Schneier on Security

Subscribe to Schneier on Security feed
A blog covering security and security technology. Movable Type Pro
Updated: 17 hours 58 min ago

Friday Squid Blogging: Shark vs. Squid

Fri, 06/05/2020 - 16:19
National Geographic has a photo of a 7-foot long shark that fought a giant squid and lived to tell the tale. Or, at least, lived to show off the suction marks on his skin. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting... Bruce Schneier
Categories: Security News

New Research: "Privacy Threats in Intimate Relationships"

Fri, 06/05/2020 - 06:13
I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these relationships, and many otherwise effective... Bruce Schneier
Categories: Security News

Zoom's Commitment to User Security Depends on Whether you Pay It or Not

Thu, 06/04/2020 - 06:24
Zoom was doing so well.... And now we have this: Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. "Free users for sure we don't want to give that because we also want to work... Bruce Schneier
Categories: Security News

Wallpaper that Crashes Android Phones

Wed, 06/03/2020 - 06:11
This is interesting: The image, a seemingly innocuous sunset (or dawn) sky above placid waters, may be viewed without harm. But if loaded as wallpaper, the phone will crash. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe's Twitter thread, the problem lies in the way color space is handled by the... Bruce Schneier
Categories: Security News

"Sign in with Apple" Vulnerability

Tue, 06/02/2020 - 06:27
Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD (6/2): Another story.... Bruce Schneier
Categories: Security News

Password Changing After a Breach

Mon, 06/01/2020 - 06:08
This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in... Bruce Schneier
Categories: Security News

Friday Squid Blogging: Humboldt Squid Communication

Fri, 05/29/2020 - 16:07
Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Bogus Security Technology: An Anti-5G USB Stick

Fri, 05/29/2020 - 12:02
The 5GBioShield sells for £339.60, and the description sounds like snake oil: ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other electrical, radiation or EMF [electromagnetic field] emitting device". "Through a process... Bruce Schneier
Categories: Security News

Facebook Announces Messenger Security Features that Don't Compromise Privacy

Fri, 05/29/2020 - 06:37
Note that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling... Bruce Schneier
Categories: Security News

Thermal Imaging as Security Theater

Thu, 05/28/2020 - 06:50
Seems like thermal imaging is the security theater technology of today. These features are so tempting that thermal cameras are being installed at an increasing pace. They're used in airports and other public transportation centers to screen travelers, increasingly used by companies to screen employees and by businesses to screen customers, and even used in health care facilities to screen... Bruce Schneier
Categories: Security News

Websites Conducting Port Scans

Wed, 05/27/2020 - 06:45
Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors. Looking at the list of ports they are scanning, they are looking for VNC services being run on the host, which is the same thing that was reported for bank sites. I marked out the ports and what they are known... Bruce Schneier
Categories: Security News

Bluetooth Vulnerability: BIAS

Tue, 05/26/2020 - 06:54
This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key. Those procedures... Bruce Schneier
Categories: Security News