Schneier on Security

I'm Looking to Hire a Strategist to Help Figure Out Public-Interest Tech

Schneier on Security - 4 hours 5 min ago
I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology. All of the details are in the RFP. The selected strategist will work closely with me on a number of clear deliverables.... Bruce Schneier
Categories: Schneier on Security

Cracking Forgotten Passwords

Schneier on Security - 9 hours 16 min ago
Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency passwords (mostly Ethereum) for a cut of the recovered value.... Bruce Schneier
Categories: Schneier on Security

Another Side Channel in Intel Chips

Schneier on Security - Mon, 09/16/2019 - 7:39am
Not that serious, but interesting: In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO­short for Data-Direct I/O­increased input/output bandwidth and... Bruce Schneier
Categories: Schneier on Security

Upcoming Speaking Engagements

Schneier on Security - Sat, 09/14/2019 - 7:16pm
This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society in London on September 24, 2019. I'm speaking at Cyber Security Nordic in Helsinki, Finland on October 3, 2019. I'm speaking at the Australian... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: How Scientists Captured the Giant Squid Video

Schneier on Security - Fri, 09/13/2019 - 5:05pm
In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

When Biology Becomes Software

Schneier on Security - Fri, 09/13/2019 - 12:40pm
All of life is based on the coordinated action of genetic parts (genes and their controlling sequences) found in the genomes (the complete DNA sequence) of organisms. Genes and genomes are based on code-- just like the digital language of computers. But instead of zeros and ones, four DNA letters --- A, C, T, G -- encode all of life.... Bruce Schneier
Categories: Schneier on Security

Smart Watches and Cheating on Tests

Schneier on Security - Fri, 09/13/2019 - 9:22am
The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it's becoming very difficult to tell regular watches from smart watches.... Bruce Schneier
Categories: Schneier on Security

Fabricated Voice Used in Financial Fraud

Schneier on Security - Thu, 09/12/2019 - 7:04am
This seems to be an identity theft first: Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 ($243,000) in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking. Another news article.... Bruce Schneier
Categories: Schneier on Security

More on Law Enforcement Backdoor Demands

Schneier on Security - Wed, 09/11/2019 - 7:11am
The Carnegie Endowment for International Peace and Princeton University's Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: "Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn't also backdoor communications systems: Conclusion: There will be... Bruce Schneier
Categories: Schneier on Security

On Cybersecurity Insurance

Schneier on Security - Tue, 09/10/2019 - 7:23am
Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance appears to be a weak form of governance at present. Insurers writing cyber insurance focus... Bruce Schneier
Categories: Schneier on Security

NotPetya

Schneier on Security - Mon, 09/09/2019 - 7:29am
Wired has a long article on NotPetya.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Perfume

Schneier on Security - Fri, 09/06/2019 - 5:24pm
It's not perfume for squids. Nor is it perfume made from squids. It's a perfume called Squid, "inspired by life in the sea." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Default Password for GPS Trackers

Schneier on Security - Fri, 09/06/2019 - 7:10am
Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win.... Bruce Schneier
Categories: Schneier on Security

The Doghouse: Crown Sterling

Schneier on Security - Thu, 09/05/2019 - 6:58am
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil." I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography. But every... Bruce Schneier
Categories: Schneier on Security

Credit Card Privacy

Schneier on Security - Wed, 09/04/2019 - 7:22am
Good article in the Washington Post on all the surveillance associated with credit card use.... Bruce Schneier
Categories: Schneier on Security

Massive iPhone Hack Targets Uyghurs

Schneier on Security - Tue, 09/03/2019 - 7:09am
China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4,... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Why Mexican Jumbo Squid Populations Have Declined

Schneier on Security - Fri, 08/30/2019 - 5:09pm
A group of scientists conclude that it's shifting weather patterns and ocean conditions. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Attacking the Intel Secure Enclave

Schneier on Security - Fri, 08/30/2019 - 7:18am
Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn't imagine that they would be necessary. The results are predictable. The paper:... Bruce Schneier
Categories: Schneier on Security

AI Emotion-Detection Arms Race

Schneier on Security - Thu, 08/29/2019 - 7:17am
Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in speech, flattening them. Finally, a... Bruce Schneier
Categories: Schneier on Security

The Myth of Consumer-Grade Security

Schneier on Security - Wed, 08/28/2019 - 7:14am
The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law... Bruce Schneier
Categories: Schneier on Security

Pages