Security News

In Trump's first year, FISA court denied record number of surveillance orders

zdnet 0 day - Wed, 04/25/2018 - 14:35
More surveillance orders were denied during President Donald Trump's first year in office than in the court's history.
Categories: Security News

Hackers built a 'master key' for millions of hotel rooms

zdnet 0 day - Wed, 04/25/2018 - 08:00
New research shows how hackers can manipulate hotel room key cards to gain access to an entire building.
Categories: Security News

Two NSA Algorithms Rejected by the ISO

Bruce Shneier's Blog - Wed, 04/25/2018 - 06:54
The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they're backdoored. And I always like seeing... Bruce Schneier
Categories: Security News

Baseball Code

Bruce Shneier's Blog - Tue, 04/24/2018 - 14:09
Info on the coded signals used by the Colorado Rockies.... Bruce Schneier
Categories: Security News

Computer Alarm that Triggers When Lid Is Opened

Bruce Shneier's Blog - Tue, 04/24/2018 - 06:04
"Do Not Disturb" is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering. Wire article: Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop's webcam to catch the... Bruce Schneier
Categories: Security News

Russia is Banning Telegram

Bruce Shneier's Blog - Mon, 04/23/2018 - 14:15
Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses, many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first place. Such a weird story. If you want secure... Bruce Schneier
Categories: Security News

Atlanta spent at least $2.6 million on ransomware recovery

zdnet 0 day - Mon, 04/23/2018 - 12:01
The ransom was never paid, because the payment portal was pulled offline by the attacker.
Categories: Security News

Yet Another Biometric: Ear Shape

Bruce Shneier's Blog - Mon, 04/23/2018 - 07:48
This acoustic technology identifies individuals by their ear shapes. No information about either false positives or false negatives.... Bruce Schneier
Categories: Security News

17 internet-connected things that really shouldn't be online

zdnet 0 day - Mon, 04/23/2018 - 07:00
A roundup of some of the more bizarre things that are online -- but really shouldn't be.
Categories: Security News

SunTrust Banks ex-employee may have stolen 1.5 million customer records

zdnet 0 day - Mon, 04/23/2018 - 01:28
The former staff member is suspected of stealing customer data belonging to the financial company.
Categories: Security News

Friday Squid Blogging: Squid Prices Rise as Catch Decreases

Bruce Shneier's Blog - Fri, 04/20/2018 - 16:26
In Japan: Last year's haul sank 15% to 53,000 tons, according to the JF Zengyoren national federation of fishing cooperatives. The squid catch has fallen by half in just two years. The previous low was plumbed in 2016. Lighter catches have been blamed on changing sea temperatures, which impedes the spawning and growth of the squid. Critics have also pointed... Bruce Schneier
Categories: Security News

Securing Elections

Bruce Shneier's Blog - Fri, 04/20/2018 - 06:44
Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them. Today, we conduct our elections... Bruce Schneier
Categories: Security News

LinkedIn bug allowed data to be stolen from user profiles

zdnet 0 day - Thu, 04/19/2018 - 15:48
Private profile data — like phone numbers and email addresses — could have been easily collected.
Categories: Security News

Gold Galleon hackers target maritime shipping industry

zdnet 0 day - Thu, 04/19/2018 - 07:46
Researchers say a Nigerian hacking group is gleefully plundering maritime shipping businesses and their customers.
Categories: Security News

Lifting a Fingerprint from a Photo

Bruce Shneier's Blog - Thu, 04/19/2018 - 06:51
Police in the UK were able to read a fingerprint from a photo of a hand: Staff from the unit's specialist imaging team were able to enhance a picture of a hand holding a number of tablets, which was taken from a mobile phone, before fingerprint experts were able to positively identify that the hand was that of Elliott Morris.... Bruce Schneier
Categories: Security News

Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others

zdnet 0 day - Wed, 04/18/2018 - 08:00
Exclusive: Profile data was scraped without user consent or knowledge to "build a three-dimensional picture" on millions of people.
Categories: Security News

Oblivious DNS

Bruce Shneier's Blog - Wed, 04/18/2018 - 06:29
Interesting idea: ...we present Oblivious DNS (ODNS), which is a new design of the DNS ecosystem that allows current DNS servers to remain unchanged and increases privacy for data in motion and at rest. In the ODNS system, both the client is modified with a local resolver, and there is a new authoritative name server for .odns. To prevent an... Bruce Schneier
Categories: Security News

IBM launches open-source library for securing AI systems

zdnet 0 day - Wed, 04/18/2018 - 05:46
The framework-agnostic software library contains attacks, defenses, and benchmarks for securing artificial intelligence systems.
Categories: Security News

Fortinet Security Fabric merges with IBM Threat Management system

zdnet 0 day - Wed, 04/18/2018 - 05:43
IBM and Fortinet's strategic relationship has expanded with the combination of security solutions and threat data.
Categories: Security News

Hyperledger bug bounty program goes public

zdnet 0 day - Wed, 04/18/2018 - 04:29
The open-source blockchain project is now asking the public to help in the quest to squash bugs impacting the platform.
Categories: Security News