Блог пользователя - schneier

It is amazing that this sort of thing can still happen:...the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hack...

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing.Running just at the margins is efficient. A si...

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer...

South Africa's Postbank experienced a catastrophic security failure. The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards.The brea...

Remember Spectre and Meltdown? Back in early 2018, I wrote:Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data....

Zoom was doing so well.... And now we have this:Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users wo...

Security researcher Charlie Belmer is reporting that commercial websites such as eBay are conducting port scans of their visitors.Looking at the list of ports they are sc...

Bart Gellman's long-awaited (at least by me) book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State, will finally be published in a coupl...

The attack requires physical access to the computer, but it's pretty devastating:On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can b...

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam.At a remote virtual version of its annual Security Analy...

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms:The software, developed by a team at MIT, looks for the...

Microsoft is training a machine-learning system to find software bugs:At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored acr...

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It's similar to th...

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic.One, employees are working f...

The trade-offs are changing:As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, ...

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves:Voice assistants -- the demo targeted Siri, Goog...

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes:Passengers will now be allowed to travel with containers of liquid hand saniti...

Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy securi...

The BBC is reporting a vulnerability in the Let's Encrypt certificate service:In a notification email to its clients, the organisation said: "We recently discovered a bug...

This is good news:Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is ...