Feed aggregator

Google Login Security for High-Risk Users

Bruce Shneier's Blog - Mon, 10/30/2017 - 12:23
Google has a new login service for high-risk users. it's good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google's malware scanners will use a... Bruce Schneier
Categories: Security News

​A flaw in Google's bug database exposed private security vulnerability reports

zdnet 0 day - Mon, 10/30/2017 - 10:00
The bug allowed the researcher to see the most sensitive vulnerabilities in Google's services.
Categories: Security News

Friday Squid Blogging: Steel Mesh Giant Squid Used as Artificial Reef

Bruce Shneier's Blog - Fri, 10/27/2017 - 16:28
Researchers in the British Virgin Islands have sunk a giant squid made out of steel mesh to serve as an artificial reef. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

FBI Increases Its Anti-Encryption Rhetoric

Bruce Shneier's Blog - Fri, 10/27/2017 - 14:45
Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law -- or something like that. The EFF's Kurt Opsahl takes it apart pretty thoroughly. Last week, FBI Director Christopher Wray said much the same thing. This is an idea that will not die.... Bruce Schneier
Categories: Security News

As Congress mulls surveillance reforms, here are the good, bad, and ugly options

zdnet 0 day - Thu, 10/26/2017 - 13:00
For the first time since the Edward Snowden surveillance revelations, lawmakers get to choose a new law.
Categories: Security News

Cisco rolls out new storage networking telemetry capabilities

zdnet 0 day - Thu, 10/26/2017 - 07:00
As data from critical applications proliferates, customers are looking for deep visibility across the storage network, Cisco says.
Categories: Security News

Hackers can gain full access to maritime ship data through a built-in backdoor

zdnet 0 day - Thu, 10/26/2017 - 07:00
The AmosConnect communication shipboard platform is so weak, complete hijacking is easy -- and there's an open door, too.
Categories: Security News

The Science of Interrogation

Bruce Shneier's Blog - Thu, 10/26/2017 - 05:09
Fascinating article about two psychologists who are studying interrogation techniques. Now, two British researchers are quietly revolutionising the study and practice of interrogation. Earlier this year, in a meeting room at the University of Liverpool, I watched a video of the Diola interview alongside Laurence Alison, the university's chair of forensic psychology, and Emily Alison, a professional counsellor. My permission... Bruce Schneier
Categories: Security News

Kaspersky says NSA hacking tools obtained after malware was found

zdnet 0 day - Wed, 10/25/2017 - 06:31
Apparently, a pirate download of Microsoft Office could be the root of all the trouble.
Categories: Security News

CSE Releases Malware Analysis Tool

Bruce Shneier's Blog - Wed, 10/25/2017 - 06:07
The Communications Security Establishment of Canada -- basically, Canada's version of the NSA -- has released a suite of malware analysis tools: Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is... Bruce Schneier
Categories: Security News

How to turn your watch, shoes, or household junk into a password

zdnet 0 day - Wed, 10/25/2017 - 05:05
Researchers are exploring ways to use your smartphone's camera as a secure way to identify yourself.
Categories: Security News

Whistleblower system SecureDrop fixes information leak vulnerability

zdnet 0 day - Wed, 10/25/2017 - 03:43
While serious, the bug would take advanced skills to exploit in a very small time window.
Categories: Security News

Hackers hijack Coinhive cryptocurrency miner through an old password

zdnet 0 day - Wed, 10/25/2017 - 02:54
Yet another lesson in how not to secure your network.
Categories: Security News

After quietly infecting a million devices, Reaper botnet set to be worse than Mirai

zdnet 0 day - Tue, 10/24/2017 - 07:46
Reaper is on track to become one of the largest botnets recorded in recent years — and yet nobody seems to know what it will do or when. But researchers say the damage could be bigger than last year's cyberattack.
Categories: Security News

Reaper Botnet

Bruce Shneier's Blog - Tue, 10/24/2017 - 06:01
It's based on the Mirai code, but much more virulent: While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using actual software-hacking techniques to break into devices instead. It's the difference between checking... Bruce Schneier
Categories: Security News

Arm announces PSA security architecture for IoT devices

zdnet 0 day - Mon, 10/23/2017 - 09:00
Arm hopes the adoption of its new PSA system will help protect trillions of connected devices in the future.
Categories: Security News

Hacking Back

Bruce Shneier's Blog - Mon, 10/23/2017 - 06:16
Hacking back is a terrible idea that just will not die. Josephine Wolff takes apart the new hacking back bill that was introduced in the House recently.... Bruce Schneier
Categories: Security News

Kaspersky Lab tries to claw back trust with transparency initiative

zdnet 0 day - Mon, 10/23/2017 - 05:33
The company has promised independent source code reviews and increased bug bounty rewards in the future.
Categories: Security News

Pay with Google launched to speed up online payments

zdnet 0 day - Mon, 10/23/2017 - 03:35
Google's online payments system is designed to speed up purchases and reduce failure rates.
Categories: Security News

Friday Squid Blogging: "How the Squid Lost Its Shell"

Bruce Shneier's Blog - Fri, 10/20/2017 - 16:24
Interesting essay by Danna Staaf, the author of Squid Empire. (I mentioned the book two weeks ago.) As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News