From ACM-W supporting, celebrating and advocating for Women in Computing
ACM-W would like to announce Dr. Munmun De Choudhury as this year’s recipient of the ACM-W Rising Star Award. The ACM-W Rising…
Bettina Bair| January 21, 2021
FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation:
Mandiant has observed...Bruce Schneier From Schneier on Security | January 20, 2021 at 11:57 PM
Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android:
Some of the exploits were zero-days, meaning they targeted...Bruce Schneier From Schneier on Security | January 19, 2021 at 04:05 PM
Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process:
Key Points
SUNSPOT is StellarParticle...Bruce Schneier From Schneier on Security | January 18, 2021 at 05:19 PM
For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping.
Note that I have had occasional problems...Bruce Schneier From Schneier on Security | January 15, 2021 at 12:27 PM
We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out...Bruce Schneier From Schneier on Security | January 14, 2021 at 11:44 PM
This is a current list of where and when I am scheduled to speak:
I’m speaking (online) as part of Western Washington University’s Internet Studies Lecture Series...Schneier.com Webmaster From Schneier on Security | January 14, 2021 at 04:05 AM
Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users:
Using...Bruce Schneier From Schneier on Security | January 11, 2021 at 01:08 PM
Smart commentary:
…I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile...Bruce Schneier From Schneier on Security | January 11, 2021 at 01:08 PM
This is a clever side-channel attack:
The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which...Bruce Schneier From Schneier on Security | January 11, 2021 at 01:06 PM
If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with.
In 2016, WhatsApp gave users a one-time ability...Bruce Schneier From Schneier on Security | January 7, 2021 at 10:59 AM
The information that is emerging about Russia’s extensive cyberintelligence operation against the United States and other countries should be increasingly alarming...Bruce Schneier From Schneier on Security | January 6, 2021 at 01:13 PM
This delightful essay matches APT hacker groups up with astrological signs. This is me:
Capricorn is renowned for its discipline, skilled navigation, and steadfastness...Bruce Schneier From Schneier on Security | January 6, 2021 at 12:21 PM
Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the...Bruce Schneier From Schneier on Security | January 4, 2021 at 09:44 PM
This is bad:
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers...Bruce Schneier From Schneier on Security | January 4, 2021 at 09:43 PM
The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that).
...Bruce Schneier From Schneier on Security | January 4, 2021 at 09:43 PM
From Pingtan Marine Enterprise:
The 6 large-scale squid jigging vessels are normally operating vessels that returned to China earlier this year from the waters...Bruce Schneier From Schneier on Security | January 4, 2021 at 11:49 AM
The idea is to collect and analyze random DNA floating around the ocean, and using that to figure out where the giant squid are. No one is sure if this will actually...Bruce Schneier From Schneier on Security | January 4, 2021 at 11:48 AM
The NSA has just declassified and released a redacted version of Military Cryptanalytics, Part III, by Lambros D. Callimahos, October 1977.
Parts I and II, by Lambros...Bruce Schneier From Schneier on Security | January 4, 2021 at 10:39 AM
From an interview with an Amazon Web Services security engineer:
So when you use AWS, part of what you’re paying for is security.
Right; it’s part of what we sell...Bruce Schneier From Schneier on Security | January 1, 2021 at 06:13 PM
In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA:
The open standard s/MIME as extension...Bruce Schneier From Schneier on Security | December 30, 2020 at 12:22 PM