling or unable e.g., due t...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/06 11:27 a.m.45 views

Now It's Easier than Ever to Steal Someone's Keys

The website key.me will make a duplicate key from a digital photo. If a friend or coworker leaves their keys unattended for a few seconds, you know what to do...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/05 5:48 p.m.42 views

Dubai Deploying Autonomous Robotic Police Cars

It's hard to tell how much of this story is real and how much is aspirational, but it really is only a matter of time: About the size of a child's electric toy car, the driverless vehicles will patrol different areas of the city to boost security and hunt for unusual activity, all the while...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/05 11:58 a.m.38 views

Commentary on US Election Security

Good commentaries from Ed Felten and Matt Blaze. Both make a point that I have also been saying: hacks can undermine the legitimacy of an election, even if there is no actual voter or vote manipulation. Felten: The second lesson is that we should be paying more attention to attacks that aim to...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/04 8:40 p.m.75 views

GoldenEye Malware

I don't have anything to say -- mostly because I'm otherwise busy -- about the malware known as GoldenEye, NotPetya, or ExPetr. But I wanted a post to park links. Please add any good relevant links in the comments...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/03 11:1 a.m.64 views

A Man-in-the-Middle Attack against a Password Reset System

This is nice work: "The Password Reset MitM Attack," by Nethanel Gelerntor, Senia Kalma, Bar Magnezi, and Hen Porcilan: Abstract: We present the password reset MitM PRMitM attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/30 9:22 p.m.74 views

Friday Squid Blogging: Food Supplier Passes Squid Off as Octopus

According to a lawsuit main article behind paywall, "a Miami-based food vendor and its supplier have been misrepresenting their squid as octopus in an effort to boost profits." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read m...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/30 7:13 p.m.87 views

Details from the 2017 Workshop on Economics and Information Security

The 16th Workshop on Economics and Information Security was this week. Ross Anderson liveblogged the talks...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/30 11:5 a.m.42 views

Good Article About Google's Project Zero

Fortune magazine just published a good article about Google's Project Zero, which finds and publishes exploits in other companies' software products. I have mixed feeling about it. The project does great work, and the Internet has benefited enormously from these efforts. But as long as it is...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/29 5:40 p.m.35 views

The Women of Bletchley Park

Really good article about the women who worked at Bletchley Park during World War II, breaking German Enigma-encrypted messages...

7.1AI score
Exploits0
Total number of security vulnerabilities2979