Tag: Schneier on Security

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency. This article has been indexed from Schneier on Security Read the original article: New Chrome Zero-Day

Read more →

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry.…

Read more →

The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Live Video of Promachoteuthis Squid

Read more →

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still,…

Read more →

Really interesting analysis of the American M-209 encryption device and its security. This article has been indexed from Schneier on Security Read the original article: Long Analysis of the M-209

Read more →

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and…

Read more →

The NSA’s “National Cryptographic School Television Catalogue” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before. This…

Read more →

Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple:…

Read more →

The “long lost lecture” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.) It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before…

Read more →

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not. This article has been indexed from Schneier on Security Read the original article: Matthew Green on Telegram’s Encryption

Read more →

Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized. This article has been indexed from Schneier on Security Read the original article: The Present and Future of TV Surveillance

Read more →

This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional. The decision seems obvious to me, but you can’t take anything for granted. This…

Read more →

Making self-healing materials based on the teeth in squid suckers. Blog moderation policy. This article has been indexed from Schneier on Security Read the original article: Friday Squid Blogging: Self-Healing Materials from Squid Teeth

Read more →

This site will let you take a selfie with a New York City traffic surveillance camera. This article has been indexed from Schneier on Security Read the original article: Take a Selfie Using a NY Surveillance Camera

Read more →

This is a fantastic project mapping the global surveillance industry. This article has been indexed from Schneier on Security Read the original article: Surveillance Watch

Read more →

Rolling Stone has a long investigative story (non-paywalled version here) about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad. This…

Read more →

This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research…

Read more →

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared…

Read more →

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium,…

Read more →

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN: In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit…

Read more →