Thursday, July 19, 2018
Home News Schneier on Security

Schneier on Security

    Defeating the iPhone Restricted Mode

    Schneier on Security
    Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There...

    Installing a Credit Card Skimmer on a POS Terminal

    Schneier on Security
    Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station.

    Reasonably Clever Extortion E-mail Based on Password Theft

    Schneier on Security
    Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to...

    Gas Pump Hack

    Schneier on Security
    This is weird: Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day...

    Friday Squid Blogging: Antifungal Squid-Egg Coating

    Schneier on Security
    The Hawaiian bobtail squid coats its eggs with antifungal bacteria. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

    WPA3

    Schneier on Security
    Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks....

    Department of Commerce Report on the Botnet Threat

    Schneier on Security
    Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are...

    Recovering Keyboard Inputs through Thermal Imaging

    Schneier on Security
    Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled...

    PROPagate Code Injection Seen in the Wild

    Schneier on Security
    Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the...

    Friday Squid Blogging: Squid Unexpectedly Playing a Part in US/China Trade War

    Schneier on Security
    Chinese buyers are canceling orders to buy US squid in advance of an expected 25% tariff. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog...

    The NSA’s Domestic Surveillance Centers

    Schneier on Security
    The Intercept has a long story about the NSA's domestic interception points. Includes some new Snowden documents.

    Beating Facial Recognition Software with Face Makeup

    Schneier on Security
    At least right now, facial recognition algorithms don't work with Juggalo makeup.

    California Passes New Privacy Law

    Schneier on Security
    The California legislature unanimously passed the strongest data privacy law in the nation. This is great news, but I have a lot of reservations. The Internet tech companies pressed to get this law passed out of self-defense. A ballot...

    Traffic Analysis of the LTE Mobile Standard

    Schneier on Security
    Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting.

    Conservation of Threat

    Schneier on Security
    Here's some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into...
    Load more

    LATEST NEWS

    Why the Best Defense Is a Good Offensive Security Strategy

    IBM Security
    When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

    Google hit with $5.1b fine in EU’s Android antitrust case

    Naked Security
    This could mean the end of free Android. In the meantime, Google plans to appeal.

    Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

    Threatpost
    This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

    IDG Contributor Network: Hack like a CISO

    CSO
    I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

    Cisco patches critical vulnerabilities in Policy Suite

    ZDNet
    One of the worst security flaws permits attackers to act as root and execute arbitrary code.

    EDITOR PICKS

    LEADERS

    LATEST POSTS

    © Copyright 2018 InfoSec Industry