Schneier on Security

Hacking Construction Cranes

Schneier on Security - 4 hours 48 min ago
Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we've outlined, we were able to perform the attacks quickly and even switch on the controlled... Bruce Schneier
Categories: Schneier on Security

Clever Smartphone Malware Concealment Technique

Schneier on Security - Mon, 01/21/2019 - 7:47am
This is clever: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Lollipops

Schneier on Security - Fri, 01/18/2019 - 5:41pm
Two squid lollipops, handmade by Shinri Tezuka. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security - Fri, 01/18/2019 - 6:54am
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI -- and some of their peer agencies in the U.K., Australia, and elsewhere -- argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems susceptible to government eavesdropping. Sometimes... Bruce Schneier
Categories: Schneier on Security

Prices for Zero-Day Exploits Are Rising

Schneier on Security - Thu, 01/17/2019 - 7:33am
Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage. Previously, Zerodium was offering... Bruce Schneier
Categories: Schneier on Security

El Chapo's Encryption Defeated by Turning His IT Consultant

Schneier on Security - Wed, 01/16/2019 - 7:53am
Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade. A Dutch article says that it's a BlackBerry system. Hacker... Bruce Schneier
Categories: Schneier on Security

Alex Stamos on Content Moderation and Security

Schneier on Security - Tue, 01/15/2019 - 6:55am
Former Facebook CISO Alex Stamos argues that increasing political pressure on social media platforms to moderate content will give them a pretext to turn all end-to-end crypto off -- which would be more profitable for them and bad for society. If we ask tech companies to fix ancient societal ills that are now reflected online with moderation, then we will... Bruce Schneier
Categories: Schneier on Security

Upcoming Speaking Engagements

Schneier on Security - Mon, 01/14/2019 - 5:21pm
This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference (MCSC) on February 14, 2019. The list is maintained on this page.... Bruce Schneier
Categories: Schneier on Security

Why Internet Security Is So Bad

Schneier on Security - Mon, 01/14/2019 - 12:13pm
I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency will make computer security a matter of life and death, and... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: New Giant Squid Video

Schneier on Security - Fri, 01/11/2019 - 3:48pm
This is a fantastic video of a young giant squid named Heck swimming around Toyama Bay near Tokyo. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Using a Fake Hand to Defeat Hand-Vein Biometrics

Schneier on Security - Fri, 01/11/2019 - 7:38am
Nice work: One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for example. But with that said, Krissler and Albrecht first... Bruce Schneier
Categories: Schneier on Security

Security Vulnerabilities in Cell Phone Systems

Schneier on Security - Thu, 01/10/2019 - 6:52am
Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about this issue, sent a letter in August encouraging the Department of Justice... Bruce Schneier
Categories: Schneier on Security

EU Offering Bug Bounties on Critical Open-Source Software

Schneier on Security - Wed, 01/09/2019 - 8:05am
The EU is offering "bug bounties on Free Software projects that the EU institutions rely on." Slashdot thread.... Bruce Schneier
Categories: Schneier on Security

Machine Learning to Detect Software Vulnerabilities

Schneier on Security - Tue, 01/08/2019 - 7:13am
No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don't know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders ­ and the resultant arms race between the two ­ I want to talk about software vulnerabilities. All software contains bugs. The reason is... Bruce Schneier
Categories: Schneier on Security

New Attack Against Electrum Bitcoin Wallets

Schneier on Security - Mon, 01/07/2019 - 7:13am
This is clever: How the attack works: Attacker added tens of malicious servers to the Electrum wallet network. Users of legitimate Electrum wallets initiate a Bitcoin transaction. If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).User clicks the... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: The Future of the Squid Market

Schneier on Security - Fri, 01/04/2019 - 5:16pm
It's growing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Podcast Interview with Eva Gaperon

Schneier on Security - Thu, 01/03/2019 - 10:09am
Nice interview with the EFF's director of cybersecurity, Eva Gaperon.... Bruce Schneier
Categories: Schneier on Security

Long-Range Familial Searching Forensics

Schneier on Security - Wed, 01/02/2019 - 10:29am
Good article on using long-range familial searching -- basically, DNA matching of distant relatives -- as a police forensics tool.... Bruce Schneier
Categories: Schneier on Security

China's APT10

Schneier on Security - Mon, 12/31/2018 - 6:57am
Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's "I Hunt Sysadmins" presentation, published by the Intercept.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid-Focused Menus in Croatia

Schneier on Security - Fri, 12/28/2018 - 5:04pm
This is almost over: From 1 December 2018 -- 6 January 2019, Days of Adriatic squid will take place at restaurants all over north-west Istria. Restaurants will be offering affordable full-course menus based on Adriatic squid, combined with quality local olive oil and fine wines. As usual, you can also use this squid post to talk about the security stories... Bruce Schneier
Categories: Schneier on Security

Pages