Thursday, October 1, 2020
Bruce Schneier

Detecting Deep Fakes with a Heartbeat

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...
Bruce Schneier

Negotiating with Ransomware Gangs

Really interesting conversation with someone who negotiates with ransomware gangs: For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy...
Bruce Schneier

Hacking a Coffee Maker

As expected, IoT devices are filled with vulnerabilities: As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After...
Bruce Schneier

On Executive Order 12333

Mark Jaycox has written a long article on the US Executive Order 12333: “No Oversight, No Limits, No Worries: A Primer on Presidential Spying and Executive Order 12,333“: Abstract: Executive Order 12,333 (“EO 12333”) is a 1980s Executive Order signed...
Bruce Schneier

Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging

I thought the virus doesn’t survive well on food packaging: Authorities in China’s northeastern Jilin province have found the novel coronavirus on the packaging of imported squid, health authorities in the city of Fuyu said on Sunday, urging anyone who...
Bruce Schneier

CEO of NS8 Charged with Securities Fraud

The founder and CEO of the Internet security company NS8 has been arrested and “charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud.” I admit that I’ve...
Bruce Schneier

Iranian Government Hacking Android

The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought...
Bruce Schneier

Documented Death from a Ransomware Attack

A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. I think this is the first documented case of a cyberattack causing a fatality. UK hospitals had...
Bruce Schneier

Interview with the Author of the 2000 Love Bug Virus

No real surprises, but we finally have the story. The story he went on to tell is strikingly straightforward. De Guzman was poor, and internet access was expensive. He felt that getting online was almost akin to a human right...
Bruce Schneier

Amazon Delivery Drivers Hacking Scheduling System

Amazon drivers — all gig workers who don’t work for the company — are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are: The phones in trees...
Bruce Schneier

Friday Squid Blogging: Nano-Sized SQUIDS

SQUID news: Physicists have developed a small, compact superconducting quantum interference device (SQUID) that can detect magnetic fields. The team l focused on the instrument’s core, which contains two parallel layers of graphene. As usual, you can also use this squid...
Bruce Schneier

Nihilistic Password Security Questions

Posted three years ago, but definitely appropriate for the times.
Bruce Schneier

Matt Blaze on OTP Radio Stations

Matt Blaze discusses an interesting mystery about a Cuban one-time-pad radio station, and a random number generator error that probably helped arrest a pair of Russian spies in the US.
Bruce Schneier

New Bluetooth Vulnerability

There’s a new unpatched Bluetooth vulnerability: The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two...

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams IT and security teams must learn how to navigate to uncertain environments in order to build lasting resilience, according to Jordan Schroeder, deputy MD & managing CISO at Hefestis, speaking...

InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices

IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...
The Register

Huawei’s UK code reviewers say the company is still crap at basic software security

Last year telcos scrambled to plug 'critical user-facing vuln' in Chinese network kit UK.gov security researchers examining Huawei source code have so far verified just eight firmware binaries out of more than 60 used across Britain's mobile phone networks,...
ZDNet

With API attacks rising, Cloudflare launches a free API security tool

Claudflare launches API Shield, a new service to protect web APIs against attacks.
IBM Security

Integrating Security Awareness Training Into Employee Onboarding

Training your team on security awareness is an essential part of a successful security program. And, new employee onboarding is an optimal time to introduce your staff to your security best practices. This is in large part due to the...