After Section 702 Reauthorization

Schneier on Security - Wed, 01/31/2018 - 14:06
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law. Section 702 was initially passed in 2008, as an amendment to the Foreign Intelligence... Bruce Schneier
Categories: Security

Subway Elevators and Movie-Plot Threats

Schneier on Security - Tue, 01/30/2018 - 14:26
Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awful to me," said Claudia Ward, who... Bruce Schneier
Categories: Security

Locating Secret Military Bases via Fitness Data

Schneier on Security - Mon, 01/29/2018 - 22:17
In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. News article.... Bruce Schneier
Categories: Security

Estimating the Cost of Internet Insecurity

Schneier on Security - Mon, 01/29/2018 - 14:18
It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples": Abstract: There is marked variability from... Bruce Schneier
Categories: Security

Friday Squid Blogging: Squid that Mate, Die, and Then Sink

Schneier on Security - Sat, 01/27/2018 - 00:23
The mating and death characteristics of some squid are fascinating. Research paper. EDITED TO ADD (2/5): Additional info and photos. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

The Effects of the Spectre and Meltdown Vulnerabilities

Schneier on Security - Fri, 01/26/2018 - 14:12
On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches,... Bruce Schneier
Categories: Security

WhatsApp Vulnerability

Schneier on Security - Thu, 01/25/2018 - 14:47
A new vulnerability in WhatsApp has been discovered: ...the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Matthew Green has a good description: If all you want... Bruce Schneier
Categories: Security

Detecting Drone Surveillance with Traffic Analysis

Schneier on Security - Wed, 01/24/2018 - 13:28
This is clever: Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject­ -- a window, say -- someone might want... Bruce Schneier
Categories: Security

New Malware Hijacks Cryptocurrency Mining

Schneier on Security - Tue, 01/23/2018 - 14:41
This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration. So... Bruce Schneier
Categories: Security

Skygofree: New Government Malware for Android

Schneier on Security - Mon, 01/22/2018 - 20:06
Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The... Bruce Schneier
Categories: Security

Dark Caracal: Global Espionage Malware from Lebanon

Schneier on Security - Mon, 01/22/2018 - 14:38
The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries... Bruce Schneier
Categories: Security

Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated

Schneier on Security - Sat, 01/20/2018 - 00:48
The New Zealand home of the colossal squid exhibit is behind renovated. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Security Breaches Don't Affect Stock Price

Schneier on Security - Fri, 01/19/2018 - 14:06
Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than... Bruce Schneier
Categories: Security

Student Cracks Inca Knot Code

Schneier on Security - Thu, 01/18/2018 - 15:12
Interesting.... Bruce Schneier
Categories: Security

Article from a Former Chinese PLA General on Cyber Sovereignty

Schneier on Security - Wed, 01/17/2018 - 14:23
Interesting article by Major General Hao Yeli, Chinese People's Liberation Army (ret.), a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the background of globalization and the internet era, the emerging cyber sovereignty concept calls for breaking through the... Bruce Schneier
Categories: Security

Jim Risen Writes about Reporting Government Secrets

Schneier on Security - Tue, 01/16/2018 - 14:58
Jim Risen writes a long and interesting article about his battles with the US government and the New York Times to report government secrets.... Bruce Schneier
Categories: Security

Fighting Ransomware

Schneier on Security - Mon, 01/15/2018 - 14:43
No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee.... Bruce Schneier
Categories: Security

Friday Squid Blogging: Japanese "Dude Food" Includes Squid

Schneier on Security - Sat, 01/13/2018 - 00:12
This seems to be a trend. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

XKCD's Smartphone Security System

Schneier on Security - Fri, 01/12/2018 - 20:51
Funny.... Bruce Schneier
Categories: Security

Facial Recognition Is Coming to Retail

Schneier on Security - Fri, 01/12/2018 - 14:29
Summary article.... Bruce Schneier
Categories: Security
Syndicate content

eXTReMe Tracker