Hot Topics

securityengineering

EncroChat Hacked by Police

| | crime, france, Hacking, lawenforcement, phones, securityengineering
French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in ...
Schneier on Security

Analyzing IoT Security Best Practices

| | academicpapers, internetofthings, nationalsecuritypolicy, securityengineering
New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted ...
Schneier on Security

Zoom Will Be End-to-End Encrypted for All Users

| | encryption, securityengineering, twofactorauthentication, videoconferencing
Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) ...we have identified a ...
Schneier on Security

Facebook Announces Messenger Security Features that Don’t Compromise Privacy

| | encryption, facebook, machinelearning, metadata, securityengineering
Note that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come ...
Schneier on Security

Bluetooth Vulnerability: BIAS

| | Authentication, bluetooth, impersonation, securityengineering, Vulnerabilities, wireless
This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of ...
Schneier on Security

Securing Internet Videoconferencing Apps: Zoom and Others

| | aes, encryption, internetandsociety, keys, nsa, securityengineering, videoconferencing
The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous ...
Schneier on Security

Vulnerability Finding Using Machine Learning

| | artificialintelligence, cloudcomputing, Cybersecurity, machinelearning, Microsoft, securityengineering, Vulnerabilities
Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories ...
Schneier on Security

Microsoft Buys Corp.com

| | dns, Microsoft, securityengineering, wifi
A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as "namespace collision," a situation ...
Schneier on Security

USB Cable Kill Switch for Laptops

| | dataprotection, falsepositives, hardware, Linux, securityengineering, theft
BusKill is designed to wipe your laptop (Linux only) if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on ...
Schneier on Security

Lousy IoT Security

| | internetofthings, securityengineering
DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of ...
Schneier on Security
Load more