Security News

Yet Another FBI Proposal for Insecure Communications

Bruce Shneier's Blog - Thu, 01/11/2018 - 07:05
Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we call "Going Dark." Technology increasingly... Bruce Schneier
Categories: Security News

Let's Encrypt disables TLS-SNI-01 validation

zdnet 0 day - Thu, 01/11/2018 - 05:27
It is possible to exploit the protocol to obtain certificates for domains you do not own.
Categories: Security News

Susan Landau's New Book: Listening In

Bruce Shneier's Blog - Wed, 01/10/2018 - 13:42
Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to -- and can -- adjust to the new realities.... Bruce Schneier
Categories: Security News

Cybersecurity and the 2017 US National Security Strategy

Bruce Shneier's Blog - Wed, 01/10/2018 - 07:27
Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan.... Bruce Schneier
Categories: Security News

Carphone Warehouse fined £400,000 over 2015 data breach

zdnet 0 day - Wed, 01/10/2018 - 06:02
The successful cyberattack exposed information belonging to millions of UK customers.
Categories: Security News

Adobe patches information leak vulnerability

zdnet 0 day - Wed, 01/10/2018 - 03:10
The bug impacts Windows, Mac, and Linux machines.
Categories: Security News

Savage Security snapped up by Threatcare

zdnet 0 day - Wed, 01/10/2018 - 02:30
Savage Security was assisting Threatcare with research before the buyout.
Categories: Security News

Daniel Miessler on My Writings about IoT Security

Bruce Shneier's Blog - Tue, 01/09/2018 - 15:26
Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything is doom and gloom. I... Bruce Schneier
Categories: Security News

Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches

zdnet 0 day - Tue, 01/09/2018 - 11:00
Windows 7 and Windows 8 users will notice the greatest decrease in system performance after the processor patches are applied.
Categories: Security News

FBI locked out of 7,775 encrypted devices in 2017, says director

zdnet 0 day - Tue, 01/09/2018 - 10:08
FBI director Christopher Wray said he supports strong encryption but called an inability to access encrypted devices an "urgent public safety issue."
Categories: Security News

NSA Morale

Bruce Shneier's Blog - Tue, 01/09/2018 - 05:58
The Washington Post is reporting that poor morale at the NSA is causing a significant talent shortage. A November New York Times article said much the same thing. The articles point to many factors: the recent reorganization, low pay, and the various leaks. I have been saying for a while that the Shadow Brokers leaks have been much more damaging... Bruce Schneier
Categories: Security News

With WPA3, Wi-Fi security is about to get a lot tougher

zdnet 0 day - Mon, 01/08/2018 - 16:28
Finally, a security reprieve for open Wi-Fi hotspot users.
Categories: Security News

Tourist Scams

Bruce Shneier's Blog - Mon, 01/08/2018 - 06:34
A comprehensive list. Most are old and obvious, but there are some clever variants.... Bruce Schneier
Categories: Security News

CoffeeMiner hijacks public Wi-Fi users' browsing sessions to mine cryptocurrency

zdnet 0 day - Mon, 01/08/2018 - 05:17
A new attack called CoffeeMiner can exploit public Wi-Fi services to secretly mine cryptocurrencies.
Categories: Security News

Friday Squid Blogging: How the Optic Lobe Controls Squid Camouflage

Bruce Shneier's Blog - Fri, 01/05/2018 - 16:42
Experiments on the oval squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Warrantless phone, laptop searches at the US border hit record levels

zdnet 0 day - Fri, 01/05/2018 - 14:56
One leading Democratic senator says the newly-enacted directives explicitly allow border officials to try to bypass the password or encryption on a device without reasonable suspicion.
Categories: Security News

Spectre and Meltdown Attacks Against Microprocessors

Bruce Shneier's Blog - Fri, 01/05/2018 - 14:22
The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the microprocessors at the heart of the world's... Bruce Schneier
Categories: Security News

New Book Coming in September: "Click Here to Kill Everybody"

Bruce Shneier's Blog - Fri, 01/05/2018 - 12:45
My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE. The table of contents has changed since I last blogged about this, and it now looks like this: Introduction: Everything... Bruce Schneier
Categories: Security News

Amazon turns over record amount of customer data to US law enforcement

zdnet 0 day - Fri, 01/05/2018 - 11:04
The company's fifth transparency report reveals more customer data was handed to US law enforcement in the first-half of last year than ever before.
Categories: Security News

Zero-day vulnerabilities hijack full Dell EMC Data Protection Suite

zdnet 0 day - Fri, 01/05/2018 - 09:00
Researchers have discovered severe vulnerabilities in the suite which can lead to full system takeover.
Categories: Security News