Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: “Any threat actor…
Category: Schneier on Security
AIs Discovering Vulnerabilities
I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs…
Sophos Versus the Chinese Hackers
Really interesting story of Sophos’s five-year war against Chinese hackers. This article has been indexed from Schneier on Security Read the original article: Sophos Versus the Chinese Hackers
Friday Squid Blogging: Squid Sculpture in Massachusetts Building
Great blow-up sculpture. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Squid Sculpture in Massachusetts Building
Roger Grimes on Prioritizing Cybersecurity Advice
This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not…
Tracking World Leaders Using Strava
Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public…
Simson Garfinkel on Spooky Cryptographic Action at a Distance
Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When…
Simpson Garfinkel on Spooky Cryptographic Action at a Distance
Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When…
Law Enforcement Deanonymizes Tor Users
The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News…
Criminals Are Blowing up ATMs in Germany
It’s low tech, but effective. Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them. This article has been indexed from Schneier on Security Read the original article: Criminals…
Friday Squid Blogging: Giant Squid Found on Spanish Beach
A giant squid has washed up on a beach in Northern Spain. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Giant Squid Found on Spanish Beach
Watermark for LLM-Generated Text
Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this…
Are Automatic License Plate Scanners Constitutional?
An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. “The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked,…
No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer
The headline is pretty scary: “China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn’t bad but was…
AI and the SEC Whistleblower Program
Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are…
Friday Squid Blogging: Squid Scarf
Cute squid scarf. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Squid Scarf
Justice Department Indicts Tech CEO for Falsifying Security Certifications
The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business. This article has been indexed from Schneier…
Cheating at Conkers
The men’s world conkers champion is accused of cheating with a steel chestnut. This article has been indexed from Schneier on Security Read the original article: Cheating at Conkers
More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose…
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is at…