Schneier on Security

Gas Pump Hack

Schneier on Security - Fri, 07/13/2018 - 7:18am
This is weird: Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers. The theft, reported... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Antifungal Squid-Egg Coating

Schneier on Security - Thu, 07/12/2018 - 5:03pm
The Hawaiian bobtail squid coats its eggs with antifungal bacteria. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

WPA3

Schneier on Security - Thu, 07/12/2018 - 7:11am
Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and... Bruce Schneier
Categories: Schneier on Security

Department of Commerce Report on the Botnet Threat

Schneier on Security - Wed, 07/11/2018 - 7:08am
Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can... Bruce Schneier
Categories: Schneier on Security

Recovering Keyboard Inputs through Thermal Imaging

Schneier on Security - Tue, 07/10/2018 - 7:18am
Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we humans routinely leave thermal residues on various objects with which we come in... Bruce Schneier
Categories: Schneier on Security

PROPagate Code Injection Seen in the Wild

Schneier on Security - Mon, 07/09/2018 - 7:13am
Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the properties of windows running in the same session. This can be... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Unexpectedly Playing a Part in US/China Trade War

Schneier on Security - Fri, 07/06/2018 - 5:27pm
Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

The NSA's Domestic Surveillance Centers

Schneier on Security - Fri, 07/06/2018 - 10:16am
The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents.... Bruce Schneier
Categories: Schneier on Security

Beating Facial Recognition Software with Face Makeup

Schneier on Security - Thu, 07/05/2018 - 8:14am
At least right now, facial recognition algorithms don't work with Juggalo makeup.... Bruce Schneier
Categories: Schneier on Security

California Passes New Privacy Law

Schneier on Security - Tue, 07/03/2018 - 11:24am
The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot initiative was already going to be voted on in November, one with even stronger data privacy protections. The author of that... Bruce Schneier
Categories: Schneier on Security

Traffic Analysis of the LTE Mobile Standard

Schneier on Security - Mon, 07/02/2018 - 10:35am
Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Fried Squid with Turmeric

Schneier on Security - Fri, 06/29/2018 - 5:05pm
Good-looking recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Conservation of Threat

Schneier on Security - Fri, 06/29/2018 - 10:44am
Here's some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into our laboratory and gave them a simple task ­-- to look at a series of computer-generated faces and decide which... Bruce Schneier
Categories: Schneier on Security

Manipulative Social Media Practices

Schneier on Security - Thu, 06/28/2018 - 7:29am
The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy. From the executive summary: Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that... Bruce Schneier
Categories: Schneier on Security

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security - Wed, 06/27/2018 - 7:44am
The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data.... Bruce Schneier
Categories: Schneier on Security

Bypassing Passcodes in iOS

Schneier on Security - Tue, 06/26/2018 - 10:38am
Last week, a story was going around explaining how to brute-force an iOS password. Basically, the trick was to plug the phone into an external keyboard and trying every PIN at once: We reported Friday on Hickey's findings, which claimed to be able to send all combinations of a user's possible passcode in one go, by enumerating each code from... Bruce Schneier
Categories: Schneier on Security

Secure Speculative Execution

Schneier on Security - Mon, 06/25/2018 - 6:00am
We're starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems. Here's one. I don't know if this particular design secure. My guess is that we're going to see several iterations of design and attack before we settle on something that works. But it's good to see the research results emerge. News article.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Capturing the Giant Squid on Video

Schneier on Security - Fri, 06/22/2018 - 5:07pm
In this 2013 TED talk, oceanographer Edith Widder explains how her team captured the giant squid on video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

The Effects of Iran's Telegram Ban

Schneier on Security - Fri, 06/22/2018 - 1:58pm
The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used extensively by activists, independent and citizen journalists, dissidents and international... Bruce Schneier
Categories: Schneier on Security

Domain Name Stealing at Gunpoint

Schneier on Security - Fri, 06/22/2018 - 6:52am
I missed this story when it came around last year: someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail.... Bruce Schneier
Categories: Schneier on Security

Pages