Security

Subverting Backdoored Encryption

Schneier on Security - Wed, 04/04/2018 - 14:03
This is a really interesting research result. This paper proves that two parties can create a secure communications channel using a communications system with a backdoor. It's a theoretical result, so it doesn't talk about how easy that channel is to create. And the assumptions on the adversary are pretty reasonable: that each party can create his own randomness, and... Bruce Schneier
Categories: Security

Public Hearing on IoT Risks

Schneier on Security - Tue, 04/03/2018 - 12:22
The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk... Bruce Schneier
Categories: Security

Musical Ciphers

Schneier on Security - Mon, 04/02/2018 - 12:23
Interesting history.... Bruce Schneier
Categories: Security

Friday Squid Blogging: Market Squid in Alaskan Waters

Schneier on Security - Fri, 03/30/2018 - 22:17
Rising sea temperatures is causing market squid to move north into Alaskan waters. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Unlocking iPhones with Dead People's Fingerprints

Schneier on Security - Fri, 03/30/2018 - 12:11
It's routine for US police to unlock iPhones with the fingerprints of dead people. It seems only to work with recently dead people.... Bruce Schneier
Categories: Security

Facebook and Cambridge Analytica

Schneier on Security - Thu, 03/29/2018 - 21:50
In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us... Bruce Schneier
Categories: Security

Another Branch Prediction Attack

Schneier on Security - Thu, 03/29/2018 - 12:23
When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code... Bruce Schneier
Categories: Security

Breaking the Anonymity in the Cryptocurrency Monero

Schneier on Security - Wed, 03/28/2018 - 20:25
Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions. Research paper. BoingBoing post.... Bruce Schneier
Categories: Security

Tracing Stolen Bitcoin

Schneier on Security - Wed, 03/28/2018 - 12:30
Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post: Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then under poison, the output is ten stolen bitcoin, while under haircut... Bruce Schneier
Categories: Security

Fooling Face Recognition with Infrared Light

Schneier on Security - Tue, 03/27/2018 - 15:35
Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post.... Bruce Schneier
Categories: Security

Adding Backdoors at the Chip Level

Schneier on Security - Mon, 03/26/2018 - 15:26
Interesting research into undetectably adding backdoors into computer chips during manufacture: "Stealthy dopant-level hardware Trojans: extended version," also available here: Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during... Bruce Schneier
Categories: Security

Friday Squid Blogging: Giant Squid Stealing Food from Each Other

Schneier on Security - Fri, 03/23/2018 - 22:06
An interesting hunting strategy: Off of northern Spain, giant squid often feed on schools of fish called blue whiting. The schools swim 400 meters or less below the surface, while the squid prefer to hang out around a mile deep. The squid must ascend to hunt, probably seizing fish from below with their tentacles, then descend again. In this scenario,... Bruce Schneier
Categories: Security

Zeynep Tufekci on Facebook and Cambridge Analytica

Schneier on Security - Fri, 03/23/2018 - 20:21
Zeynep Tufekci is particularly cogent about Facebook and Cambridge Analytica. Several news outlets asked me to write about this issue. I didn't, because 1) my book manuscript is due on Monday (finally!), and 2) I knew Zeynep would say what I would say, only better.... Bruce Schneier
Categories: Security

GreyKey iPhone Unlocker

Schneier on Security - Fri, 03/23/2018 - 12:28
Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end... Bruce Schneier
Categories: Security

Reverse Engineering the Cuban Sonic Weapon

Schneier on Security - Thu, 03/22/2018 - 15:43
Interesting analysis and speculation.... Bruce Schneier
Categories: Security

Hijacking Computers for Cryptocurrency Mining

Schneier on Security - Wed, 03/21/2018 - 12:27
Interesting paper "A first look at browser-based cryptojacking": Abstract: In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or... Bruce Schneier
Categories: Security

Dan Geer on the Dangers of Computer-Only Systems

Schneier on Security - Tue, 03/20/2018 - 12:00
A good warning, delivered in classic Dan Geer style.... Bruce Schneier
Categories: Security

Israeli Security Attacks AMD by Publishing Zero-Day Exploits

Schneier on Security - Mon, 03/19/2018 - 12:27
Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website, detailed whitepaper, cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA -- and logos we've come to expect from these sorts of things. What's new is that the company only gave AMD a day's notice, which breaks... Bruce Schneier
Categories: Security

Friday Squid Blogging: New Squid Species Discovered in Australia

Schneier on Security - Fri, 03/16/2018 - 22:10
A new species of pygmy squid was discovered in Western Australia. It's pretty cute. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Interesting Article on Marcus Hutchins

Schneier on Security - Fri, 03/16/2018 - 12:12
This is a good article on the complicated story of hacker Marcus Hutchins.... Bruce Schneier
Categories: Security
Syndicate content

eXTReMe Tracker