Wednesday, May 12, 2021
Bruce Schneier

AI Security Risk Assessment Tool

Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog.
Bruce Schneier

Ransomware Shuts Down US Pipeline

This is a major story: a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers...
Bruce Schneier

Newly Unclassified NSA Document on Cryptography in the 1970s

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era,” Cryptographic Quarterly, Spring 1996, author still classified.
Bruce Schneier

Friday Squid Blogging: COVID Relief Funds

A town in Japan built a giant squid statue with its COVID relief grant. One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for “urgent...
Bruce Schneier

Teaching Cybersecurity to Children

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such...
Bruce Schneier

The Story of Colossus

Nice video of a talk by Chris Shore on the history of Colossus.
Bruce Schneier

New Spectre-Like Attacks

There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details: The new line of...
Bruce Schneier

Tesla Remotely Hacked from a Drone

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked...
Bruce Schneier

Identifying the Person Behind Bitcoin Fog

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people’s bitcoins up so that it was hard to figure out where any individual coins...
Bruce Schneier

Friday Squid Blogging: On Squid Coloration

Nice excerpt from Martin Wallin’s book Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Bruce Schneier

Serious MacOS Vulnerability Patched

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple...
Bruce Schneier

Identifying People Through Lack of Cell Phone Use

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance: After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque...
Bruce Schneier

Second Click Here to Kill Everybody Sale

For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. I have 600 copies of the book available. When they’re gone, the sale is over and the price...
Bruce Schneier

Security Vulnerabilities in Cellebrite

Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages...
Bruce Schneier

When AIs Start Hacking

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth....
The Register

Blessed are the cryptographers, labelling them criminal enablers is just foolish

Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons Column  Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you...
The Hacker News

Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations

The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met. "The...
Security Affairs

NSA and ODNI analyze potential risks to 5G networks

U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office...
The Hacker News

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager,...
The Register

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…