Schneier on Security

Friday Squid Blogging: New Research on Squid Camouflage

Schneier on Security - Fri, 03/22/2019 - 5:45pm
From the New York Times: Now, a paper published last week in Nature Communications suggests that their chromatophores, previously thought to be mainly pockets of pigment embedded in their skin, are also equipped with tiny reflectors made of proteins. These reflectors aid the squid to produce such a wide array of colors, including iridescent greens and blues, within a second... Bruce Schneier
Categories: Schneier on Security

Enigma, Typex, and Bombe Simulators

Schneier on Security - Fri, 03/22/2019 - 7:16am
GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article.... Bruce Schneier
Categories: Schneier on Security

First Look Media Shutting Down Access to Snowden NSA Archives

Schneier on Security - Thu, 03/21/2019 - 6:52am
The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. I don't know the details of how the archive was... Bruce Schneier
Categories: Schneier on Security

Zipcar Disruption

Schneier on Security - Wed, 03/20/2019 - 1:38pm
This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage: "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software." That didn't just mean people couldn't get cars they reserved. Sometimes is meant they couldn't get the cars they were already driving to... Bruce Schneier
Categories: Schneier on Security

An Argument that Cybersecurity Is Basically Okay

Schneier on Security - Wed, 03/20/2019 - 7:03am
Andrew Odlyzko's new essay is worth reading -- "Cybersecurity is not very important": Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure. Yet the world is doing remarkably well overall, and has not suffered any of... Bruce Schneier
Categories: Schneier on Security

Triton

Schneier on Security - Tue, 03/19/2019 - 7:48am
Good article on the Triton malware which targets industrial control systems.... Bruce Schneier
Categories: Schneier on Security

CAs Reissue Over One Million Weak Certificates

Schneier on Security - Mon, 03/18/2019 - 7:23am
Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the required entropy. This really isn't... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: A Squid-Related Vacation Tour in Hawaii

Schneier on Security - Fri, 03/15/2019 - 5:24pm
You can hunt for the Hawaiian bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

I Was Cited in a Court Decision

Schneier on Security - Fri, 03/15/2019 - 3:38pm
An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption. Here's the first, in footnote 1: We understand the word "password" to be synonymous with other terms that cell phone users may be familiar with, such as Personal Identification... Bruce Schneier
Categories: Schneier on Security

Upcoming Speaking Engagements

Schneier on Security - Fri, 03/15/2019 - 3:15pm
This is a current list of where and when I am scheduled to speak: I'm teaching a live online class called "Spotlight on Cloud: The Future of Internet Security with Bruce Schneier" on O'Reilly's learning platform, Thursday, April 4, at 10:00 AM PT/1:00 PM ET. The list is maintained on this page.... Bruce Schneier
Categories: Schneier on Security

Critical Flaw in Swiss Internet Voting System

Schneier on Security - Fri, 03/15/2019 - 10:44am
Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted -- and that this system in particular should never be deployed, even if the found flaw is fixed -- but Cory Doctorow beat me to... Bruce Schneier
Categories: Schneier on Security

DARPA Is Developing an Open-Source Voting System

Schneier on Security - Thu, 03/14/2019 - 2:20pm
This sounds like a good development: ...a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and... Bruce Schneier
Categories: Schneier on Security

Judging Facebook's Privacy Shift

Schneier on Security - Wed, 03/13/2019 - 7:51am
Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we... Bruce Schneier
Categories: Schneier on Security

On Surveillance in the Workplace

Schneier on Security - Tue, 03/12/2019 - 7:38am
Data & Society just published a report entitled "Workplace Monitoring & Surveillance": This explainer highlights four broad trends in employee monitoring and surveillance technologies: Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed to identify or deter perceived rule-breaking or fraud. Touted as useful management tools, they can augment biased and discriminatory... Bruce Schneier
Categories: Schneier on Security

Russia Is Testing Online Voting

Schneier on Security - Mon, 03/11/2019 - 7:54am
This is a bad idea: A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital's city council in September. The details of how the experiment will work... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Proteins Can Be an Alternative to Plastic

Schneier on Security - Fri, 03/08/2019 - 5:36pm
Is there anything squids aren't good for? Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Schneier on Security - Fri, 03/08/2019 - 3:24pm
Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. (Video here). I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologists are Changing the World: Matt Mitchell, Tactical Tech; Bruce Schneier,... Bruce Schneier
Categories: Schneier on Security

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security - Fri, 03/08/2019 - 6:57am
This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time... Bruce Schneier
Categories: Schneier on Security

Detecting Shoplifting Behavior

Schneier on Security - Thu, 03/07/2019 - 2:48pm
This system claims to detect suspicious behavior that indicates shoplifting: Vaak, a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body language. The article has no detail or analysis, so we don't know how well it works. But this kind of thing is surely... Bruce Schneier
Categories: Schneier on Security

Letterlocking

Schneier on Security - Thu, 03/07/2019 - 7:25am
Really good article on the now-lost art of letterlocking.... Bruce Schneier
Categories: Schneier on Security

Pages