Schneier on Security

Alternatives to Government-Mandated Encryption Backdoors

Schneier on Security - 10 hours 42 min ago
Policy essay: "Encryption Substitutes," by Andrew Keane Woods: In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders. Second, I assume that people have a right... Bruce Schneier
Categories: Schneier on Security

US Army Researching Bot Swarms

Schneier on Security - Mon, 07/24/2017 - 7:39am
The US Army Research Agency is funding research into autonomous bot swarms. From the announcement: The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of large heterogeneous teams of intelligent systems and Soldiers against dynamic threats in complex and contested environments and provide technical and operational superiority... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

Schneier on Security - Fri, 07/21/2017 - 5:33pm
It's the second in two months. Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Hacking a Segway

Schneier on Security - Fri, 07/21/2017 - 7:23am
The Segway has a mobile app. It is hackable: While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn't being used for authentication at every level of the system. As a result, Kilbride could send arbitrary commands to the scooter without... Bruce Schneier
Categories: Schneier on Security

Ethereum Hacks

Schneier on Security - Thu, 07/20/2017 - 10:12am
The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they're not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency -- in this case, digital wallets. This is the second Ethereum hack this week. The first tricked people in sending their Ethereum to... Bruce Schneier
Categories: Schneier on Security

Password Masking

Schneier on Security - Wed, 07/19/2017 - 11:35am
Slashdot asks if password masking -- replacing password characters with asterisks as you type them -- is on the way out. I don't know if that's true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in passwords on small screens and annoying... Bruce Schneier
Categories: Schneier on Security

Many of My E-Books for Cheap

Schneier on Security - Tue, 07/18/2017 - 7:38am
Humble Bundle is selling a bunch of cybersecurity books very cheaply. You can get copies of Applied Cryptography, Secrets and Lies, and Cryptography Engineering -- and also Ross Anderson's Security Engineering, Adam Shostack's Threat Modeling, and many others. This is the cheapest you'll ever see these books. And they're all DRM-free.... Bruce Schneier
Categories: Schneier on Security

Australia Considering New Law Weakening Encryption

Schneier on Security - Mon, 07/17/2017 - 7:29am
News from Australia: Under the law, internet companies would have the same obligations telephone companies do to help law enforcement agencies, Prime Minister Malcolm Turnbull said. Law enforcement agencies would need warrants to access the communications. "We've got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and pedophile... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Eyeball Collector Wants a Giant-Squid Eyeball

Schneier on Security - Fri, 07/14/2017 - 5:35pm
They're rare: The one Dubielzig really wants is an eye from a giant squid, which has the biggest eye of any living animal -- it's the size of a dinner plate. "But there are no intact specimens of giant squid eyes, only rotten specimens that have been beached," he says. As usual, you can also use this squid post to... Bruce Schneier
Categories: Schneier on Security

Book Review: Twitter and Tear Gas, by Zeynep Tufekci

Schneier on Security - Fri, 07/14/2017 - 1:06pm
There are two opposing models of how the Internet has changed protest movements. The first is that the Internet has made protesters mightier than ever. This comes from the successful revolutions in Tunisia (2010-11), Egypt (2011), and Ukraine (2013). The second is that it has made them more ineffectual. Derided as "slacktivism" or "clicktivism," the ease of action without commitment... Bruce Schneier
Categories: Schneier on Security

Forged Documents and Microsoft Fonts

Schneier on Security - Fri, 07/14/2017 - 7:51am
A set of documents in Pakistan were detected as forgeries because their fonts were not in circulation at the time the documents were dated.... Bruce Schneier
Categories: Schneier on Security

Tomato-Plant Security

Schneier on Security - Thu, 07/13/2017 - 7:06am
I have a soft spot for interesting biological security measures, especially by plants. I've used them as examples in several of my books. Here's a new one: when tomato plants are attacked by caterpillars, they release a chemical that turns the caterpillars on each other: It's common for caterpillars to eat each other when they're stressed out by the lack... Bruce Schneier
Categories: Schneier on Security

More on the NSA's Use of Traffic Shaping

Schneier on Security - Wed, 07/12/2017 - 7:32am
"Traffic shaping" -- the practice of tricking data to flow through a particular route on the Internet so it can be more easily surveiled -- is an NSA technique that has gotten much less attention than it deserves. It's a powerful technique that allows an eavesdropper to get access to communications channels it would otherwise not be able to monitor.... Bruce Schneier
Categories: Schneier on Security

Hacking Spotify

Schneier on Security - Tue, 07/11/2017 - 9:22am
Some of the ways artists are hacking the music-streaming service Spotify.... Bruce Schneier
Categories: Schneier on Security

The Future of Forgeries

Schneier on Security - Mon, 07/10/2017 - 7:04am
This article argues that AI technologies will make image, audio, and video forgeries much easier in the future. Combined, the trajectory of cheap, high-quality media forgeries is worrying. At the current pace of progress, it may be as little as two or three years before realistic audio forgeries are good enough to fool the untrained ear, and only five or... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Why It's Hard to Track the Squid Population

Schneier on Security - Fri, 07/07/2017 - 3:08pm
Counting squid is not easy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

An Assassin's Teapot

Schneier on Security - Fri, 07/07/2017 - 2:01pm
This teapot has two chambers. Liquid is released from one or the other depending on whether an air hole is covered. I want one.... Bruce Schneier
Categories: Schneier on Security

DNI Wants Research into Secure Multiparty Computation

Schneier on Security - Fri, 07/07/2017 - 7:20am
The Intelligence Advanced Research Projects Activity (IARPA) is soliciting proposals for research projects in secure multiparty computation: Specifically of interest is computing on data belonging to different -- potentially mutually distrusting -- parties, which are unwilling or unable (e.g., due to laws and regulations) to share this data with each other or with the underlying compute platform. Such computations may... Bruce Schneier
Categories: Schneier on Security

Now It's Easier than Ever to Steal Someone's Keys

Schneier on Security - Thu, 07/06/2017 - 7:27am
The website key.me will make a duplicate key from a digital photo. If a friend or coworker leaves their keys unattended for a few seconds, you know what to do.... Bruce Schneier
Categories: Schneier on Security

Dubai Deploying Autonomous Robotic Police Cars

Schneier on Security - Wed, 07/05/2017 - 1:48pm
It's hard to tell how much of this story is real and how much is aspirational, but it really is only a matter of time: About the size of a child's electric toy car, the driverless vehicles will patrol different areas of the city to boost security and hunt for unusual activity, all the while scanning crowds for potential persons... Bruce Schneier
Categories: Schneier on Security

Pages