Schneier on Security

Amazon Creates Classified US Cloud

Schneier on Security - Tue, 11/21/2017 - 7:16am
Amazon has a cloud for U.S. classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it.... Bruce Schneier
Categories: Schneier on Security

Vulnerability in Amazon Key

Schneier on Security - Mon, 11/20/2017 - 7:19am
Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don't abuse their one-time access privilege. Cloud Cam has been hacked: But now security researchers have demonstrated that with a simple program run from... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Peru and Chile Address Squid Overfishing

Schneier on Security - Fri, 11/17/2017 - 6:04pm
Peru and Chile have a new plan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

New White House Announcement on the Vulnerability Equities Process

Schneier on Security - Fri, 11/17/2017 - 7:02am
The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You can read the new policy or the fact sheet,... Bruce Schneier
Categories: Schneier on Security

Motherboard Digital Security Guide

Schneier on Security - Thu, 11/16/2017 - 7:53am
This digital security guide by Motherboard is very good. I put alongside EFF's "Surveillance Self-Defense" and John Scott-Railton's "Digital Security Low Hanging Fruit." There's also "Digital Security and Privacy for Human Rights Defenders." There are too many of these....... Bruce Schneier
Categories: Schneier on Security

Apple FaceID Hacked

Schneier on Security - Wed, 11/15/2017 - 7:54am
It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the hack hasn't been independently confirmed,... Bruce Schneier
Categories: Schneier on Security

Long Article on NSA and the Shadow Brokers

Schneier on Security - Tue, 11/14/2017 - 7:08am
The New York Times just published a long article on the Shadow Brokers and their effects on NSA operations. Summary: it's been an operational disaster, the NSA still doesn't know who did it or how, and NSA morale has suffered considerably. This is me on the Shadow Brokers from last May.... Bruce Schneier
Categories: Schneier on Security

Google's Data on Login Thefts

Schneier on Security - Mon, 11/13/2017 - 7:11am
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. [...] Our research tracked several... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Season May Start Earlier Next Year

Schneier on Security - Fri, 11/10/2017 - 5:18pm
Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

New Research in Invisible Inks

Schneier on Security - Fri, 11/10/2017 - 7:06am
It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly (if only you could see them) in the data-encryption/decryption arena lately.... But some of the materials are costly or difficult to prepare, and many of these inks remain somewhat visible when illuminated with ambient or ultraviolet light. Liang Li and coworkers... Bruce Schneier
Categories: Schneier on Security

Hacking a Fingerprint Biometric

Schneier on Security - Thu, 11/09/2017 - 3:45pm
Embedded in this story about infidelity and a mid-flight altercation, there's an interesting security tidbit: The woman had unlocked her husband's phone using his thumb impression when he was sleeping...... Bruce Schneier
Categories: Schneier on Security

Facebook Fingerprinting Photos to Prevent Revenge Porn

Schneier on Security - Thu, 11/09/2017 - 7:23am
This is a pilot project in Australia: Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be "hashed." This means that the company converts the image into a unique digital fingerprint that can be used to... Bruce Schneier
Categories: Schneier on Security

Me on the Equifax Breach

Schneier on Security - Wed, 11/08/2017 - 7:33am
Last week, I testified before the House Energy and Commerce committee on the Equifax hack. You can watch the video here. And you can read my written testimony below. Testimony and Statement for the Record of Bruce Schneier Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for Internet and Society at Harvard... Bruce Schneier
Categories: Schneier on Security

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

Schneier on Security - Tue, 11/07/2017 - 7:37am
There's a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company's or realty agent's email account, track upcoming home purchases scheduled for settlements -- the pricier the better -- then assume... Bruce Schneier
Categories: Schneier on Security

Daphne Caruana Galizia's Murder and the Security of WhatsApp

Schneier on Security - Mon, 11/06/2017 - 7:12am
Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were. One journalist reports: Part of... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Product Recall

Schneier on Security - Fri, 11/03/2017 - 5:12pm
Lidl is recalling two of its packaged squid products because of the presence of struvite salt crystals. The danger is unclear. The article says that struvite crystals "may be mistaken as glass fragments," which isn't actually dangerous. It also says: "As these salt crystals may cause injury, the product should not be consumed." Maybe it's the intestinal tract that mistakes... Bruce Schneier
Categories: Schneier on Security

Fraud Detection in Pokémon Go

Schneier on Security - Fri, 11/03/2017 - 7:35am
I play Pokémon Go. (There, I've admitted it.) One of the interesting aspects of the game I've been watching is how the game's publisher, Niantec, deals with cheaters. There are three basic types of cheating in Pokémon Go. The first is botting, where a computer plays the game instead of a person. The second is spoofing, which is faking GPS... Bruce Schneier
Categories: Schneier on Security

Heart Size: Yet Another Biometric

Schneier on Security - Thu, 11/02/2017 - 6:01am
Turns out that heart size doesn't change throughout your adult life, and you can use low-level Doppler radar to scan the size -- even at a distance -- as a biometric. Research paper (to be available soon).... Bruce Schneier
Categories: Schneier on Security

Attack on Old ANSI Random Number Generator

Schneier on Security - Tue, 10/31/2017 - 11:29am
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here's the research paper, the website -- complete with cute logo -- for the attack, and Matthew Green's excellent blog post on the research.... Bruce Schneier
Categories: Schneier on Security

Google Login Security for High-Risk Users

Schneier on Security - Mon, 10/30/2017 - 1:23pm
Google has a new login service for high-risk users. it's good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google's malware scanners will use a... Bruce Schneier
Categories: Schneier on Security

Pages