Schneier on Security

Syndicate content
A blog covering security and security technology. Movable Type Pro
Updated: 4 years 23 weeks ago

The DMCA and its Chilling Effects on Research

Mon, 04/16/2018 - 13:46
The Center for Democracy and Technology has a good summary of the current state of the DMCA's chilling effects on security research. To underline the nature of chilling effects on hacking and security research, CDT has worked to describe how tinkerers, hackers, and security researchers of all types both contribute to a baseline level of security in our digital environment... Bruce Schneier
Categories: Security

Friday Squid Blogging: Eating Firefly Squid

Fri, 04/13/2018 - 23:24
In Tokama, Japan, you can watch the firefly squid catch and eat them in various ways: "It's great to eat hotaruika around when the seasons change, which is when people tend to get sick," said Ryoji Tanaka, an executive at the Toyama prefectural federation of fishing cooperatives. "In addition to popular cooking methods, such as boiling them in salted water,... Bruce Schneier
Categories: Security

COPPA Compliance

Fri, 04/13/2018 - 13:43
Interesting research: "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the... Bruce Schneier
Categories: Security

Cybersecurity Insurance

Thu, 04/12/2018 - 13:36
Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Companies like retailers, banks, and healthcare providers began seeking out cyberinsurance in the early 2000s, when states first passed data breach notification laws. But even with 20 years' worth of experience and claims data in cyberinsurance, underwriters still struggle with... Bruce Schneier
Categories: Security

The Digital Security Exchange Is Live

Wed, 04/11/2018 - 13:33
Last year I wrote about the Digital Security Exchange. The project is live: The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with credible and trustworthy digital security experts and trainers who can help them keep... Bruce Schneier
Categories: Security

DARPA Funding in AI-Assisted Cybersecurity

Tue, 04/10/2018 - 13:11
DARPA is launching a program aimed at vulnerability discovery via human-assisted AI. The new DARPA program is called CHESS (Computers and Humans Exploring Software Security), and they're holding a proposers day in a week and a half. This is the kind of thing that can dramatically change the offense/defense balance.... Bruce Schneier
Categories: Security

Obscure E-Mail Vulnerability

Mon, 04/09/2018 - 13:30
This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so is the same as is the same as (Note: I do not own any of those email addresses -- if they're even valid.) Netflix doesn't ignore dots, so those are all unique e-mail addresses and... Bruce Schneier
Categories: Security

Friday Squid Blogging: Sake Decanters Made of Dried Squid

Fri, 04/06/2018 - 22:59
This is interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Subverting Backdoored Encryption

Wed, 04/04/2018 - 15:03
This is a really interesting research result. This paper proves that two parties can create a secure communications channel using a communications system with a backdoor. It's a theoretical result, so it doesn't talk about how easy that channel is to create. And the assumptions on the adversary are pretty reasonable: that each party can create his own randomness, and... Bruce Schneier
Categories: Security

Public Hearing on IoT Risks

Tue, 04/03/2018 - 13:22
The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk... Bruce Schneier
Categories: Security

Musical Ciphers

Mon, 04/02/2018 - 13:23
Interesting history.... Bruce Schneier
Categories: Security

Friday Squid Blogging: Market Squid in Alaskan Waters

Fri, 03/30/2018 - 23:17
Rising sea temperatures is causing market squid to move north into Alaskan waters. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Unlocking iPhones with Dead People's Fingerprints

Fri, 03/30/2018 - 13:11
It's routine for US police to unlock iPhones with the fingerprints of dead people. It seems only to work with recently dead people.... Bruce Schneier
Categories: Security

Facebook and Cambridge Analytica

Thu, 03/29/2018 - 22:50
In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us... Bruce Schneier
Categories: Security

Another Branch Prediction Attack

Thu, 03/29/2018 - 13:23
When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code... Bruce Schneier
Categories: Security

Breaking the Anonymity in the Cryptocurrency Monero

Wed, 03/28/2018 - 21:25
Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions. Research paper. BoingBoing post.... Bruce Schneier
Categories: Security

Tracing Stolen Bitcoin

Wed, 03/28/2018 - 13:30
Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post: Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then under poison, the output is ten stolen bitcoin, while under haircut... Bruce Schneier
Categories: Security

Fooling Face Recognition with Infrared Light

Tue, 03/27/2018 - 16:35
Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post.... Bruce Schneier
Categories: Security

Adding Backdoors at the Chip Level

Mon, 03/26/2018 - 16:26
Interesting research into undetectably adding backdoors into computer chips during manufacture: "Stealthy dopant-level hardware Trojans: extended version," also available here: Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during... Bruce Schneier
Categories: Security

Friday Squid Blogging: Giant Squid Stealing Food from Each Other

Fri, 03/23/2018 - 23:06
An interesting hunting strategy: Off of northern Spain, giant squid often feed on schools of fish called blue whiting. The schools swim 400 meters or less below the surface, while the squid prefer to hang out around a mile deep. The squid must ascend to hunt, probably seizing fish from below with their tentacles, then descend again. In this scenario,... Bruce Schneier
Categories: Security

eXTReMe Tracker