Schneier on Security

Friday Squid Blogging: Another Giant Squid Caught off the Coast of Kerry

Schneier on Security - Fri, 09/22/2017 - 3:53pm
The Flannery family have caught four giant squid, two this year. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Apple's FaceID

Schneier on Security - 3 hours 19 min ago
This is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the fact that the police can point the phone at someone and have it automatically unlock.... Bruce Schneier
Categories: Schneier on Security

Bluetooth Vulnerabilities

Schneier on Security - Mon, 09/18/2017 - 7:58am
A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensive vulnerabilities discovered recently in a Broadcom Wi-Fi chip by Project Zero and... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Using Squid Ink to Detect Gum Disease

Schneier on Security - Fri, 09/15/2017 - 5:07pm
A new dental imagery method, using squid ink, light, and ultrasound. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Another iPhone Change to Frustrate the Police

Schneier on Security - Fri, 09/15/2017 - 7:28am
I recently wrote about the new ability to disable the Touch ID login on iPhones. This is important because of a weirdness in current US law that protects people's passcodes from forced disclosure in ways it does not protect actions: being forced to place a thumb on a fingerprint reader. There's another, more significant, change: iOS now requires a passcode... Bruce Schneier
Categories: Schneier on Security

Hacking Robots

Schneier on Security - Thu, 09/14/2017 - 7:17am
Researchers have demonstrated hacks against robots, taking over and controlling their camera, speakers, and movements. News article.... Bruce Schneier
Categories: Schneier on Security

On the Equifax Data Breach

Schneier on Security - Wed, 09/13/2017 - 1:49pm
Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses... Bruce Schneier
Categories: Schneier on Security

Hacking Voice Assistant Systems with Inaudible Voice Commands

Schneier on Security - Wed, 09/13/2017 - 7:03am
Turns out that all the major voice assistants -- Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa -- listen at audio frequencies the human ear can't hear. Hackers can hijack those systems with inaudible commands that their owners can't hear. News articles.... Bruce Schneier
Categories: Schneier on Security

Securing a Raspberry Pi

Schneier on Security - Tue, 09/12/2017 - 7:12am
A Raspberry Pi is a tiny computer designed for markers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.... Bruce Schneier
Categories: Schneier on Security

A Hardware Privacy Monitor for iPhones

Schneier on Security - Mon, 09/11/2017 - 7:12am
Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a journalist who is concerned about government surveillance: Our introspection engine is designed with the... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Make-Your-Own Squid Candy

Schneier on Security - Fri, 09/08/2017 - 5:11pm
It's Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

ShadowBrokers Releases NSA UNITEDRAKE Manual

Schneier on Security - Fri, 09/08/2017 - 7:54am
The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. UNITEDRAKE, described as a "fully extensible... Bruce Schneier
Categories: Schneier on Security

Research on What Motivates ISIS -- and Other -- Fighters

Schneier on Security - Thu, 09/07/2017 - 7:05am
Interesting research from Nature Human Behaviour: "The devoted actor's will to fight and the spiritual dimension of human conflict": Abstract: Frontline investigations with fighters against the Islamic State (ISIL or ISIS), combined with multiple online studies, address willingness to fight and die in intergroup conflict. The general focus is on non-utilitarian aspects of human conflict, which combatants themselves deem 'sacred'... Bruce Schneier
Categories: Schneier on Security

Security Vulnerabilities in AT&T Routers

Schneier on Security - Wed, 09/06/2017 - 7:55am
They're actually Arris routers, sold or given away by AT&T. There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don't know how many routers are affected, and estimates range from thousands to 138,000. Among the vulnerabilities are hardcoded credentials, which can allow "root" remote access... Bruce Schneier
Categories: Schneier on Security

Security Flaw in Estonian National ID Card

Schneier on Security - Tue, 09/05/2017 - 4:23pm
We have no idea how bad this really is: On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to e-residents. The ID-cards issued before... Bruce Schneier
Categories: Schneier on Security

New Techniques in Fake Reviews

Schneier on Security - Mon, 09/04/2017 - 8:08am
Research paper: "Automated Crowdturfing Attacks and Defenses in Online Review Systems." Abstract: Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers. In this paper, we identify a new class of attacks that leverage deep learning language models (Recurrent Neural Networks or RNNs) to automate the... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Bioluminescent Squid

Schneier on Security - Fri, 09/01/2017 - 5:28pm
There's a beautiful picture of a tiny squid in this New York Times article on bioluminescence -- and a dramatic one of a vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Russian Hacking Tools Codenamed WhiteBear Released

Schneier on Security - Fri, 09/01/2017 - 7:39am
Kaspersky Labs released a highly sophisticated set of hacking tools from Russia called WhiteBear. From February to September 2016, WhiteBear activity was narrowly focused on embassies and consular operations around the world. All of these early WhiteBear targets were related to embassies and diplomatic/foreign affair organizations. Continued WhiteBear activity later shifted to include defense-related organizations into June 2017. When compared... Bruce Schneier
Categories: Schneier on Security

Journalists Generally Do Not Use Secure Communication

Schneier on Security - Thu, 08/31/2017 - 7:52am
This should come as no surprise: Alas, our findings suggest that secure communications haven't yet attracted mass adoption among journalists. We looked at 2,515 Washington journalists with permanent credentials to cover Congress, and we found only 2.5 percent of them solicit end-to-end encrypted communication via their Twitter bios. That's just 62 out of all the broadcast, newspaper, wire service, and... Bruce Schneier
Categories: Schneier on Security

A Framework for Cyber Security Insurance

Schneier on Security - Wed, 08/30/2017 - 2:22pm
New paper: "Policy measures and cyber insurance: a framework," by Daniel Woods and Andrew Simpson, Journal of Cyber Policy, 2017. Abstract: The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments and the insurance industry should... Bruce Schneier
Categories: Schneier on Security

Pages