Schneier on Security

Subscribe to Schneier on Security feed
A blog covering security and security technology. Movable Type Pro
Updated: 26 min 54 sec ago

Scaring People into Supporting Backdoors

10 hours 20 min ago
Back in 1998, Tim May warned us of the "Four Horsemen of the Infocalypse": "terrorists, pedophiles, drug dealers, and money launderers." I tended to cast it slightly differently. This is me from 2005: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to... Bruce Schneier
Categories: Schneier on Security

Extracting Data from Smartphones

Wed, 12/11/2019 - 7:19am
Privacy International has published a detailed, technical examination of how data is extracted from smartphones.... Bruce Schneier
Categories: Schneier on Security

Reforming CDA 230

Tue, 12/10/2019 - 7:16am
There's a serous debate on reforming Section 230 of the Communications Decency Act. I am in the process of figuring out what I believe, and this is more a place to put resources and listen to people's comments. The EFF has written extensively on why it is so important and dismantling it will ben catastrophic for the Internet. Danielle Citron... Bruce Schneier
Categories: Schneier on Security

Failure Modes in Machine Learning

Mon, 12/09/2019 - 6:56am
Interesting taxonomy of machine-learning failures (pdf) that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for threat modeling.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squidfall Safety

Fri, 12/06/2019 - 5:20pm
Watchmen supporting material. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Andy Ellis on Risk Assessment

Fri, 12/06/2019 - 7:55am
Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I've written about this before. One quote: "The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small family groups in the East African highlands in 100,000 BC,... Bruce Schneier
Categories: Schneier on Security

Election Machine Insecurity Story

Thu, 12/05/2019 - 7:06am
Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge's race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across more than 100 precincts. Some machines reported zero votes for him.... Bruce Schneier
Categories: Schneier on Security

Becoming a Tech Policy Activist

Wed, 12/04/2019 - 7:04am
Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It's a powerful call for public-interest technologists.... Bruce Schneier
Categories: Schneier on Security

RSA-240 Factored

Tue, 12/03/2019 - 3:12pm
This just in: We are pleased to announce the factorization of RSA-240, from RSA's challenge list, and the computation of a discrete logarithm of the same size (795 bits): RSA-240 = 12462036678171878406583504460810659043482037465167880575481878888328 966680118821085503603957027250874750986476843845862105486553797025393057189121 768431828636284694840530161441643046806687569941524699318570418303051254959437 1372159029236099 = 509435952285839914555051023580843714132648382024111473186660296521821206469746 700620316443478873837606252372049619334517 * 244624208838318150567813139024002896653802092578931401452041221336558477095178 155258218897735030590669041302045908071447 [...] The previous records were RSA-768 (768 bits) in December 2009 [2], and a 768-bit prime discrete logarithm in... Bruce Schneier
Categories: Schneier on Security

The Story of Tiversa

Tue, 12/03/2019 - 7:19am
The New Yorker has published the long and interesting story of the cybersecurity firm Tiversa. Watching "60 Minutes," Boback saw a remarkable new business angle. Here was a multibillion-dollar industry with a near-existential problem and no clear solution. He did not know it then, but, as he turned the opportunity over in his mind, he was setting in motion a... Bruce Schneier
Categories: Schneier on Security

Cameras that Automatically Detect Mobile Phone Use

Mon, 12/02/2019 - 6:56am
New South Wales is implementing a camera system that automatically detects when a driver is using a mobile phone.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Squid-Like Underwater Drone

Fri, 11/29/2019 - 5:13pm
The Sea Hunting Autonomous Reconnaissance Drone (SHARD) swims like a squid and can explode on command. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Manipulating Machine Learning Systems by Manipulating Training Data

Fri, 11/29/2019 - 6:43am
Interesting research: "TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents": Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training... Bruce Schneier
Categories: Schneier on Security

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

Wed, 11/27/2019 - 4:34pm
The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but this is a welcome development. The DHS is seeking public feedback.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: T-Shirt

Fri, 11/22/2019 - 5:19pm
"Squid Pro Quo" T-shirt. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

The NSA Warns of TLS Inspection

Fri, 11/22/2019 - 7:16am
The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection (TLSI), also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network. Introducing this capability into an enterprise... Bruce Schneier
Categories: Schneier on Security

GPS Manipulation

Thu, 11/21/2019 - 7:26am
Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand. The Shanghai "crop circles," which somehow spoof each vessel to a different false location, are something new. "I'm still puzzled by this," says Humphreys. "I can't get it to work out in the math. It's an... Bruce Schneier
Categories: Schneier on Security

Iran Has Shut Off the Internet

Wed, 11/20/2019 - 7:52am
Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns.... Bruce Schneier
Categories: Schneier on Security

Security Vulnerabilities in Android Firmware

Mon, 11/18/2019 - 7:33am
Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and it is extremely likely that many of the vulnerabilities are not exploitable -- making them bugs... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Planctotuethis Squid

Fri, 11/15/2019 - 5:13pm
Neat video, and an impressive-looking squid. I can't figure out how long it is. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Pages