Category: Schneier on Security

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include…

Read more →

It’s being actively exploited. This article has been indexed from Schneier on Security Read the original article: Zero-Day Vulnerability in Ivanti VPN

Read more →

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United…

Read more →

Initial speculation about a new Apple feature. This article has been indexed from Schneier on Security Read the original article: Privacy of Photos.app’s Enhanced Visual Search

Read more →

I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week (with maybe only a few exceptions). There is a lot out there about squid, even more if you…

Read more →

ShredOS is a stripped-down operating system designed to destroy data. GitHub page here. This article has been indexed from Schneier on Security Read the original article: ShredOS

Read more →

Lukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a major privacy setback. This article has been indexed from Schneier on Security Read the original article: Google Is Allowing Device Fingerprinting

Read more →

It’s becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The…

Read more →

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon. This article has been indexed from Schneier on Security Read the original article: Salt Typhoon’s Reach Continues to Grow

Read more →

The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is…

Read more →

Pizza Hut in Taiwan has a history of weird pizzas, including a “2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle.” Blog moderation policy. This article has been indexed from Schneier on…

Read more →

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post. This article has been indexed from Schneier on Security Read the original article: Scams Based on Fake…

Read more →

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper…

Read more →

The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware. This article has been indexed from Schneier on Security Read the original article: Criminal Complaint against LockBit Ransomware Writer

Read more →

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier,…

Read more →

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters. This article has been indexed from Schneier on Security Read the original article: New Advances in…

Read more →

Not everything needs to be digital and “smart.” License plates, for example: Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the…

Read more →

Starting next year: Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is…

Read more →

This is a current list of where and when I am scheduled to speak: I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM, in Boston, Massachusetts, USA, at 7:00 PM ET on…

Read more →

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python…

Read more →