Schneier on Security

Public Shaming of Companies for Bad Security

Schneier on Security - 12 hours 10 min ago
Troy Hunt makes some good points, with good examples.... Bruce Schneier
Categories: Schneier on Security

NSA Attacks Against Virtual Private Networks

Schneier on Security - Mon, 09/17/2018 - 7:12am
A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems." It's hard to believe that many of the Snowden documents are now more than a decade old.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Dissecting a Giant Squid

Schneier on Security - Fri, 09/14/2018 - 5:13pm
Lessons learned. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Click Here to Kill Everybody Reviews and Press Mentions

Schneier on Security - Fri, 09/14/2018 - 3:14pm
It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin. I've also done a bunch of interviews -- either written or radio/podcast -- including the Washington Post, a Reddit AMA, "The 1A " on NPR,... Bruce Schneier
Categories: Schneier on Security

Quantum Computing and Cryptography

Schneier on Security - Fri, 09/14/2018 - 7:15am
Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for... Bruce Schneier
Categories: Schneier on Security

Security Risks of Government Hacking

Schneier on Security - Thu, 09/13/2018 - 10:08am
Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vulnerability disclosure Cultivation of a market for surveillance tools Attackers co-opt hacking tools over which governments have lost control Attackers... Bruce Schneier
Categories: Schneier on Security

Security Vulnerability in Smart Electric Outlets

Schneier on Security - Wed, 09/12/2018 - 7:19am
A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register: The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances,... Bruce Schneier
Categories: Schneier on Security

Using Hacked IoT Devices to Disrupt the Power Grid

Schneier on Security - Tue, 09/11/2018 - 7:25am
This is really interesting research: "BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid": Abstract: We demonstrate that an Internet of Things (IoT) botnet of high wattage devices-such as air conditioners and heaters-gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: 100-kg Squid Caught Off the Coast of Madeira

Schneier on Security - Fri, 09/07/2018 - 5:13pm
News. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Reddit AMA

Schneier on Security - Fri, 09/07/2018 - 3:22pm
I did a Reddit AMA on Thursday, September 6.... Bruce Schneier
Categories: Schneier on Security

Five-Eyes Intelligence Services Choose Surveillance Over Security

Schneier on Security - Thu, 09/06/2018 - 7:41am
The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone's needs for security and privacy. ...the increasing use and sophistication of certain encryption designs present challenges for... Bruce Schneier
Categories: Schneier on Security

Using a Smartphone's Microphone and Speakers to Eavesdrop on Passwords

Schneier on Security - Wed, 09/05/2018 - 7:05am
It's amazing that this is even possible: "SonarSnoop: Active Acoustic Side-Channel Attacks": Abstract: We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with... Bruce Schneier
Categories: Schneier on Security

New Book Announcement: Click Here to Kill Everybody

Schneier on Security - Tue, 09/04/2018 - 7:20am
I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security. I argue that this changes everything about security. Attacks are no longer just about data, they now affect life and property:... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Giant Squid Washes up on Wellington Beach

Schneier on Security - Fri, 08/31/2018 - 5:08pm
Another giant squid washed up on a beach, this time in Wellington, New Zealand. Is this a global trend? As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

I'm Doing a Reddit AMA

Schneier on Security - Fri, 08/31/2018 - 3:06pm
On Thursday, September 6, starting at 10:00 am CDT, I'll be doing a Reddit "Ask Me Anything" in association with the Ford Foundation. It's about my new book, but -- of course -- you can ask me anything. No promises that I will answer everything....... Bruce Schneier
Categories: Schneier on Security

Upcoming Speaking Engagements

Schneier on Security - Fri, 08/31/2018 - 2:37pm
This is a current list of where and when I am scheduled to speak: I'm giving a book talk on Click Here to Kill Everybody at the Ford Foundation in New York City, on September 5, 2018. The Aspen Institute's Cybersecurity & Technology Program is holding a book launch for Click Here to Kill Everybody on September 10, 2018 in... Bruce Schneier
Categories: Schneier on Security

Eavesdropping on Computer Screens through the Webcam Mic

Schneier on Security - Fri, 08/31/2018 - 7:29am
Yet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen.... Bruce Schneier
Categories: Schneier on Security

Cheating in Bird Racing

Schneier on Security - Thu, 08/30/2018 - 7:34am
I've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved training the pigeons to believe they had two homes. The birds had been secretly raised not... Bruce Schneier
Categories: Schneier on Security

CIA Network Exposed Through Insecure Communications System

Schneier on Security - Wed, 08/29/2018 - 9:10am
Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese... Bruce Schneier
Categories: Schneier on Security

NotPetya

Schneier on Security - Tue, 08/28/2018 - 7:49am
Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk. BoingBoing post.... Bruce Schneier
Categories: Schneier on Security

Pages