Category: Schneier on Security

New attack against the RADIUS authentication protocol: The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker…

Read more →

Interesting: By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are…

Read more →

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so. This article has been indexed from…

Read more →

A new vampire squid species was discovered in the South China Sea. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Newly Discovered Vampire Squid

Read more →

It’s a serious one: The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd…

Read more →

This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness. This article has been indexed from Schneier on Security Read the original article:…

Read more →

If you’ve been reading my blog, you’ve noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders. I am pleased to announce that we’re writing a book on the topic. This isn’t a…

Read more →

A new squid species—of the Gonatidae family—was discovered. The video shows her holding a brood of very large eggs. Research paper. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: New Squid Species

Read more →

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA). This article has been indexed from Schneier on Security Read the original article: James Bamford on Section 702 Extension

Read more →

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet. This article has been indexed from Schneier on Security Read the original article: Security Analysis of the…

Read more →

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates…

Read more →

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works. This article has been indexed from Schneier on Security Read the original article:…

Read more →

Former NSA Director Paul Nakasone has joined the board of OpenAI. This article has been indexed from Schneier on Security Read the original article: Paul Nakasone Joins OpenAI’s Board of Directors

Read more →

Beautiful astronomical photo. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Squid Nebula

Read more →

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. (The passcode is “L3954FrrEF”.) This article has been indexed from Schneier on Security Read the original article: Ross Anderson’s…

Read more →

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have…

Read more →

There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that…

Read more →

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural…

Read more →

There is a lot written about technology’s threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are…

Read more →

Squid humor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. This article has been indexed from Schneier on Security Read…

Read more →