Schneier on Security

Friday Squid Blogging: Squid Pin

Schneier on Security - Fri, 02/16/2018 - 5:08pm
There's a squid pin on Kickstarter. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

New National Academies Report on Crypto Policy

Schneier on Security - Fri, 02/16/2018 - 10:17am
The National Academies has just published "Decrypting the Encryption Debate: A Framework for Decision Makers." It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here.... Bruce Schneier
Categories: Schneier on Security

Election Security

Schneier on Security - Thu, 02/15/2018 - 10:14am
Good Washington Post op-ed on the need to use voter-verifiable paper ballots to secure elections, as well as risk-limiting audits.... Bruce Schneier
Categories: Schneier on Security

Can Consumers' Online Data Be Protected?

Schneier on Security - Wed, 02/14/2018 - 7:43am
Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn't mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies,... Bruce Schneier
Categories: Schneier on Security

Jumping Air Gaps

Schneier on Security - Tue, 02/13/2018 - 7:26am
Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its internal fan generates, by changing air temperatures in patterns that the receiving... Bruce Schneier
Categories: Schneier on Security

Internet Security Threats at the Olympics

Schneier on Security - Mon, 02/12/2018 - 7:36am
There are a lot: The cybersecurity company McAfee recently uncovered a cyber operation, dubbed Operation GoldDragon, attacking South Korean organizations related to the Winter Olympics. McAfee believes the attack came from a nation state that speaks Korean, although it has no definitive proof that this is a North Korean operation. The victim organizations include ice hockey teams, ski suppliers, ski... Bruce Schneier
Categories: Schneier on Security

Calling Squid "Calamari" Makes It More Appetizing

Schneier on Security - Fri, 02/09/2018 - 5:17pm
Research shows that what a food is called affects how we think about it. Research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Living in a Smart Home

Schneier on Security - Fri, 02/09/2018 - 8:59am
In "The House that spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results.... Bruce Schneier
Categories: Schneier on Security

Water Utility Infected by Cryptocurrency Mining Software

Schneier on Security - Thu, 02/08/2018 - 12:55pm
A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I've seen it infect SCADA systems, though. It seems that this mining software is benign, and doesn't affect the performance of the hacked computer. (A smart... Bruce Schneier
Categories: Schneier on Security

Cabinet of Secret Documents from Australia

Schneier on Security - Wed, 02/07/2018 - 7:19am
This story of leaked Australian government secrets is unlike any other I've heard: It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys. They were purchased for small change and sat unopened... Bruce Schneier
Categories: Schneier on Security

Poor Security at the UK National Health Service

Schneier on Security - Tue, 02/06/2018 - 7:33am
The Guardian is reporting that "every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required." This is the same NHS that was debilitated by WannaCry.... Bruce Schneier
Categories: Schneier on Security

Sensitive Super-Bowl Security Documents Left on an Airplane

Schneier on Security - Mon, 02/05/2018 - 4:46pm
A CNN reporter found... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Kraken Pie

Schneier on Security - Fri, 02/02/2018 - 5:36pm
Pretty, but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Signed Malware

Schneier on Security - Fri, 02/02/2018 - 7:38am
Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003. The researchers said they... Bruce Schneier
Categories: Schneier on Security

Jackpotting Attacks Against US ATMs

Schneier on Security - Thu, 02/01/2018 - 7:23am
Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside. The Secret Service alert explains that the attackers typically use an endoscope -- a slender, flexible instrument traditionally used in medicine... Bruce Schneier
Categories: Schneier on Security

Israeli Scientists Accidentally Reveal Classified Information

Schneier on Security - Wed, 01/31/2018 - 3:37pm
According to this story (non-paywall English version here), Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the information was copied and is found on a number of platforms. Those officials have managed to... Bruce Schneier
Categories: Schneier on Security

After Section 702 Reauthorization

Schneier on Security - Wed, 01/31/2018 - 7:06am
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law. Section 702 was initially passed in 2008, as an amendment to the Foreign Intelligence... Bruce Schneier
Categories: Schneier on Security

Subway Elevators and Movie-Plot Threats

Schneier on Security - Tue, 01/30/2018 - 7:26am
Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awful to me," said Claudia Ward, who... Bruce Schneier
Categories: Schneier on Security

Locating Secret Military Bases via Fitness Data

Schneier on Security - Mon, 01/29/2018 - 3:17pm
In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. News article.... Bruce Schneier
Categories: Schneier on Security

Estimating the Cost of Internet Insecurity

Schneier on Security - Mon, 01/29/2018 - 7:18am
It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples": Abstract: There is marked variability from... Bruce Schneier
Categories: Schneier on Security

Pages