Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Feed Schneier: Help with Mailing List Hosting->

I could use some help finding a host for my monthly newsletter, Crypto-Gram. My old setup just wasn't reliable enough. I had a move planned, but that fell through when the new host's bounce processing system turned out to be buggy and they admitted the problem might never be fixed. Clearly I need something a lot more serious. My criteria...
Link to Original Source

Feed Schneier: Schneier Speaking Schedule->

I'm speaking at an Infoedge event at Bali Hai Golf Club in Las Vegas, at 5 PM on August 5, 2015. I'm speaking at DefCon 23 on Friday, August 7, 2015. I'm speaking -- remotely via Skype -- at LinuxCon in Seattle on August 18, 2015. I'm speaking at CloudSec in Singapore on August 25, 2015. I'm speaking at MindTheSec...
Link to Original Source

Feed Schneier: HAMMERTOSS: New Russian Malware->

Fireeye has a detailed report of a sophisticated piece of Russian malware: HAMMERTOSS. It uses some clever techniques to hide: The Hammertoss backdoor malware looks for a different Twitter handle each day -- automatically prompted by a list generated by the tool -- to get its instructions. If the handle it's looking for is not registered that day, it merely...
Link to Original Source

Feed Schneier: Back Doors Won't Solve Comey's Going Dark Problem->

At the Aspen Security Forum two weeks ago, James Comey (and others) explicitly talked about the "going dark" problem, describing the specific scenario they are concerned about. Maybe others have heard the scenario before, but it was a first for me. It's centers around ISIL operatives abroad and ISIL-inspired terrorists here in the US. The FBI knows who the Americans...
Link to Original Source

Feed Schneier: Comparing the Security Practices of Experts and Non-Experts->

New paper: "'...no one can hack my mind': Comparing Expert and Non-Expert Security Practices," by Iulia Ion, Rob Reeder, and Sunny Consolvo. Abstract: The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth...
Link to Original Source

Feed Schneier: The NSA, Metadata, and the Failure of Stopping 9/11->

It's common wisdom that the NSA was unable to intercept phone calls from Khalid al-Mihdhar in San Diego to Bin Ladin in Yemen because of legal restrictions. This has been used to justify the NSA's massive phone metadata collection programs. James Bamford argues that there were no legal restrictions, and that the NSA screwed up....
Link to Original Source

Feed Schneier: Fugitive Located by Spotify->

The latest in identification by data: Webber said a tipster had spotted recent activity from Nunn on the Spotify streaming service and alerted law enforcement. He scoured the Internet for other evidence of Nunn and Barr's movements, eventually filling out 12 search warrants for records at different technology companies. Those searches led him to an IP address that traced Nunn...
Link to Original Source

Feed Schneier: Bizarre High-Tech Kidnapping->

This is a story of a very high-tech kidnapping: FBI court filings unsealed last week showed how Denise Huskins' kidnappers used anonymous remailers, image sharing sites, Tor, and other people's Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath...
Link to Original Source

Feed Schneier: New RC4 Attack->

New research: "All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS," by Mathy Vanhoef and Frank Piessens: Abstract: We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol. To empirically find new biases in the RC4 keystream...
Link to Original Source

Feed Schneier: Stagefright Vulnerability in Android Phones->

The Stagefright vulnerability for Android phones is a bad one. It's exploitable via a text message (details depend on auto downloading of the particular phone), it runs at an elevated privilege (again, the severity depends on the particular phone -- on some phones it's full privilege), and it's trivial to weaponize. Imagine a worm that infects a phone and then...
Link to Original Source

Feed Schneier: Hacking Team's Purchasing of Zero-Day Vulnerabilities->

This is an interesting article that looks at Hacking Team's purchasing of zero-day (0day) vulnerabilities from a variety of sources: Hacking Team's relationships with 0day vendors date back to 2009 when they were still transitioning from their information security consultancy roots to becoming a surveillance business. They excitedly purchased exploit packs from D2Sec and VUPEN, but they didn't find the...
Link to Original Source

Feed Schneier: Friday Squid Blogging: How a Squid Changes Color->

The California market squid, Doryteuthis opalescens, can manipulate its color in a variety of ways: Reflectins are aptly-named proteins unique to the light-sensing tissue of cephalopods like squid. Their skin contains specialized cells called iridocytes that produce color by reflecting light in a predictable way. When the neurotransmitter acetylcholine activates reflectin proteins, this triggers the contraction and expansion of deep...
Link to Original Source

"Mach was the greatest intellectual fraud in the last ten years." "What about X?" "I said `intellectual'." ;login, 9/1990

Working...