Schneier on Security

Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance

Schneier on Security - Tue, 10/22/2019 - 11:12am
Coming out of the Privacy Commissioners' Conference in Albania, Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance. You can sign on as an individual or an organization. I did. You should as well. No, I don't think that countries will magically adopt this moratorium. But it's important for us all... Bruce Schneier
Categories: Schneier on Security

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security - Tue, 10/22/2019 - 6:56am
NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey respondents finds that present value of benefits from today's perspective is approximately... Bruce Schneier
Categories: Schneier on Security

Details of the Olympic Destroyer APT

Schneier on Security - Mon, 10/21/2019 - 7:23am
Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired's Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

Schneier on Security - Fri, 10/18/2019 - 5:11pm
It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Why Technologists Need to Get Involved in Public Policy

Schneier on Security - Fri, 10/18/2019 - 3:38pm
Last month, I gave a 15-minute talk in London titled: "Why technologists need to get involved in public policy." In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has pretty much everything I can find in this space. If I'm missing something, please let me know.) Boing Boing post.... Bruce Schneier
Categories: Schneier on Security

Adding a Hardware Backdoor to a Networked Computer

Schneier on Security - Fri, 10/18/2019 - 6:54am
Interesting proof of concept: At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip in enterprise IT equipment to... Bruce Schneier
Categories: Schneier on Security

Using Machine Learning to Detect IP Hijacking

Schneier on Security - Thu, 10/17/2019 - 7:08am
This is interesting research: In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is actually coming from the place it says it's coming from. [...]... Bruce Schneier
Categories: Schneier on Security

Cracking the Passwords of Early Internet Pioneers

Schneier on Security - Tue, 10/15/2019 - 11:38am
Lots of them weren't very good: BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on "wendy!!!" (the name of his wife); and Stuart... Bruce Schneier
Categories: Schneier on Security

Factoring 2048-bit Numbers Using 20 Million Qubits

Schneier on Security - Mon, 10/14/2019 - 7:58am
This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk. We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities. We... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Apple Fixes Squid Emoji

Schneier on Security - Fri, 10/11/2019 - 5:29pm
Apple fixed the squid emoji in iOS 13.1: A squid's siphon helps it move, breathe, and discharge waste, so having the siphon in back makes more sense than having it in front. Now, the poor squid emoji will look like it should, without a siphon on its front. As usual, you can also use this squid post to talk about... Bruce Schneier
Categories: Schneier on Security

I Have a New Book: We Have Root

Schneier on Security - Fri, 10/11/2019 - 3:34pm
I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. (The first two are Schneier on Security and Carry On.) There is nothing in this book is that is not available for free on my website; but if you'd like these essays in an easy-to-carry paperback book format, you can order... Bruce Schneier
Categories: Schneier on Security

Details on Uzbekistan Government Malware: SandCat

Schneier on Security - Fri, 10/11/2019 - 7:14am
Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group's lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky's antivirus software on machines it uses to write new malware, allowing Kaspersky to... Bruce Schneier
Categories: Schneier on Security

New Reductor Nation-State Malware Compromises TLS

Schneier on Security - Thu, 10/10/2019 - 2:49pm
Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates. The result is that the attacker can identify,... Bruce Schneier
Categories: Schneier on Security

Wi-Fi Hotspot Tracking

Schneier on Security - Thu, 10/10/2019 - 6:49am
Free Wi-Fi hotspots can track your location, even if you don't connect to them. This is because your phone or computer broadcasts a unique MAC address. What distinguishes location-based marketing hotspot providers like Zenreach and Euclid is that the personal information you enter in the captive portal­ -- like your email address, phone number, or social media profile­ -- can... Bruce Schneier
Categories: Schneier on Security

Cheating at Professional Poker

Schneier on Security - Wed, 10/09/2019 - 1:26pm
Interesting story about someone who is almost certainly cheating at professional poker. But then I start to see things that seem so obvious, but I wonder whether they aren't just paranoia after hours and hours of digging into the mystery. Like the fact that he starts wearing a hat that has a strange bulge around the brim -- one that... Bruce Schneier
Categories: Schneier on Security

Illegal Data Center Hidden in Former NATO Bunker

Schneier on Security - Wed, 10/09/2019 - 7:34am
Interesting: German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. [...] Thirteen people aged 20 to 59 are under investigation in all, including three German and seven Dutch citizens, Brauer said. Authorities arrested seven of them, citing... Bruce Schneier
Categories: Schneier on Security

Speakers Censored at AISA Conference in Melbourne

Schneier on Security - Tue, 10/08/2019 - 6:15pm
Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake, former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus, lecturer at the University of Melbourne, was scheduled to give a talk on her work -- funded by the... Bruce Schneier
Categories: Schneier on Security

New Unpatchable iPhone Exploit Allows Jailbreaking

Schneier on Security - Tue, 10/08/2019 - 6:24am
A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's phones. Some details: I wanted to learn how Checkm8 will shape the iPhone experience­ -- particularly as it relates to security­ -- so I spoke at length with... Bruce Schneier
Categories: Schneier on Security

Edward Snowden's Memoirs

Schneier on Security - Mon, 10/07/2019 - 7:53am
Ed Snowden has published a book of his memoirs: Permanent Record. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a short film about Snowden... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Hawaiian Bobtail Squid Squirts Researcher

Schneier on Security - Fri, 10/04/2019 - 5:23pm
Cute video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Pages