Secure Your Home Wi-Fi Router

The most effective steps you can take to secure your wireless network at home is to change the default admin password, enable WPA2 encryption and use a strong password for your wireless network.
Categories: Security

New KRACK Attack Against Wi-Fi Encryption

Schneier on Security - Mon, 10/16/2017 - 15:39
Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This is yet another of a series of marketed attacks; with a cool name, a... Bruce Schneier
Categories: Security

Never Respond to Emails Asking for Personal Information

Companies you do business with should never ask for your account information, credit card numbers or password in an email. If you have any questions about an email you receive that supposedly came from your financial institution or service provider, find their number on their website and call them.
Categories: Security

Friday Squid Blogging: International Squid Awareness Day

Schneier on Security - Fri, 10/13/2017 - 23:26
It's International Cephalopod Awareness Days this week, and Tuesday was Squid Day. I can't believe I missed it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

My Blogging

Schneier on Security - Fri, 10/13/2017 - 21:13
Blog regulars will notice that I haven't been posting as much lately as I have in the past. There are two reasons. One, it feels harder to find things to write about. So often it's the same stories over and over. I don't like repeating myself. Two, I am busy writing a book. The title is still: Click Here to... Bruce Schneier
Categories: Security

Technology to Out Sex Workers

Schneier on Security - Fri, 10/13/2017 - 13:57
Two related stories: PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names. Facebook somehow managed to link a sex worker's clients under her fake name to her real profile. Sometimes people have legitimate... Bruce Schneier
Categories: Security

Cloud Security

One of the most effective steps you can take to protect your cloud account is to make sure you are using two-step verification. In addition, always be sure you know exactly whom you are sharing files with. It is very easy to accidently share your files with the entire Internet when you think you are only sharing them with specific individuals.
Categories: Security

Impersonating iOS Password Prompts

Schneier on Security - Thu, 10/12/2017 - 13:43
This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps that are stuck during installation.... Bruce Schneier
Categories: Security


Ransomware is a special type of malware. Once it infected your computer, it encrypts all of your files and demands you pay a ransome if you want your files back. Be suspicious of any emails trying to trick you into opening infected attachments or click on malicious links, common sense is your best defense. In addition. backups are often the only way you can recover from ransomware.
Categories: Security

More on Kaspersky and the Stolen NSA Attack Tools

Schneier on Security - Wed, 10/11/2017 - 21:54
Both the New York Times and the Washington Post are reporting that Israel has penetrated Kaspersky's network and detected the Russian operation. From the New York Times: Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky's access to aggressively scan for American government classified programs... Bruce Schneier
Categories: Security

Kids and Education

One of the most effective methods you can use to protect kids online is to talk to them. The younger you start talking to them, and they to you, the better. Hold regular conversations about online safety issues, even going so far as to show them actual negative events that have taken place. If you don't know what your kids are doing, simply ask. Play the clueless parent and ask them to show you what the latest technologies are and how they use them. Quite often, kids love the idea of being the teacher and will open up.
Categories: Security

Changes in Password Best Practices

Schneier on Security - Tue, 10/10/2017 - 13:19
NIST recently published its four-volume SP800-63b Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to... Bruce Schneier
Categories: Security

Back up Your Files

Eventually, we all have an accident or get hacked. And when we do, backups are often the only way to recover. Backups are cheap and easy; make sure you are backing up all of your personal information (such as family photos) on a regular basis.
Categories: Security

White House Chief of Staff John Kelly's Cell Phone was Tapped

Schneier on Security - Mon, 10/09/2017 - 13:10
Politico reports that White House Chief of Staff John Kelly's cell phone was compromised back in December. I know this is news because of who he is, but I hope every major government official of any country assumes that their commercial off-the-shelf cell phone is compromised. Even allies spy on allies; remember the reports that the NSA tapped the cell... Bruce Schneier
Categories: Security

Shopping Online

When shopping online, always use your credit cards instead of a debit card. If any fraud happens, it is far easier to recover your money from a credit card transaction. Gift cards and one-time-use credit card numbers are even more secure.
Categories: Security

Friday Squid Blogging: Baby Ichthyosaurus Fed on Squid

Schneier on Security - Fri, 10/06/2017 - 23:21
New discovery: paper and article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Yet Another Russian Hack of the NSA -- This Time with Kaspersky's Help

Schneier on Security - Fri, 10/06/2017 - 15:06
The Wall Street Journal has a bombshell of a story. Yet another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersky Labs anti-virus installed on his home computer. This is a huge deal, both for... Bruce Schneier
Categories: Security

Email and Emotions

Never send an email when you are angry; you will most likely regret it later. Instead, when you are emotional and want to reply to someone, open up an email and write everything you feel, but do not send it. (Be sure there is no name in the TO field so that you do not accidently send it.) After you have vented, save the email and come back an hour later. You only want to reply to any type of emotional situation after you have had time to cool down.
Categories: Security

Replacing Social Security Numbers

Schneier on Security - Thu, 10/05/2017 - 22:22
In the wake of the Equifax break, I've heard calls to replace Social Security numbers. Steve Bellovin explains why this is hard.... Bruce Schneier
Categories: Security


When traveling, it is very easy to forget where you are when discussing business with colleagues. That airport, taxi, restaurant or hotel lobby may have individuals nearby eavesdropping on your conversation. When discussing confidential information, agree to hold off on the conversation until you can be assured of privacy. Also, be careful not to share sensitive information with strangers you meet.
Categories: Security
Syndicate content

eXTReMe Tracker