Bruce Shneier's Blog

Subscribe to Bruce Shneier's Blog feed
A blog covering security and security technology. Movable Type Pro
Updated: 10 hours 1 min ago

Friday Squid Blogging: Squid Comic

Fri, 05/25/2018 - 16:18
It's not very good, but it has a squid in it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Security and Human Behavior (SHB 2018)

Fri, 05/25/2018 - 13:57
I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers,... Bruce Schneier
Categories: Security News

Detecting Lies through Mouse Movements

Fri, 05/25/2018 - 06:25
Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent's true identity. Here, we report a novel technique for detecting faked identities based... Bruce Schneier
Categories: Security News

Font Steganography

Thu, 05/24/2018 - 06:29
Interesting research in steganography at the font level.... Bruce Schneier
Categories: Security News

Supermarket Shoplifting

Wed, 05/23/2018 - 06:11
The rise of self-checkout has caused a corresponding rise in shoplifting.... Bruce Schneier
Categories: Security News

Another Spectre-Like CPU Vulnerability

Tue, 05/22/2018 - 09:38
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called "Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown in January, I predicted that we'll be seeing a lot more of these sorts of vulnerabilities. Spectre... Bruce Schneier
Categories: Security News

Japan's Directorate for Signals Intelligence

Mon, 05/21/2018 - 09:54
The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work ­ even the... Bruce Schneier
Categories: Security News

Friday Squid Blogging: Flying Squid

Fri, 05/18/2018 - 16:20
Flying squid are real. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Maliciously Changing Someone's Address

Fri, 05/18/2018 - 06:20
Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later. The problem, of course, is that in the US there isn't any authentication of change-of-address submissions: According to the Postal Service, nearly 37 million change-of-address requests ­ known as PS Form 3575 ­ were submitted in 2017. The form,... Bruce Schneier
Categories: Security News

White House Eliminates Cybersecurity Position

Thu, 05/17/2018 - 06:23
The White House has eliminated the cybersecurity coordinator position. This seems like a spectacularly bad idea.... Bruce Schneier
Categories: Security News

Accessing Cell Phone Location Information

Wed, 05/16/2018 - 06:16
The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant: The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from... Bruce Schneier
Categories: Security News

Sending Inaudible Commands to Voice Assistants

Tue, 05/15/2018 - 06:13
Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant. Inside university labs, the researchers have... Bruce Schneier
Categories: Security News

Details on a New PGP Vulnerability

Mon, 05/14/2018 - 13:36
A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL attacks exploit vulnerabilities in the... Bruce Schneier
Categories: Security News

Critical PGP Vulnerability

Mon, 05/14/2018 - 09:33
EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. There are currently no reliable... Bruce Schneier
Categories: Security News