Artificial Intelligence and the Attack/Defense Balance

Schneier on Security - Thu, 03/15/2018 - 13:16
Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two sets: what humans do well... Bruce Schneier
Categories: Security

The 600+ Companies PayPal Shares Your Data With

Schneier on Security - Wed, 03/14/2018 - 13:24
One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data.... Bruce Schneier
Categories: Security

E-Mailing Private HTTPS Keys

Schneier on Security - Tue, 03/13/2018 - 13:31
I don't know what to make of this story: The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec's certificate issuance business after Symantec... Bruce Schneier
Categories: Security

Greyshift Sells Phone Unlocking Services

Schneier on Security - Mon, 03/12/2018 - 21:27
Here's another company that claims to unlock phones for a price.... Bruce Schneier
Categories: Security

Two New Papers on the Encryption Debate

Schneier on Security - Mon, 03/12/2018 - 13:27
Seems like everyone is writing about encryption and backdoors this season. "Policy Approaches to the Encryption Debate," R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. "Encryption Policy in Democratic Regimes," East West Institute. I recently blogged about the new National Academies report on the same topic. Here's a review of the National Academies... Bruce Schneier
Categories: Security

Friday Squid Blogging: Interesting Interview

Schneier on Security - Sat, 03/10/2018 - 00:22
Here's an hour-long audio interview with squid scientist Sarah McAnulty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

OURSA Conference

Schneier on Security - Fri, 03/09/2018 - 14:24
Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It's in San Francisco, and it's during RSA, so you can attend both.... Bruce Schneier
Categories: Security

History of the US Army Security Agency

Schneier on Security - Thu, 03/08/2018 - 14:29
Interesting history of the US Army Security Agency in the early years of Cold War Germany.... Bruce Schneier
Categories: Security

New DDoS Reflection-Attack Variant

Schneier on Security - Wed, 03/07/2018 - 14:23
This is worrisome: DDoS vandals have long intensified their attacks by sending a small number of specially designed data packets to publicly available services. The services then unwittingly respond by sending a much larger number of unwanted packets to a target. The best known vectors for these DDoS amplification attacks are poorly secured domain name system resolution servers, which magnify... Bruce Schneier
Categories: Security

Security Vulnerabilities in Smart Contracts

Schneier on Security - Tue, 03/06/2018 - 14:18
Interesting research: "Finding The Greedy, Prodigal, and Suicidal Contracts at Scale": Abstract: Smart contracts -- stateful executable objects hosted on blockchains like Ethereum -- carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its... Bruce Schneier
Categories: Security

Intimate Partner Threat

Schneier on Security - Mon, 03/05/2018 - 19:13
Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it's almost a no-brainer. But in abusive... Bruce Schneier
Categories: Security

Extracting Secrets from Machine Learning Systems

Schneier on Security - Mon, 03/05/2018 - 13:20
This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research to be done here. EDITED... Bruce Schneier
Categories: Security

Friday Squid Blogging: Searching for Humboldt Squid with Electronic Bait

Schneier on Security - Sat, 03/03/2018 - 00:11
Video and short commentary. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Malware from Space

Schneier on Security - Fri, 03/02/2018 - 14:13
Since you don't have enough to worry about, here's a paper postulating that space aliens could send us malware capable of destroying humanity. Abstract: A complex message from space may require the use of computers to display, analyze and understand. Such a message cannot be decontaminated with certainty, and technical risks remain which can pose an existential threat. Complex messages... Bruce Schneier
Categories: Security

Russians Hacked the Olympics

Schneier on Security - Thu, 03/01/2018 - 14:47
Two weeks ago, I blogged about the myriad of hacking threats against the Olympics. Last week, the Washington Post reported that Russia hacked the Olympics network and tried to cast the blame on North Korea. Of course, the evidence is classified, so there's no way to verify this claim. And while the article speculates that the hacks were a retaliation... Bruce Schneier
Categories: Security

Apple to Store Encryption Keys in China

Schneier on Security - Wed, 02/28/2018 - 14:19
Apple is bowing to pressure from the Chinese government and storing encryption keys in China. While I would prefer it if it would take a stand against China, I really can't blame it for putting its business model ahead of its desires for customer privacy. Two more articles.... Bruce Schneier
Categories: Security

Cellebrite Unlocks iPhones for the US Government

Schneier on Security - Tue, 02/27/2018 - 13:58
Forbes reports that the Israeli company Cellebrite can probably unlock all iPhone models: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11. That includes the iPhone X,... Bruce Schneier
Categories: Security

E-Mail Leaves an Evidence Trail

Schneier on Security - Mon, 02/26/2018 - 23:39
If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important... Bruce Schneier
Categories: Security

Friday Squid Blogging: The Symbiotic Relationship Between the Bobtail Squid and a Particular Microbe

Schneier on Security - Sat, 02/24/2018 - 00:20
This is the story of the Hawaiian bobtail squid and Vibrio fischeri. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Election Security

Schneier on Security - Fri, 02/23/2018 - 14:11
I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. The measure authorizes appropriation of grants to the states to take important and time-sensitive actions, including: Replacing insecure paperless voting systems with new equipment that will process a paper ballot; Implementing... Bruce Schneier
Categories: Security
Syndicate content

eXTReMe Tracker