Security News

The TSA's Selective Laptop Ban

Bruce Shneier's Blog - Mon, 03/27/2017 - 06:28
Last Monday, the TSA announced a peculiar new security measure to take effect within 96 hours. Passengers flying into the US on foreign airlines from eight Muslim countries would be prohibited from carrying aboard any electronics larger than a smartphone. They would have to be checked and put into the cargo hold. And now the UK is following suit. It's... Bruce Schneier
Categories: Security News

Security awareness relies on balance of technical, human-behavior skill sets

zdnet 0 day - Mon, 03/27/2017 - 06:27
On one side sits a technical security practitioner. On the other sits a person with advanced skills in changing behaviors and community engagement. Which creates successful security awareness?
Categories: Security News

​Microsoft yanks search after complaints of exposed sensitive files

zdnet 0 day - Sat, 03/25/2017 - 20:00
Security experts pointed to numerous sensitive and personal files found on Microsoft's document sharing site, which lets users share documents publicly by default.
Categories: Security News

Friday Squid Blogging: Squid from Utensils

Bruce Shneier's Blog - Fri, 03/24/2017 - 16:06
Available on eBay. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.... Bruce Schneier
Categories: Security News

How to protect your Apple iCloud account

zdnet 0 day - Fri, 03/24/2017 - 14:41
Worried about hackers destroying your iCloud music, pictures, and documents? Here are three things you should do right now.
Categories: Security News

Commenting Policy for This Blog

Bruce Shneier's Blog - Fri, 03/24/2017 - 14:20
Over the past few months, I have been watching my blog comments decline in civility. I blame it in part on the contentious US election and its aftermath. It's also a consequence of not requiring visitors to register in order to post comments, and of our tolerance for impassioned conversation. Whatever the causes, I'm tired of it. Partisan nastiness is... Bruce Schneier
Categories: Security News

Second WikiLeaks Dump of CIA Documents

Bruce Shneier's Blog - Fri, 03/24/2017 - 06:46
There are more CIA documents up on WikiLeaks. It seems to be mostly MacOS and iOS -- including exploits that are installed on the hardware before they're delivered to the customer. News articles.... Bruce Schneier
Categories: Security News

Contact centers branded the 'Achilles heel' of the enterprise

zdnet 0 day - Fri, 03/24/2017 - 06:13
Could phoneprinting tackle the contact center weak link in the enterprise chain?
Categories: Security News

Apple iCloud ransom demands: The facts you need to know

zdnet 0 day - Thu, 03/23/2017 - 17:53
ZDNet has uncovered several loose ends with a claim regarding millions of iCloud accounts held for ransom, and questions remain. Users should act with an abundance of caution to protect their accounts.
Categories: Security News

Hackers Threaten to Erase Apple Customer Data

Bruce Shneier's Blog - Thu, 03/23/2017 - 09:09
Turkish hackers are threatening to erase millions of iCloud user accounts unless Apple pays a ransom. This is a weird story, and I'm skeptical of some of the details. Presumably Apple has decided that it's smarter to spend the money on secure backups and other security measures than to pay the ransom. But we'll see how this unfolds.... Bruce Schneier
Categories: Security News

NSA Best Scientific Cybersecurity Paper Competition

Bruce Shneier's Blog - Wed, 03/22/2017 - 12:17
Every year, the NSA has a competition for the best cybersecurity paper. Winners get to go to the NSA to pick up the award. (Warning: you will almost certainly be fingerprinted while you're there.) Submission guidelines and nomination page.... Bruce Schneier
Categories: Security News

New Paper on Encryption Workarounds

Bruce Shneier's Blog - Wed, 03/22/2017 - 06:23
I have written a paper with Orin Kerr on encryption workarounds. Our goal wasn't to make any policy recommendations. (That was a good thing, since we probably don't agree on any.) Our goal was to present a taxonomy of different workarounds, and discuss their technical and legal characteristics and complications. Abstract: The widespread use of encryption has triggered a new... Bruce Schneier
Categories: Security News

Lithuanian con artist scams two US tech giants out of $100 million

zdnet 0 day - Wed, 03/22/2017 - 02:00
That the phisher was able to dupe the companies, which work with social media, is perhaps the biggest surprise.
Categories: Security News

NSA Documents from before 1930

Bruce Shneier's Blog - Tue, 03/21/2017 - 13:17
Here is a listing of all the documents that the NSA has in its archives that are dated earlier than 1930.... Bruce Schneier
Categories: Security News

You're right. That 'electronic Muslim ban' makes no sense

zdnet 0 day - Tue, 03/21/2017 - 12:50
Analysis: US officials have been less than forthcoming regarding a potential threat, which only hurts public trust and confidence.
Categories: Security News

Citing terror threat, US confirms electronics ban on some US-bound flights

zdnet 0 day - Tue, 03/21/2017 - 10:11
Senior administration officials said terrorists are 'aggressively pursuing' ways to carry out new attacks, such as smuggling explosive devices in consumer items, but left key questions unanswered.
Categories: Security News

WikiLeaks Not Disclosing CIA-Hoarded Vulnerabilities to Companies

Bruce Shneier's Blog - Tue, 03/21/2017 - 06:05
WikiLeaks has started publishing a large collection of classified CIA documents, including information on several -- possibly many -- unpublished (i.e., zero-day) vulnerabilities in computing equipment used by Americans. Despite assurances that the US government prioritizes defense over offense, it seems that the CIA was hoarding vulnerabilities. (It's not just the CIA; last year we learned that the NSA is,... Bruce Schneier
Categories: Security News

US government to ban most electronics from some US-bound flights

zdnet 0 day - Mon, 03/20/2017 - 17:09
Homeland Security isn't saying what the reason for the impending ban is, but that a change to the rules have been considered for several weeks.
Categories: Security News

Friedman Comments on Yardley

Bruce Shneier's Blog - Mon, 03/20/2017 - 13:47
This is William Friedman's highly annotated copy of Herbert Yardley's book, The American Black Chamber.... Bruce Schneier
Categories: Security News

Hundreds of Cisco switches vulnerable to flaw found in WikiLeaks files

zdnet 0 day - Mon, 03/20/2017 - 11:56
The flaw was found by Cisco security researchers, despite WikiLeaks' claiming that the CIA hacking unit disclosures did not contain working vulnerabilities.
Categories: Security News