Saturday, July 20, 2019
Bruce Schneier

Friday Squid Blogging: Squid Mural

Large squid mural in the Bushwick neighborhood of Brooklyn. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Bruce Schneier

John Paul Stevens Was a Cryptographer

I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy.
Bruce Schneier

Identity Theft on the Job Market

Identity theft is getting more subtle: "My job application was withdrawn by someone pretending to be me": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to...
Bruce Schneier

Zoom Vulnerability

The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera. It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website...
Bruce Schneier

Palantir’s Surveillance Service for Law Enforcement

Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly...
Bruce Schneier

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thurdsay, August 8, 2019. I'm speaking on "Information Security in the Public...
Bruce Schneier

Friday Squid Blogging: When the Octopus and Squid Lost Their Shells

Cephalopod ancestors once had shells. When did they lose them? With the molecular clock technique, which allowed him to use DNA to map out the evolutionary history of the cephalopods, he found that today's cuttlefish, squids and octopuses began to...
Bruce Schneier

Clickable Endnotes to Click Here to Kill Everybody

In Click Here to Kill Everybody, I promised clickable endnotes. They're finally available.
Bruce Schneier

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

At least one presidential candidate has a policy about quantum computing and encryption. It has two basic planks. One: fund quantum-resistant encryption standards. (Note: NIST is already doing this.) Two, fund quantum computing. (Unlike many far more pressing computer security...
Bruce Schneier

Resetting Your GE Smart Light Bulb

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions: Start with your bulb off for at least 5 seconds. Turn on for 8 seconds Turn off...
Bruce Schneier

Details of the Cloud Hopper Attacks

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two...
Bruce Schneier

Cell Networks Hacked by (Probable) Nation-State Attackers

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts...
Bruce Schneier

Cardiac Biometric

MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance: A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing...
Bruce Schneier

Ransomware Recovery Firms Who Secretly Pay Hackers

ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.