Feed aggregator

Friday Squid Blogging: Squid Comic

Bruce Shneier's Blog - Fri, 05/25/2018 - 16:18
It's not very good, but it has a squid in it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Security and Human Behavior (SHB 2018)

Bruce Shneier's Blog - Fri, 05/25/2018 - 13:57
I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers,... Bruce Schneier
Categories: Security News

Apple reveals latest government data demand figures

zdnet 0 day - Fri, 05/25/2018 - 13:34
The company said it will soon start reporting app takedowns from its app stores.
Categories: Security News

Your logo and branded vulnerability aren't helping: How to disclose better

zdnet 0 day - Fri, 05/25/2018 - 12:28
We are going to change the way business and marketing leaders interact with researchers and analysts, and raise the bar for ethics. We are going to empower researchers and analysts to advocate business and marketing leaders for better practices.
Categories: Security News

Detecting Lies through Mouse Movements

Bruce Shneier's Blog - Fri, 05/25/2018 - 06:25
Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent's true identity. Here, we report a novel technique for detecting faked identities based... Bruce Schneier
Categories: Security News

Bitcoin Gold suffers double spend attacks, $17.5 million lost

zdnet 0 day - Fri, 05/25/2018 - 03:11
An unknown threat actor has so far managed to steal over 388,000 BTG from cryptocurrency exchanges.
Categories: Security News

T-Mobile bug let anyone see any customer's account details

zdnet 0 day - Thu, 05/24/2018 - 12:57
Exclusive: The exposed lookup tool let anyone run a customer's phone number -- and obtain their home address and account PIN, used to contact phone support.
Categories: Security News

Insurance startup leaks sensitive customer health data

zdnet 0 day - Thu, 05/24/2018 - 07:09
The storage bucket wasn't protected with a password and was accessible by anyone.
Categories: Security News

Font Steganography

Bruce Shneier's Blog - Thu, 05/24/2018 - 06:29
Interesting research in steganography at the font level.... Bruce Schneier
Categories: Security News

Supermarket Shoplifting

Bruce Shneier's Blog - Wed, 05/23/2018 - 06:11
The rise of self-checkout has caused a corresponding rise in shoplifting.... Bruce Schneier
Categories: Security News

Verge blockchain comes under attack, again

zdnet 0 day - Wed, 05/23/2018 - 06:05
It seems the same attack vector used to steal cryptocurrency reserves only just over a month ago is at fault.
Categories: Security News

Over a dozen vulnerabilities uncovered in BMW vehicles

zdnet 0 day - Wed, 05/23/2018 - 05:10
Tencent's Keen Security Lab found a number of serious bugs which could be exploited by attackers to remotely attack a number of BMW models.
Categories: Security News

​FBI inflated encrypted device figures, misleading public

zdnet 0 day - Tue, 05/22/2018 - 20:12
Encrypted cell phones were a major obstacle to criminal investigation. The FBI now admits the problem was much smaller than they'd originally reported.
Categories: Security News

FBI won't say how many investigations are hindered by encryption

zdnet 0 day - Tue, 05/22/2018 - 14:00
The agency says encrypted phones harm its investigations, but it won't say how many are affected.
Categories: Security News

Another Spectre-Like CPU Vulnerability

Bruce Shneier's Blog - Tue, 05/22/2018 - 09:38
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called "Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown in January, I predicted that we'll be seeing a lot more of these sorts of vulnerabilities. Spectre... Bruce Schneier
Categories: Security News

Student awarded $36,000 for remote execution flaw in Google App Engine

zdnet 0 day - Tue, 05/22/2018 - 03:47
The discovery was made by a university student who was not aware of how dangerous the vulnerability was.
Categories: Security News

Ahead of GDPR, UK fines University of Greenwich £120,000 over data breach

zdnet 0 day - Tue, 05/22/2018 - 02:58
Information belonging to almost 20,000 staff and students was exposed in the security incident.
Categories: Security News

Spectre chip security vulnerability strikes again; patches incoming

zdnet 0 day - Mon, 05/21/2018 - 19:32
A Google developer discovered a new way that a 'Spectre'-style check can be used to attack any computer running any operating system.
Categories: Security News

Comcast website bug leaks Xfinity customer data

zdnet 0 day - Mon, 05/21/2018 - 16:05
Exclusive: A bug in Comcast's website leaks sensitive customer information.
Categories: Security News

Japan's Directorate for Signals Intelligence

Bruce Shneier's Blog - Mon, 05/21/2018 - 09:54
The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work ­ even the... Bruce Schneier
Categories: Security News