Blogroll

U.S. FDA says no medical device shortages due to virus outbreak

Health News (Reuters) - Thu, 02/27/2020 - 23:33
The U.S. Food and Drug Administration said on Thursday there were no reported shortages of medical devices within the country due to the ongoing coronavirus outbreak.
Categories: Health

The DMCA and its Chilling Effects on Research

Schneier on Security - Mon, 04/16/2018 - 13:46
The Center for Democracy and Technology has a good summary of the current state of the DMCA's chilling effects on security research. To underline the nature of chilling effects on hacking and security research, CDT has worked to describe how tinkerers, hackers, and security researchers of all types both contribute to a baseline level of security in our digital environment... Bruce Schneier
Categories: Security

Friday Squid Blogging: Eating Firefly Squid

Schneier on Security - Fri, 04/13/2018 - 23:24
In Tokama, Japan, you can watch the firefly squid catch and eat them in various ways: "It's great to eat hotaruika around when the seasons change, which is when people tend to get sick," said Ryoji Tanaka, an executive at the Toyama prefectural federation of fishing cooperatives. "In addition to popular cooking methods, such as boiling them in salted water,... Bruce Schneier
Categories: Security

COPPA Compliance

Schneier on Security - Fri, 04/13/2018 - 13:43
Interesting research: "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the... Bruce Schneier
Categories: Security

Cybersecurity Insurance

Schneier on Security - Thu, 04/12/2018 - 13:36
Good article about how difficult it is to insure an organization against Internet attacks, and how expensive the insurance is. Companies like retailers, banks, and healthcare providers began seeking out cyberinsurance in the early 2000s, when states first passed data breach notification laws. But even with 20 years' worth of experience and claims data in cyberinsurance, underwriters still struggle with... Bruce Schneier
Categories: Security

The Digital Security Exchange Is Live

Schneier on Security - Wed, 04/11/2018 - 13:33
Last year I wrote about the Digital Security Exchange. The project is live: The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with credible and trustworthy digital security experts and trainers who can help them keep... Bruce Schneier
Categories: Security

DARPA Funding in AI-Assisted Cybersecurity

Schneier on Security - Tue, 04/10/2018 - 13:11
DARPA is launching a program aimed at vulnerability discovery via human-assisted AI. The new DARPA program is called CHESS (Computers and Humans Exploring Software Security), and they're holding a proposers day in a week and a half. This is the kind of thing that can dramatically change the offense/defense balance.... Bruce Schneier
Categories: Security

Obscure E-Mail Vulnerability

Schneier on Security - Mon, 04/09/2018 - 13:30
This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses -- if they're even valid.) Netflix doesn't ignore dots, so those are all unique e-mail addresses and... Bruce Schneier
Categories: Security

Friday Squid Blogging: Sake Decanters Made of Dried Squid

Schneier on Security - Fri, 04/06/2018 - 22:59
This is interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Subverting Backdoored Encryption

Schneier on Security - Wed, 04/04/2018 - 15:03
This is a really interesting research result. This paper proves that two parties can create a secure communications channel using a communications system with a backdoor. It's a theoretical result, so it doesn't talk about how easy that channel is to create. And the assumptions on the adversary are pretty reasonable: that each party can create his own randomness, and... Bruce Schneier
Categories: Security

Public Hearing on IoT Risks

Schneier on Security - Tue, 04/03/2018 - 13:22
The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk... Bruce Schneier
Categories: Security

Musical Ciphers

Schneier on Security - Mon, 04/02/2018 - 13:23
Interesting history.... Bruce Schneier
Categories: Security

Friday Squid Blogging: Market Squid in Alaskan Waters

Schneier on Security - Fri, 03/30/2018 - 23:17
Rising sea temperatures is causing market squid to move north into Alaskan waters. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security

Unlocking iPhones with Dead People's Fingerprints

Schneier on Security - Fri, 03/30/2018 - 13:11
It's routine for US police to unlock iPhones with the fingerprints of dead people. It seems only to work with recently dead people.... Bruce Schneier
Categories: Security

Facebook and Cambridge Analytica

Schneier on Security - Thu, 03/29/2018 - 22:50
In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us... Bruce Schneier
Categories: Security

Another Branch Prediction Attack

Schneier on Security - Thu, 03/29/2018 - 13:23
When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one: In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code... Bruce Schneier
Categories: Security

Breaking the Anonymity in the Cryptocurrency Monero

Schneier on Security - Wed, 03/28/2018 - 21:25
Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions. Research paper. BoingBoing post.... Bruce Schneier
Categories: Security

Tracing Stolen Bitcoin

Schneier on Security - Wed, 03/28/2018 - 13:30
Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post: Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then under poison, the output is ten stolen bitcoin, while under haircut... Bruce Schneier
Categories: Security

Fooling Face Recognition with Infrared Light

Schneier on Security - Tue, 03/27/2018 - 16:35
Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post.... Bruce Schneier
Categories: Security

Adding Backdoors at the Chip Level

Schneier on Security - Mon, 03/26/2018 - 16:26
Interesting research into undetectably adding backdoors into computer chips during manufacture: "Stealthy dopant-level hardware Trojans: extended version," also available here: Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during... Bruce Schneier
Categories: Security
Syndicate content

eXTReMe Tracker