Category: Schneier on Security

This article has been indexed from Schneier on Security Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt: In short, data volume and accessibility are revolutionizing sensemaking. The…

Read more →

This article has been indexed from Schneier on Security An actually serious scientific journal has published a paper speculating that octopus and squid could be of extraterrestrial origin. News article. As usual, you can also use this squid post to…

Read more →

This article has been indexed from Schneier on Security Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal…

Read more →

This article has been indexed from Schneier on Security MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems…

Read more →

This article has been indexed from Schneier on Security The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha”…

Read more →

This article has been indexed from Schneier on Security There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s…

Read more →

This article has been indexed from Schneier on Security New fossils from Newfoundland push the origins of cephalopods to 522 million years ago. As usual, you can also use this squid post to talk about the security stories in the…

Read more →

This article has been indexed from Schneier on Security A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann…

Read more →

This article has been indexed from Schneier on Security There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a…

Read more →

This article has been indexed from Schneier on Security The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International…

Read more →

This article has been indexed from Schneier on Security Nice article on the piglet squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog…

Read more →

This article has been indexed from Schneier on Security China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with…

Read more →

This article has been indexed from Schneier on Security Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of…

Read more →

This article has been indexed from Schneier on Security Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab,…

Read more →

This article has been indexed from Schneier on Security Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!”…

Read more →

This article has been indexed from Schneier on Security New research: The researchers from the FAS Center for Systems Biology discovered a network of genes important in squid eye development that are known to also play a crucial role in…

Read more →

This article has been indexed from Schneier on Security This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s…

Read more →

This article has been indexed from Schneier on Security I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract: The…

Read more →

This article has been indexed from Schneier on Security Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by…

Read more →

This article has been indexed from Schneier on Security Researchers have figured how how to intercept and fake an iPhone reboot: We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that…

Read more →

This article has been indexed from Schneier on Security Some European cell phone carriers, and now T-Mobile, are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread. Read the original article: Apple’s…

Read more →

This article has been indexed from Schneier on Security Some European cellphone carriers, and now T-Mobile, are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Read the original article: Apple’s Private Relay is…

Read more →

This article has been indexed from Schneier on Security The price of squid in Korea is rising due to limited supply. As usual, you can also use this squid post to talk about the security stories in the news that…

Read more →

This article has been indexed from Schneier on Security Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%. It’s hard to uninstall this option. Read the original article: Norton’s Antivirus Product Now Includes an Ethereum Miner

Read more →

This article has been indexed from Schneier on Security DuckDuckGo has had a banner year: And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020 (23.6 billion). That’s big.…

Read more →

This article has been indexed from Schneier on Security Both Russia and Ukraine are preparing for military operations in cyberspace. Read the original article: More Russian Cyber Operations against Ukraine

Read more →

This article has been indexed from Schneier on Security We have discovered a squid — (Oegopsida, Magnapinnidae, Magnapinna sp.) — that lives at 6,000 meters deep. :They’re really weird,” says Vecchione. “They drift along with their arms spread out and…

Read more →

This article has been indexed from Schneier on Security This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They…

Read more →

This article has been indexed from Schneier on Security The US has returned $154 million in bitcoins stolen by a Sony employee. However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the…

Read more →

This article has been indexed from Schneier on Security Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the…

Read more →

This article has been indexed from Schneier on Security This seems big: The UK government has officially included decapod crustaceans–including crabs, lobsters, and crayfish–and cephalopod mollusks–including octopuses, squid, and cuttlefish–in its Animal Welfare (Sentience) Bill. This means they are now…

Read more →

This article has been indexed from Schneier on Security Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute.…

Read more →

This article has been indexed from Schneier on Security This is a current list of where and when I am scheduled to speak: I’m speaking at the RSA Conference 2022 in San Francisco on February 8, 2022. I’m speaking at…

Read more →

This article has been indexed from Schneier on Security It’s serious: The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application.…

Read more →

This article has been indexed from Schneier on Security The Far Side is always good for a squid reference. Here’s a recent one. As usual, you can also use this squid post to talk about the security stories in the…

Read more →

This article has been indexed from Schneier on Security A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and it’s been written…

Read more →

This article has been indexed from Schneier on Security Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of…

Read more →

This article has been indexed from Schneier on Security I hope this is true: According to Jens Zimmermann, the German coalition negotiations had made it “quite clear” that the incoming government of the Social Democrats (SPD), the Greens and the…

Read more →

This article has been indexed from Schneier on Security Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu…

Read more →

This article has been indexed from Schneier on Security From Ontario and not surprising: Since September 2021, officers have investigated five incidents where suspects have placed small tracking devices on high-end vehicles so they can later locate and steal them.…

Read more →

This article has been indexed from Schneier on Security Squeeze the Squid is a band. They just released their second album. As usual, you can also use this squid post to talk about the security stories in the news that…

Read more →

This article has been indexed from Schneier on Security Matt Blaze tested a variety of Faraday cages for phones, both commercial and homemade. The bottom line: A quick and likely reliable “go/no go test” can be done with an Apple…

Read more →

This article has been indexed from Schneier on Security A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same…

Read more →

This article has been indexed from Schneier on Security Interesting: Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always…

Read more →

This article has been indexed from Schneier on Security Following California’s lead, a new UK law would ban default passwords in IoT devices. Read the original article: Proposed UK Law Bans Default Passwords

Read more →

This article has been indexed from Schneier on Security Piling more on NSO Group’s legal troubles, Apple is < a href=”https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/”>suing them: The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent…

Read more →

This article has been indexed from Schneier on Security I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one. Read the original article:…

Read more →

This article has been indexed from Schneier on Security “Eerie video captures elusive, alien-like squid gliding in the Gulf of Mexico.” As usual, you can also use this squid post to talk about the security stories in the news that…

Read more →

This article has been indexed from Schneier on Security Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to…

Read more →

This article has been indexed from Schneier on Security I received email from two people who told me that Micorosoft Edge enabled synching without warning or consent, which means that Micorosoft sucked up all of their bookmarks. Of course they…

Read more →

This article has been indexed from Schneier on Security The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam: As the agency describes it, the scammer will contact their victim and somehow convince them that…

Read more →

This article has been indexed from Schneier on Security The other day I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to…

Read more →

This article has been indexed from Schneier on Security For a limited time, I am selling signed copies of Click Here to Kill Everybody and Data and Goliath, both in paperback, for just $6 each plus shipping. I have 500…

Read more →

This article has been indexed from Schneier on Security This is part 3 of Sean Gallagher’s advice for “securing your digital life.” Read the original article: Securing Your Smartphone

Read more →

This article has been indexed from Schneier on Security This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at @Hack on November 29, 2021. The…

Read more →

This article has been indexed from Schneier on Security Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting…

Read more →

This article has been indexed from Schneier on Security Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting…

Read more →

This article has been indexed from Schneier on Security ArsTechnica’s Sean Gallagher has a two–part article on “securing your digital life.” It’s pretty good. Read the original article: Advice for Personal Digital Security

Read more →

This article has been indexed from Schneier on Security I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest…

Read more →

This article has been indexed from Schneier on Security We’ve now had an (unsuccessful) assassination attempt by explosive-laden drones. Read the original article: Drones Carrying Explosives

Read more →

This article has been indexed from Schneier on Security The Squid Game cryptocurrency was a complete scam: The SQUID cryptocurrency peaked at a price of $2,861 before plummeting to $0 around 5:40 a.m. ET., according to the website CoinMarketCap. This…

Read more →

This article has been indexed from Schneier on Security The Israeli cyberweapons arms manufacturer — and human rights violator, and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and…

Read more →

This article has been indexed from Schneier on Security It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands: Basically, it…

Read more →

This article has been indexed from Schneier on Security Interesting Twitter thread on how cell phone metadata can be used to identify and track people who don’t want to be identified and tracked. Read the original article: On Cell Phone…

Read more →

This article has been indexed from Schneier on Security Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think…

Read more →

This article has been indexed from Schneier on Security In what maybe peak hype, Squid Game has its own cryptocurrency. Not in the fictional show, but in real life. As usual, you can also use this squid post to talk…

Read more →

This article has been indexed from Schneier on Security Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks: Nobelium has…

Read more →

This article has been indexed from Schneier on Security Vice has detailed article about how the FBI gets data from cell providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation. Read the original article:…

Read more →

This article has been indexed from Schneier on Security Citizen Lab is <a href=”https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/”reporting that a New York Times journalist was hacked with the NSO Group’s spyware Pegasus, probably by the Saudis. The world needs to do something about these…

Read more →

This article has been indexed from Schneier on Security Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least…

Read more →

This article has been indexed from Schneier on Security Roger Grimes on why multifactor authentication isn’t a panacea: The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the…

Read more →

This article has been indexed from Schneier on Security Here’s a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy…

Read more →

This article has been indexed from Schneier on Security Researchers trained a machine-learning system on videos of people typing their PINs into ATMs: By using three tries, which is typically the maximum allowed number of attempts before the card is…

Read more →

This article has been indexed from Schneier on Security New video of a large squid in the Red Sea at about 2,800 feet. As usual, you can also use this squid post to talk about the security stories in the…

Read more →

This article has been indexed from Schneier on Security Even before Apple made their announcement, law enforcement shifted their battle for back doors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications…

Read more →

This article has been indexed from Schneier on Security This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is…

Read more →

This article has been indexed from Schneier on Security New paper: “This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces. Abstract: Recently, generative adversarial networks (GANs) have achieved stunning realism, fooling even human observers. Indeed, the popular tongue-in-cheek…

Read more →

This article has been indexed from Schneier on Security It’s a matter of going after those with deep pockets. From Wired: Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and…

Read more →

This article has been indexed from Schneier on Security I feel sorry for the accused: The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding…

Read more →

This article has been indexed from Schneier on Security It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance. To…

Read more →

This article has been indexed from Schneier on Security This is interesting: A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China…

Read more →

This article has been indexed from Schneier on Security Facebook — along with Instagram and WhatsApp — went down globally today. Basically, someone deleted their BGP records, which made their DNS fall apart. …at approximately 11:39 a.m. ET today (15:39…

Read more →

This article has been indexed from Schneier on Security Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test. Read the original article: Cheating on Tests

Read more →

This article has been indexed from Schneier on Security The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing.…

Read more →

This article has been indexed from Schneier on Security The NSA and CISA have released a document on how to harden your VPN. Read the original article: Hardening Your VPN

Read more →

This article has been indexed from Schneier on Security These two sites tell you what sorts of information you’re leaking from your browser. Read the original article: Check What Information Your Browser Leaks

Read more →

This article has been indexed from Schneier on Security No, I don’t understand it, either. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog…

Read more →

This article has been indexed from Schneier on Security This isn’t the first time I’ve received an e-mail like this: Hey! I’ve done my research and looked at a lot of facts and old forgotten archives. I know that you…

Read more →

This article has been indexed from Schneier on Security The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of…

Read more →

This article has been indexed from Schneier on Security ROT8000 is the Unicode equivalent of ROT13. What’s clever about it is that normal English looks like Chinese, and not like ciphertext (to a typical Westerner, that is). Read the original…

Read more →

This article has been indexed from Schneier on Security The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn’t pass it along to victims because it would have disrupted an ongoing operation. The…

Read more →

This article has been indexed from Schneier on Security Apparently, a nation-state hacked Alaska’s Department of Health and Social Services. Not sure why Alaska’s Department of Health and Social Services is of any interest to a nation-state, but that’s probably…

Read more →

This article has been indexed from Schneier on Security You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere). As usual, you can also use this squid post to talk about the security stories in the…

Read more →

This article has been indexed from Schneier on Security Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles…

Read more →

This article has been indexed from Schneier on Security It’s the eyes: The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil…

Read more →

This article has been indexed from Schneier on Security This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I’m speaking at the Infosecurity Magazine EMEA Autumn Online…

Read more →

This article has been indexed from Schneier on Security Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic. Read the original article: Designing Contact-Tracing Apps

Read more →

This article has been indexed from Schneier on Security Researchers have found possible evidence of paternal care among bigfin reef squid. As usual, you can also use this squid post to talk about the security stories in the news that…

Read more →

This article has been indexed from Schneier on Security After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.” Read the original article:…

Read more →

This article has been indexed from Schneier on Security We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor. Read…

Read more →