Schneier on Security

The Concept of "Return on Data"

Schneier on Security - 2 hours 29 min ago
This law review article by Noam Kolt, titled "Return on Data," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply -- "return on data" (ROD) -- remains largely unexplored. Expressed as... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: On Squid Intelligence

Schneier on Security - Fri, 05/17/2019 - 5:13pm
Two links. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Why Are Cryptographers Being Denied Entry into the US?

Schneier on Security - Fri, 05/17/2019 - 7:18am
In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I've heard of at least one other prominent cryptographer who is in... Bruce Schneier
Categories: Schneier on Security

More Attacks against Computer Automatic Update Systems

Schneier on Security - Thu, 05/16/2019 - 2:34pm
Last month, Kaspersky discovered that Asus's live update system was infected with malware, an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation. As we mentioned before, ASUS was not the only company used by the attackers. Studying this case, our experts found other samples that used similar algorithms. As in... Bruce Schneier
Categories: Schneier on Security

Another Intel Chip Flaw

Schneier on Security - Thu, 05/16/2019 - 10:28am
Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whole bunch more have just been discovered. I don't think we're finished yet. A year and a half ago... Bruce Schneier
Categories: Schneier on Security

WhatsApp Vulnerability Fixed

Schneier on Security - Wed, 05/15/2019 - 3:22pm
WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn't even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof. If you use WhatsApp, update your app immediately.... Bruce Schneier
Categories: Schneier on Security

International Spy Museum Reopens

Schneier on Security - Wed, 05/15/2019 - 7:28am
The International Spy Museum has reopened in Washington, DC.... Bruce Schneier
Categories: Schneier on Security

Upcoming Speaking Engagements

Schneier on Security - Tue, 05/14/2019 - 1:15pm
This is a current list of where and when I am scheduled to speak: I'm speaking on "Securing a World of Physically Capable Computers" at Oxford University on Monday, June 17, 2019. The list is maintained on this page.... Bruce Schneier
Categories: Schneier on Security

Cryptanalysis of SIMON-32/64

Schneier on Security - Tue, 05/14/2019 - 7:11am
A weird paper was posted on the Cryptology ePrint Archive (working link is via the Wayback Machine), claiming an attack against the NSA-designed cipher SIMON. You can read some commentary about it here. Basically, the authors claimed an attack so devastating that they would only publish a zero-knowledge proof of their attack. Which they didn't. Nor did they publish anything... Bruce Schneier
Categories: Schneier on Security

Reverse Engineering a Chinese Surveillance App

Schneier on Security - Mon, 05/13/2019 - 7:37am
Human Rights Watch has reverse engineered an app used by the Chinese police to conduct mass surveillance on Turkic Muslims in Xinjiang. The details are fascinating, and chilling. Boing Boing post.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Cephalopod Appreciation Society Event

Schneier on Security - Fri, 05/10/2019 - 5:18pm
Last Wednesday was a Cephalopod Appreciation Society event in Seattle. I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security - Fri, 05/10/2019 - 7:30am
A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.... Bruce Schneier
Categories: Schneier on Security

Another NSA Leaker Identified and Charged

Schneier on Security - Thu, 05/09/2019 - 4:17pm
In 2015, the Intercept started publishing "The Drone Papers," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified. It might have been this: "At the agency, prosecutors said, Mr. Hale printed 36 documents... Bruce Schneier
Categories: Schneier on Security

Amazon Is Losing the War on Fraudulent Sellers

Schneier on Security - Thu, 05/09/2019 - 6:58am
Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. Sometimes, these black hat companies bribe corporate Amazon employees to leak information from the company's wiki pages and business reports, which they then resell... Bruce Schneier
Categories: Schneier on Security

Leaked NSA Hacking Tools

Schneier on Security - Wed, 05/08/2019 - 12:30pm
In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question. Now... Bruce Schneier
Categories: Schneier on Security

Malicious MS Office Macro Creator

Schneier on Security - Wed, 05/08/2019 - 7:03am
Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows. The... Bruce Schneier
Categories: Schneier on Security

Locked Computers

Schneier on Security - Tue, 05/07/2019 - 7:22am
This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn't talk about is RAM theft. When RAM was expensive, stealing it was a problem.... Bruce Schneier
Categories: Schneier on Security

First Physical Retaliation for a Cyberattack

Schneier on Security - Mon, 05/06/2019 - 5:09pm
Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter: CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed. pic.twitter.com/AhgKjiOqS7 ­Israel Defense Forces (@IDF) May 5, 2019... Bruce Schneier
Categories: Schneier on Security

Protecting Yourself from Identity Theft

Schneier on Security - Mon, 05/06/2019 - 8:08am
I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other things­ --... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid Skin "Inspires" New Thermal Sheeting

Schneier on Security - Fri, 05/03/2019 - 5:15pm
Researchers are making space blankets using technology based on squid skin. Honestly, it's hard to tell how much squid is actually involved in this invention. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Pages