Blogroll

The mating and death characteristics of some squid are fascinating. Research paper. EDITED TO ADD (2/5): Additional info and photos. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches,... Bruce Schneier

A new vulnerability in WhatsApp has been discovered: ...the researchers unearthed far more significant gaps in WhatsApp's security: They say that anyone who controls WhatsApp's servers could effortlessly insert new people into an otherwise private group, even without the permission of the administrator who ostensibly controls access to that conversation. Matthew Green has a good description: If all you want... Bruce Schneier

This is clever: Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject­ -- a window, say -- someone might want... Bruce Schneier

This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration. So... Bruce Schneier

Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The... Bruce Schneier

The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries... Bruce Schneier

The New Zealand home of the colossal squid exhibit is behind renovated. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier

Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger. Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than... Bruce Schneier

Interesting.... Bruce Schneier

Interesting article by Major General Hao Yeli, Chinese People's Liberation Army (ret.), a senior advisor at the China International Institute for Strategic Society, Vice President of China Institute for Innovation and Development Strategy, and the Chair of the Guanchao Cyber Forum. Against the background of globalization and the internet era, the emerging cyber sovereignty concept calls for breaking through the... Bruce Schneier

Jim Risen writes a long and interesting article about his battles with the US government and the New York Times to report government secrets.... Bruce Schneier

No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee.... Bruce Schneier

This seems to be a trend. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier

Funny.... Bruce Schneier

Summary article.... Bruce Schneier

In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files.... Bruce Schneier

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we call "Going Dark." Technology increasingly... Bruce Schneier

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to -- and can -- adjust to the new realities.... Bruce Schneier

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan.... Bruce Schneier