Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2017/06/29 11:51 a.m.19 views

Websites Grabbing User-Form Data Before It's Submitted

Websites are sending information prematurely: ...we discovered NaviStone's code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/28 5:56 p.m.18 views

Girl Scouts to Offer Merit Badges in Cybersecurity

The Girl Scouts are going to be offering 18 merit badges in cybersecurity, to scouts as young as five years old...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/28 10:35 a.m.21 views

CIA Exploits Against Wireless Routers

WikiLeaks has published CherryBlossom, the CIA's program to hack into wireless routers. The program is about a decade old. Four good news articles. Five. And a list of vulnerable routers...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/27 6:38 p.m.18 views

Article on the DAO Ethereum Hack

This is good...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/27 11:25 a.m.23 views

Fighting Leakers at Apple

Apple is fighting its own battle against leakers, using people and tactics from the NSA. According to the hour-long presentation, Apple's Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/26 5:30 p.m.23 views

Separating the Paranoid from the Hacked

Sad story of someone whose computer became owned by a griefer: The trouble began last year when he noticed strange things happening: files went missing from his computer; his Facebook picture was changed; and texts from his daughter didn't reach him or arrived changed. "Nobody believed me," says...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/26 11:59 a.m.27 views

The FAA Is Arguing for Security by Obscurity

In a proposed rule by the FAA, it argues that software in an Embraer S.A. Model ERJ 190-300 airplane is secure because it's proprietary: In addition, the operating systems for current airplane systems are usually and historically proprietary. Therefore, they are not as susceptible to corruption...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/23 9:23 p.m.15 views

Friday Squid Blogging: Injured Giant Squid Video

A paddleboarder had a run-in with an injured giant squid. Video. Here's the real story. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/23 6:57 p.m.22 views

The Secret Code of Beatrix Potter

Interesting: As codes go, Potter's wasn't inordinately complicated. As Wiltshire explains, it was a "mono-alphabetic substitution cipher code," in which each letter of the alphabet was replaced by a symbol­ -- the kind of thing they teach you in Cub Scouts. The real trouble was Potter's own fluen...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/23 11:26 a.m.16 views

Amazon Patents Measures to Prevent In-Store Comparison Shopping

Amazon has been issued a patent on security measures that prevents people from comparison shopping while in the store. It's not a particularly sophisticated patent -- it basically detects when you're using the in-store Wi-Fi to visit a competitor's site and then blocks access -- but it is an...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/22 10:52 a.m.13 views

NSA Insider Security Post-Snowden

According to a recently declassified report obtained under FOIA, the NSA's attempts to protect itself against insider attacks aren't going very well: The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/21 6:58 p.m.21 views

Is Continuing to Patch Windows XP a Mistake?

Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry. Is this a good idea? This 2014 essay argues that it's not: The zero-day...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/21 11:12 a.m.18 views

The Dangers of Secret Law

Last week, the Department of Justice released 18 new FISC opinions related to Section 702 as part of an EFF FOIA lawsuit. Of course, they don't mention EFF or the lawsuit. They make it sound as if it was their idea. There's probably a lot in these opinions. In one Kafkaesque ruling, a defendant w...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/20 11:21 a.m.20 views

Ceramic Knife Used in Israel Stabbing

I have no comment on the politics of this stabbing attack, and only note that the attacker used a ceramic knife -- that will go through metal detectors. I have used a ceramic knife in the kitchen. It's sharp. EDITED TO ADD 6/22: It looks like the knife had nothing to do with the attack discussed ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/19 11:44 a.m.19 views

New Technique to Hijack Social Media Accounts

Access Now has documented it being used against a Twitter user, but it also works against other social media accounts: With the Doubleswitch attack, a hijacker takes control of a victim's account through one of several attack vectors. People who have not enabled an app-based form of multifactor...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 9:14 p.m.17 views

Friday Squid Blogging: Squids from Space Video Game

An early preview. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 7:11 p.m.11 views

NSA Links WannaCry to North Korea

There's evidence: Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 11:42 a.m.29 views

Gaming Google News

Turns out that it's surprisingly easy to game: It appears that news sites deemed legitimate by Google News are being modified by third parties. These sites are then exploited to redirect to the spam content. It appears that the compromised sites are examining the referrer and redirecting visitors...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/15 11:52 a.m.20 views

Millennials and Secret Leaking

I hesitate to blog this, because it's an example of everything that's wrong with pop psychology. Malcolm Harris writes about millennials, and has a theory of why millennials leak secrets. My guess is that you could write a similar essay about every named generation, every age group, and so on...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/14 6:0 p.m.14 views

Data vs. Analysis in Counterterrorism

This article argues that Britain's counterterrorism problem isn't lack of data, it's lack of analysis...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/14 1:15 p.m.44 views

The grugq on Reality Winner, the Intercept, and OPSEC

Good commentary...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/13 11:21 a.m.18 views

Security Flaws in 4G VoLTE

Research paper: "Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone," by Patrick Ventuzelo, Olivier Le Moal, and Thomas Coudray. Abstract: VoLTE Voice over LTE is a technology implemented by many operators over the world. Unlike previous 2G/3G technologies, VoLTE...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/12 7:22 p.m.19 views

Chelsea Manning Profiled in New York Times Magazine

Interesting reading...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/12 2:6 p.m.31 views

Healthcare Industry Cybersecurity Report

New US government report: "Report on Improving Cybersecurity in the Health Care Industry." It's pretty scathing, but nothing in it will surprise regular readers of this blog. It's worth reading the executive summary, and then skimming the recommendations. Recommendations are in six areas. The Tas...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/09 9:25 p.m.17 views

Friday Squid Blogging: Sex Is Traumatic for the Female Dumpling Squid

The more they mate, the sooner they die. Academic paper paywall. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/09 3:24 p.m.24 views

NSA Document Outlining Russian Attempts to Hack Voter Rolls

This week brought new public evidence about Russian interference in the 2016 election. On Monday, the Intercept published a top-secret National Security Agency document describing Russian hacking attempts against the US election system. While the attacks seem more exploratory than operational ­--...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/08 12:15 p.m.17 views

Safety and Security and the Internet of Things

Ross Anderson blogged about his new paper on security and safety concerns about the Internet of Things. See also this short video. It's very much along the lines of what I've been writing...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/07 11:19 a.m.16 views

Surveillance Intermediaries

Interesting law-journal article: "Surveillance Intermediaries," by Alan Z. Rozenshtein. Abstract:Apple's 2016 fight against a court order commanding it to help the FBI unlock the iPhone of one of the San Bernardino terrorists exemplifies how central the question of regulating government...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/06 11:11 a.m.20 views

Spear Phishing Attacks

Really interesting research: "Unpacking Spear Phishing Susceptibility," by Zinaida Benenson, Freya Gassmann, and Robert Landwirth. Abstract: We report the results of a field experiment where we sent to over 1200 university students an email or a Facebook message with a link to non-existing party...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/05 11:16 a.m.22 views

CIA's Pandemic Toolkit

WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called "Pandemic": The Pandemic leak does not explain what the CIA's initial infection vector is, but does describe it as a persistent implant. "As the name suggests, a single computer on a local network wit...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/02 9:5 p.m.28 views

Friday Squid Blogging: Squid as Prey

There's lots of video of squid as undersea predators. This is one of the few instances of squid as prey from a deep submersible in the Pacific: "We saw brittle stars capturing a squid from the water column while it was swimming. I didn't know that was possible. And then there was a tussle among t...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/02 11:6 a.m.17 views

WannaCry and Vulnerabilities

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims' access to their computers...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/01 3:59 p.m.33 views

Passwords at the Border

The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesn't make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode that only gives you access to thos...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/31 11:31 a.m.45 views

Post-Quantum RSA

Interesting research on a version of RSA that is secure against a quantum computer: Post-quantum RSA Daniel J. Bernstein, Nadia Heninger, Paul Lou, and Luke Valenta Abstract: This paper proposes RSA parameters for which 1 key generation, encryption, decryption, signing, and verification are...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/30 5:47 p.m.26 views

Inmates Secretly Build and Network Computers while in Prison

This is kind of amazing: Inmates at a medium-security Ohio prison secretly assembled two functioning computers, hid them in the ceiling, and connected them to the Marion Correctional Institution's network. The hard drives were loaded with pornography, a Windows proxy server, VPN, VOIP and...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/30 11:8 a.m.41 views

Who Are the Shadow Brokers?

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of NSA secrets. Since last summer, they've been dumping these secrets on the Internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/29 3:22 p.m.26 views

Tainted Leaks

Last year, I wrote about the potential for doxers to alter documents before they leaked them. It was a theoretical threat when I wrote it, but now Citizen Lab has documented this technique in the wild: This report describes an extensive Russia-linked phishing and disinformation campaign. It...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/26 9:12 p.m.22 views

Friday Squid Blogging: Squid and Chips

The excellent Montreal chef Marc-Olivier Frappier, of Joe Beef fame, has created a squid and chips dish for Brit & Chips restaurant. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/26 7:13 p.m.29 views

Forbes Names Beyond Fear as One of the "13 Books Technology Executives Should Have On Their Shelves"

It's a weird list...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/26 5:50 p.m.25 views

Hacking the Galaxy S8's Iris Biometric

It was easy: The hackers took a medium range photo of their subject with a digital camera's night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/25 7:30 p.m.27 views

Security and Human Behavior (SHB 2017)

I'm in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myself. The 50 or so people in the room include...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/25 11:15 a.m.18 views

Ransomware and the Internet of Things

As devastating as the latest widespread ransomware attacks have been, it's a problem with a solution. If your copy of Windows is relatively current and you've kept it updated, your laptop is immune. It's only older unpatched systems on your computer that are vulnerable. Patching is how the comput...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/24 11:44 a.m.9 views

Hacking Fingerprint Readers with Master Prints

There's interesting research on using a set of "master" digital fingerprints to fool biometric readers. The work is theoretical at the moment, but they might be able to open about two-thirds of iPhones with these master prints. Definitely something to keep watching. Research paper behind a paywal...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/23 7:19 p.m.15 views

ICE is Using Stingray to Track Illegal Immigrants

According to court documents, US Immigration and Customs Enforcement is using Stingray cell-site simulators to track illegal immigrants...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/23 10:55 a.m.10 views

The Future of Ransomware

Ransomware isn't new, but it's increasingly popular and profitable. The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step-by-step instructions on how to pay,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/22 7:10 p.m.22 views

North Korean Cyberwar Capabilities

Reuters has an article on North Korea's cyberwar capabilities, specifically "Unit 180." They're still not in the same league as the US, UK, Russia, China, and Israel. But they're getting better...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/22 11:6 a.m.20 views

Extending the Airplane Laptop Ban

The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effectively allowing wealthier and more frequent...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 9:12 p.m.27 views

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

It's rare: Fishermen caught a 19-foot-long giant squid off the coast of Ireland on Monday, only the fifth to be seen there since 1673. Also the first in 22 years. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 7:5 p.m.31 views

NSA Abandons "About" Searches

Earlier this month, the NSA said that it would no longer conduct "about" searches of bulk communications data. This was the practice of collecting the communications of Americans based on keywords and phrases in the contents of the messages, not based on who they were from or to. The NSA's own...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/19 11:10 a.m.33 views

WannaCry Ransomware

Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware. It's a simple scam. Encrypt the victim's hard drive, then extract a fee to decrypt it. The scammers can't charge too much, because they want the victim to pay rather than give up on th...

6.8AI score
Exploits0
Total number of security vulnerabilities2979