Schneier on Security

Subscribe to Schneier on Security feed
A blog covering security and security technology. Movable Type Pro
Updated: 20 hours 4 min ago

Friday Squid Blogging: More on the Giant Squid's DNA

Fri, 01/24/2020 - 16:18
Following on from last week's post, here's more information on sequencing the DNA of the giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Technical Report of the Bezos Phone Hack

Fri, 01/24/2020 - 08:34
Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman. ...investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they... Bruce Schneier
Categories: Security News

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Thu, 01/23/2020 - 06:10
This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a... Bruce Schneier
Categories: Security News

Half a Million IoT Device Passwords Published

Wed, 01/22/2020 - 06:09
It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a... Bruce Schneier
Categories: Security News

Brazil Charges Glenn Greenwald with Cybercrimes

Tue, 01/21/2020 - 15:23
Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking: Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a "clear role in facilitating the commission of a crime." For... Bruce Schneier
Categories: Security News

SIM Hijacking

Tue, 01/21/2020 - 06:30
SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours. Sometimes this involves people inside... Bruce Schneier
Categories: Security News

Clearview AI and Facial Recognition

Mon, 01/20/2020 - 08:53
The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to... Bruce Schneier
Categories: Security News

Friday Squid Blogging: Giant Squid Genome Analyzed

Fri, 01/17/2020 - 16:19
This is fantastic work: In total, the researchers identified approximately 2.7 billion DNA base pairs, which is around 90 percent the size of the human genome. There's nothing particularly special about that size, especially considering that the axolotl genome is 10 times larger than the human genome. It's going to take some time to fully understand and appreciate the intricacies... Bruce Schneier
Categories: Security News

Securing Tiffany's Move

Thu, 01/16/2020 - 10:01
Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.... Bruce Schneier
Categories: Security News

Critical Windows Vulnerability Discovered by NSA

Wed, 01/15/2020 - 06:38
Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.... Bruce Schneier
Categories: Security News

Upcoming Speaking Engagements

Tue, 01/14/2020 - 13:00
This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On... Bruce Schneier
Categories: Security News

5G Security

Tue, 01/14/2020 - 07:42
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. More insidious... Bruce Schneier
Categories: Security News

Artificial Personas and Public Discourse

Mon, 01/13/2020 - 08:21
Presidential campaign season is officially, officially, upon us now, which means it's time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: artificial personas are coming, and they're poised to take over political debate. The risk arises from two separate threads coming together: artificial intelligence-driven text generation and... Bruce Schneier
Categories: Security News