Computer security

Pause Take9

Why Take9 Won’t Improve Cybersecurity

| | Computer security, Phishing, psychology of security, Security Awareness, Uncategorized
There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the ...
Schneier on Security

Biden Signs New Cybersecurity Order

| | Computer security, Cybersecurity, regulation, Uncategorized
President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of ...
Schneier on Security
U.S Senate Hearing :The Cyber Safety Review Board - Testimony from Tarah Wheeler

On the Cyber Safety Review Board

| | Computer security, Cybersecurity, Hacking, Uncategorized
When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty ...
Schneier on Security

LLMs’ Data-Control Path Insecurity

| | Computer security, Hacking, LLM, noncomputer hacks, phones, Uncategorized
Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle ...
Schneier on Security

A Cyber Insurance Backstop

| | Computer security, cyber, cyberattack, insurance, Uncategorized
In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after ...
Schneier on Security

Decoupling for Security

| | cloud computing, Computer security, Privacy, Uncategorized
This is an excerpt from a longer paper. You can read the whole thing (complete with sidebars and illustrations) here. Our message is simple: it is possible to get the best of ...
Schneier on Security

Ethical Problems in Computer Security

| | academic papers, Computer security, Ethics, Uncategorized
Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: “Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation“: Abstract: The computer security ...
Schneier on Security

Computer Repair Technicians Are Stealing Your Data

| | Computer security, Privacy, Uncategorized
Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial ...
Schneier on Security

Recovering Passwords by Measuring Residual Heat

| | cameras, Computer security, machine learning, passwords, Uncategorized
Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and ...
Schneier on Security
DE:CODED podcast

The 10 laws of computer security

| | Computer security, security, security for normal people, security laws
Basic principles of IT security don’t change. Microsoft published a list of 10 computer security “laws” that do not change over time. These “immutable laws” (amusingly published as version 2.0) give a ...
HACK by Simon PG Edwards
Load more