Schneier on Security

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security - Thu, 01/23/2020 - 7:10am
This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a... Bruce Schneier
Categories: Schneier on Security

Half a Million IoT Device Passwords Published

Schneier on Security - Wed, 01/22/2020 - 7:09am
It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a... Bruce Schneier
Categories: Schneier on Security

Brazil Charges Glenn Greenwald with Cybercrimes

Schneier on Security - Tue, 01/21/2020 - 4:23pm
Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking: Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a "clear role in facilitating the commission of a crime." For... Bruce Schneier
Categories: Schneier on Security

SIM Hijacking

Schneier on Security - Tue, 01/21/2020 - 7:30am
SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside... Bruce Schneier
Categories: Schneier on Security

Clearview AI and Facial Recognition

Schneier on Security - Mon, 01/20/2020 - 9:53am
The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Giant Squid Genome Analyzed

Schneier on Security - Fri, 01/17/2020 - 5:19pm
This is fantastic work: In total, the researchers identified approximately 2.7 billion DNA base pairs, which is around 90 percent the size of the human genome. There's nothing particularly special about that size, especially considering that the axolotl genome is 10 times larger than the human genome. It's going to take some time to fully understand and appreciate the intricacies... Bruce Schneier
Categories: Schneier on Security

Securing Tiffany's Move

Schneier on Security - Thu, 01/16/2020 - 11:01am
Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.... Bruce Schneier
Categories: Schneier on Security

Critical Windows Vulnerability Discovered by NSA

Schneier on Security - Wed, 01/15/2020 - 7:38am
Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.... Bruce Schneier
Categories: Schneier on Security

Upcoming Speaking Engagements

Schneier on Security - Tue, 01/14/2020 - 2:00pm
This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On... Bruce Schneier
Categories: Schneier on Security

5G Security

Schneier on Security - Tue, 01/14/2020 - 8:42am
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious... Bruce Schneier
Categories: Schneier on Security

Artificial Personas and Public Discourse

Schneier on Security - Mon, 01/13/2020 - 9:21am
Presidential-campaign season is officially, officially, upon us now, which means it's time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: Artificial personas are coming, and they're poised to take over political debate. The risk arises from two separate threads coming together: artificial-intelligence-driven text generation and social-media... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta

Schneier on Security - Fri, 01/10/2020 - 5:09pm
A Croatian recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Police Surveillance Tools from Special Services Group

Schneier on Security - Fri, 01/10/2020 - 9:41am
Special Services Group, a company that sells surveillance tools to the FBI, DEA, ICE, and other US government agencies, has had its secret sales brochure published. Motherboard received the brochure as part of a FOIA request to the Irvine Police Department in California. "The Tombstone Cam is our newest video concealment offering the ability to conduct remote surveillance operations from... Bruce Schneier
Categories: Schneier on Security

New SHA-1 Attack

Schneier on Security - Wed, 01/08/2020 - 10:38am
There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.7,... Bruce Schneier
Categories: Schneier on Security

USB Cable Kill Switch for Laptops

Schneier on Security - Tue, 01/07/2020 - 7:03am
BusKill is designed to wipe your laptop (Linux only) if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and... Bruce Schneier
Categories: Schneier on Security

Mailbox Master Keys

Schneier on Security - Mon, 01/06/2020 - 7:20am
Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Giant Squid Video from the Gulf of Mexico

Schneier on Security - Fri, 01/03/2020 - 5:25pm
Fantastic video: Scientists had used a specialized camera system developed by Widder called the Medusa, which uses red light undetectable to deep sea creatures and has allowed scientists to discover species and observe elusive ones. The probe was outfitted with a fake jellyfish that mimicked the invertebrates' bioluminescent defense mechanism, which can signal to larger predators that a meal may... Bruce Schneier
Categories: Schneier on Security

Chrome Extension Stealing Cryptocurrency Keys and Passwords

Schneier on Security - Fri, 01/03/2020 - 7:09am
A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk. Denley says that the extension sends the private keys of all wallets created or managed through its interface to a third-party website... Bruce Schneier
Categories: Schneier on Security

Mysterious Drones are Flying over Colorado

Schneier on Security - Thu, 01/02/2020 - 12:02pm
No one knows who they belong to. (Well, of course someone knows. And my guess is that it's likely that we will know soon.)... Bruce Schneier
Categories: Schneier on Security

Hacking School Surveillance Systems

Schneier on Security - Mon, 12/30/2019 - 11:20am
Lance Vick suggesting that students hack their schools' surveillance systems. "This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said. Of course, there are a lot more laws in place against this sort of thing than there were in -- say -- the 1980s, but it's still... Bruce Schneier
Categories: Schneier on Security