Schneier on Security

Dark Web Hosting Provider Hacked

Schneier on Security - Wed, 04/01/2020 - 7:53am
Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up.... Bruce Schneier
Categories: Schneier on Security

Clarifying the Computer Fraud and Abuse Act

Schneier on Security - Tue, 03/31/2020 - 8:51am
A federal court has ruled that violating a website's tems of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried... Bruce Schneier
Categories: Schneier on Security

Privacy vs. Surveillance in the Age of COVID-19

Schneier on Security - Mon, 03/30/2020 - 7:32am
The trade-offs are changing: As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus ­ even as... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Can Edit Their Own Genome

Schneier on Security - Fri, 03/27/2020 - 5:28pm
Amazing: Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon -- the long, slender neural projections that transmit electrical impulses to other neurons. This is the first time that edits to genetic information have been observed outside... Bruce Schneier
Categories: Schneier on Security

Story of Gus Weiss

Schneier on Security - Fri, 03/27/2020 - 7:03am
This is a long and fascinating article about Gus Weiss, who masterminded a long campaign to feed technical disinformation to the Soviet Union, which may or may not have caused a massive pipeline explosion somewhere in Siberia in the 1980s, if in fact there even was a massive pipeline explosion somewhere in Siberia in the 1980s. Lots of information about... Bruce Schneier
Categories: Schneier on Security

On Cyber Warranties

Schneier on Security - Thu, 03/26/2020 - 7:27am
Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof's "market for lemons") or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome the market for lemons. Our preliminary analysis suggests the majority of cyber warranties cover the cost of repairing the... Bruce Schneier
Categories: Schneier on Security

Facial Recognition for People Wearing Masks

Schneier on Security - Wed, 03/25/2020 - 7:33am
The Chinese facial recognition company Hanwang claims it can recognize people wearing masks: The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. [...] Counter-intuitively,... Bruce Schneier
Categories: Schneier on Security

Internet Voting in Puerto Rico

Schneier on Security - Tue, 03/24/2020 - 7:01am
Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on the voter's computer without the... Bruce Schneier
Categories: Schneier on Security

Hacking Voice Assistants with Ultrasonic Waves

Schneier on Security - Mon, 03/23/2020 - 7:19am
I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves: Voice assistants -- the demo targeted Siri, Google Assistant, and Bixby -- are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'. Ultimately, commands are just sound waves, which other researchers... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Orders Down in Italy

Schneier on Security - Fri, 03/20/2020 - 5:18pm
COVID-19 is depressing the demand for squid in Italy. The article is a week old, and already seems almost comically quaint. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Emergency Surveillance During COVID-19 Crisis

Schneier on Security - Fri, 03/20/2020 - 7:25am
Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries. With that in mind, the EFF has some good thinking on how to balance public safety... Bruce Schneier
Categories: Schneier on Security

Work-from-Home Security Advice

Schneier on Security - Thu, 03/19/2020 - 7:49am
SANS has made freely available its "Work-from-Home Awareness Kit." When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply... Bruce Schneier
Categories: Schneier on Security

The Insecurity of WordPress and Apache Struts

Schneier on Security - Wed, 03/18/2020 - 8:45am
Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a... Bruce Schneier
Categories: Schneier on Security

TSA Admits Liquid Ban Is Security Theater

Schneier on Security - Mon, 03/16/2020 - 10:31am
The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces. However, the agency cautioned that the shift could mean slightly longer waits at checkpoint because the containers may have to be screened separately when going through security.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: New Report on Squid Markets

Schneier on Security - Fri, 03/13/2020 - 5:02pm
This report costs $2,000. (Please don't buy it for me.) As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

The EARN-IT Act

Schneier on Security - Fri, 03/13/2020 - 7:20am
Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it's really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a "National Commission on Online Child Sexual Exploitation Prevention" tasked with developing "best practices" for owners of Internet platforms to "prevent,... Bruce Schneier
Categories: Schneier on Security

The Whisper Secret-Sharing App Exposed Locations

Schneier on Security - Thu, 03/12/2020 - 7:30am
This is a big deal: Whisper, the secret-sharing app that called itself the "safest place on the Internet," left years of users' most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed. [...] The records were viewable on a non-password-protected database open... Bruce Schneier
Categories: Schneier on Security

LA Covers Up Bad Cybersecurity

Schneier on Security - Wed, 03/11/2020 - 11:52am
This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor.... Bruce Schneier
Categories: Schneier on Security

CIA Dirty Laundry Aired

Schneier on Security - Tue, 03/10/2020 - 7:18am
Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA's security that it wasn't able to keep Schulte out, even accounting for the fact... Bruce Schneier
Categories: Schneier on Security

Cybersecurity Law Casebook

Schneier on Security - Mon, 03/09/2020 - 7:36am
Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this.... Bruce Schneier
Categories: Schneier on Security

Pages