Harassment By Package Delivery

Schneier on Security - Thu, 02/22/2018 - 14:04
People harassing women by delivering anonymous packages purchased from Amazon. On the one hand, there is nothing new here. This could have happened decades ago, pre-Internet. But the Internet makes this easier, and the article points out that using prepaid gift cards makes this anonymous. I am curious how much these differences make a difference in kind, and what can... Bruce Schneier
Categories: Security

New Spectre/Meltdown Variants

Schneier on Security - Wed, 02/21/2018 - 14:13
Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks.... Bruce Schneier
Categories: Security

Facebook Will Verify the Physical Location of Ad Buyers with Paper Postcards

Schneier on Security - Tue, 02/20/2018 - 14:34
It's not a great solution, but it's something: The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a federal office, Katie Harbath, Facebook's global director of policy programs, said. The requirement will not apply to issue-based political ads, she said. "If you run an ad mentioning a candidate,... Bruce Schneier
Categories: Security

On the Security of Walls

Schneier on Security - Tue, 02/20/2018 - 00:24
Interesting history of the security of walls: Dún Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles, 17th century star-shaped artillery fortifications, and even "defense in depth" security architecture promoted today by the National Institute of Standards and Technology, the Nuclear Regulatory Commission, and countless other security organizations world-wide. Security advances... Bruce Schneier
Categories: Security

Friday Squid Blogging: Squid Pin

Schneier on Security - Sat, 02/17/2018 - 00:08
There's a squid pin on Kickstarter. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

New National Academies Report on Crypto Policy

Schneier on Security - Fri, 02/16/2018 - 17:17
The National Academies has just published "Decrypting the Encryption Debate: A Framework for Decision Makers." It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here.... Bruce Schneier
Categories: Security

Election Security

Schneier on Security - Thu, 02/15/2018 - 17:14
Good Washington Post op-ed on the need to use voter-verifiable paper ballots to secure elections, as well as risk-limiting audits.... Bruce Schneier
Categories: Security

Can Consumers' Online Data Be Protected?

Schneier on Security - Wed, 02/14/2018 - 14:43
Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn't mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies,... Bruce Schneier
Categories: Security

Jumping Air Gaps

Schneier on Security - Tue, 02/13/2018 - 14:26
Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its internal fan generates, by changing air temperatures in patterns that the receiving... Bruce Schneier
Categories: Security

Internet Security Threats at the Olympics

Schneier on Security - Mon, 02/12/2018 - 14:36
There are a lot: The cybersecurity company McAfee recently uncovered a cyber operation, dubbed Operation GoldDragon, attacking South Korean organizations related to the Winter Olympics. McAfee believes the attack came from a nation state that speaks Korean, although it has no definitive proof that this is a North Korean operation. The victim organizations include ice hockey teams, ski suppliers, ski... Bruce Schneier
Categories: Security

Calling Squid "Calamari" Makes It More Appetizing

Schneier on Security - Sat, 02/10/2018 - 00:17
Research shows that what a food is called affects how we think about it. Research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Living in a Smart Home

Schneier on Security - Fri, 02/09/2018 - 15:59
In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results.... Bruce Schneier
Categories: Security

Water Utility Infected by Cryptocurrency Mining Software

Schneier on Security - Thu, 02/08/2018 - 19:55
A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I've seen it infect SCADA systems, though. It seems that this mining software is benign, and doesn't affect the performance of the hacked computer. (A smart... Bruce Schneier
Categories: Security

Cabinet of Secret Documents from Australia

Schneier on Security - Wed, 02/07/2018 - 14:19
This story of leaked Australian government secrets is unlike any other I've heard: It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys. They were purchased for small change and sat unopened... Bruce Schneier
Categories: Security

Poor Security at the UK National Health Service

Schneier on Security - Tue, 02/06/2018 - 14:33
The Guardian is reporting that "every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required." This is the same NHS that was debilitated by WannaCry. EDITED TO ADD (2/13): More news. And don't think that US hospitals are much better.... Bruce Schneier
Categories: Security

Sensitive Super Bowl Security Documents Left on an Airplane

Schneier on Security - Mon, 02/05/2018 - 23:46
A CNN reporter found some sensitive -- but, technically, not classified -- documents about Super Bowl security in the front pocket of an airplane seat.... Bruce Schneier
Categories: Security

Friday Squid Blogging: Kraken Pie

Schneier on Security - Sat, 02/03/2018 - 00:36
Pretty, but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Signed Malware

Schneier on Security - Fri, 02/02/2018 - 14:38
Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003. The researchers said they... Bruce Schneier
Categories: Security

Jackpotting Attacks Against US ATMs

Schneier on Security - Thu, 02/01/2018 - 14:23
Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside. The Secret Service alert explains that the attackers typically use an endoscope -- a slender, flexible instrument traditionally used in medicine... Bruce Schneier
Categories: Security

Israeli Scientists Accidentally Reveal Classified Information

Schneier on Security - Wed, 01/31/2018 - 22:37
According to this story (non-paywall English version here), Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the information was copied and is found on a number of platforms. Those officials have managed to... Bruce Schneier
Categories: Security
Syndicate content

eXTReMe Tracker