Schneier on Security

More on NIST's Post-Quantum Cryptography

Schneier on Security - Tue, 09/08/2020 - 7:12am
Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: We're in the process of moving this blog to Wordpress. Comments will be disabled until the move it complete. The management thanks you for your cooperation and support.... Bruce Schneier
Categories: Schneier on Security

Schneier.com is Moving

Schneier on Security - Sat, 09/05/2020 - 9:01pm
I'm switching my website software from Movable Type to Wordpress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. (This is to prevent any new comments from disappearing in the move.) This... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: Morning Squid

Schneier on Security - Fri, 09/04/2020 - 5:53pm
Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

Hacking AI-Graded Tests

Schneier on Security - Fri, 09/04/2020 - 7:02am
The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis.... Bruce Schneier
Categories: Schneier on Security

2017 Tesla Hack

Schneier on Security - Thu, 09/03/2020 - 7:18am
Interesting story of a class break against the entire Tesla fleet.... Bruce Schneier
Categories: Schneier on Security

Insider Attack on the Carnegie Library

Schneier on Security - Wed, 09/02/2020 - 8:02am
Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted.... Bruce Schneier
Categories: Schneier on Security

North Korea ATM Hack

Schneier on Security - Tue, 09/01/2020 - 7:17am
The US Cybersecurity and Infrastructure Security Agency (CISA) published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber... Bruce Schneier
Categories: Schneier on Security

Seny Kamara on "Crypto for the People"

Schneier on Security - Mon, 08/31/2020 - 6:45am
Seny Kamara gave an excellent keynote talk this year at the (online) CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to.... Bruce Schneier
Categories: Schneier on Security

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Schneier on Security - Fri, 08/28/2020 - 5:10pm
Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Schneier on Security

US Postal Service Files Blockchain Voting Patent

Schneier on Security - Fri, 08/28/2020 - 7:40am
The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot information in an election. The system separates voter identification and... Bruce Schneier
Categories: Schneier on Security

Cory Doctorow on The Age of Surveillance Capitalism

Schneier on Security - Thu, 08/27/2020 - 7:33am
Cory Doctorow has writtten an extended rebuttal of The Age of Surveillance Capitalism by Shoshana Zuboff. He summarized the argument on Twitter. Shorter summary: it's not the surveillance part, it's the fact that these companies are monopolies. I think it's both. Surveillance capitalism has some unique properties that make it particularly unethical and incompatible with a free society, and Zuboff... Bruce Schneier
Categories: Schneier on Security

Amazon Supplier Fraud

Schneier on Security - Wed, 08/26/2020 - 7:31am
Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different goods instead. In one instance, Amazon ordered 12 canisters of disinfectant spray costing $94.03. The defendants allegedly shipped 7,000 toothbrushes costing $94.03 each, using the code for the disinfectant spray, and later billed Amazon for... Bruce Schneier
Categories: Schneier on Security

Identifying People by Their Browsing Histories

Schneier on Security - Tue, 08/25/2020 - 7:28am
Interesting paper: "Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties. This work replicates and extends the 2012 paper Why Johnny Can't Browse in Peace:... Bruce Schneier
Categories: Schneier on Security

DiceKeys

Schneier on Security - Mon, 08/24/2020 - 7:23am
DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig, and then use an app to convert those dice into a key. You can then use that key for a variety of purposes, and regenerate it from the dice if... Bruce Schneier
Categories: Schneier on Security