Schneier on Security

Friday Squid Blogging: Squid Mural

Schneier on Security - Fri, 07/19/2019 - 5:04pm
Large squid mural in the Bushwick neighborhood of Brooklyn. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

A Harlequin Romance Novel about Hackers

Schneier on Security - Fri, 07/19/2019 - 3:38pm
Really.... Bruce Schneier
Categories: Schneier on Security

John Paul Stevens Was a Cryptographer

Schneier on Security - Fri, 07/19/2019 - 7:19am
I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy.... Bruce Schneier
Categories: Schneier on Security

Identity Theft on the Job Market

Schneier on Security - Thu, 07/18/2019 - 9:21am
Identity theft is getting more subtle: "My job application was withdrawn by someone pretending to be me": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to him by Friday, but they never did. At first, he assumed he was unsuccessful, but after emailing his contact... Bruce Schneier
Categories: Schneier on Security

Zoom Vulnerability

Schneier on Security - Tue, 07/16/2019 - 1:54pm
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera. It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission. On... Bruce Schneier
Categories: Schneier on Security

Palantir's Surveillance Service for Law Enforcement

Schneier on Security - Mon, 07/15/2019 - 7:12am
Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide: If police have a name... Bruce Schneier
Categories: Schneier on Security

Upcoming Speaking Engagements

Schneier on Security - Sat, 07/13/2019 - 5:18pm
This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thurdsay, August 8, 2019. I'm speaking on "Information Security in the Public Interest" at DefCon 27 in Las Vegas on Saturday, August 10, 2019. The list is maintained on this page.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: When the Octopus and Squid Lost Their Shells

Schneier on Security - Fri, 07/12/2019 - 5:32pm
Cephalopod ancestors once had shells. When did they lose them? With the molecular clock technique, which allowed him to use DNA to map out the evolutionary history of the cephalopods, he found that today's cuttlefish, squids and octopuses began to appear 160 to 100 million years ago, during the so-called Mesozoic Marine Revolution. During the revolution, underwater life underwent a... Bruce Schneier
Categories: Schneier on Security

Clickable Endnotes to Click Here to Kill Everybody

Schneier on Security - Fri, 07/12/2019 - 3:16pm
In Click Here to Kill Everybody, I promised clickable endnotes. They're finally available.... Bruce Schneier
Categories: Schneier on Security

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

Schneier on Security - Fri, 07/12/2019 - 6:36am
At least one presidential candidate has a policy about quantum computing and encryption. It has two basic planks. One: fund quantum-resistant encryption standards. (Note: NIST is already doing this.) Two, fund quantum computing. (Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.) Okay, so not the greatest policy --... Bruce Schneier
Categories: Schneier on Security

Resetting Your GE Smart Light Bulb

Schneier on Security - Thu, 07/11/2019 - 7:24am
If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions: Start with your bulb off for at least 5 seconds. Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds... Bruce Schneier
Categories: Schneier on Security

Details of the Cloud Hopper Attacks

Schneier on Security - Wed, 07/10/2019 - 6:51am
Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short... Bruce Schneier
Categories: Schneier on Security

Cell Networks Hacked by (Probable) Nation-State Attackers

Schneier on Security - Tue, 07/09/2019 - 7:44am
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and dates of calls, and their cell-based locations -- on at least 20 individuals.... Bruce Schneier
Categories: Schneier on Security

Cardiac Biometric

Schneier on Security - Mon, 07/08/2019 - 1:38pm
MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance: A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219... Bruce Schneier
Categories: Schneier on Security

Ransomware Recovery Firms Who Secretly Pay Hackers

Schneier on Security - Mon, 07/08/2019 - 8:08am
ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Cars

Schneier on Security - Fri, 07/05/2019 - 5:04pm
Jalopnik asks the important question: "If squids ruled the earth, what would their cars be like?" As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Applied Cryptography is Banned in Oregon Prisons

Schneier on Security - Fri, 07/05/2019 - 2:52pm
My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography Engineering is a much better book for prisoners,... Bruce Schneier
Categories: Schneier on Security

Research on Human Honesty

Schneier on Security - Fri, 07/05/2019 - 7:15am
New research from Science: "Civic honesty around the globe": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities spanning 40 countries around the globe. We turned in over 17,000 lost wallets with varying amounts of money... Bruce Schneier
Categories: Schneier on Security

US Journalist Detained When Returning to US

Schneier on Security - Thu, 07/04/2019 - 7:38am
Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. It was the... Bruce Schneier
Categories: Schneier on Security

Digital License Plates

Schneier on Security - Wed, 07/03/2019 - 7:28am
They're a thing: Developers say digital plates utilize "advanced telematics" -- to collect tolls, pay for parking and send out Amber Alerts when a child is abducted. They also help recover stolen vehicles by changing the display to read "Stolen," thereby alerting everyone within eyeshot. This makes no sense to me. The numbers are static. License plates being low-tech are... Bruce Schneier
Categories: Schneier on Security

Pages