Hot Topics

securityengineering

The Myth of Consumer-Grade Security

| | consumerization, encryption, nationalsecuritypolicy, nsa, securityengineering, Vulnerabilities
The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference ...
Schneier on Security

Supply-Chain Attack against the Electron Development Platform

| | backdoors, securityengineering, supplychain, Vulnerabilities
Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From ...
Schneier on Security

Wanted: Cybersecurity Imagery

| | securityeducation, securityengineering
Eli Sugarman of the Hewlettt Foundation laments about the sorry state of cybersecurity imagery: The state of cybersecurity imagery is, in a word, abysmal. A simple Google Image search for the term ...
Schneier on Security

Hacking Hardware Security Modules

| | academicpapers, Hacking, hardware, securityengineering
Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions ...
Schneier on Security

Programmers Who Don’t Understand Security Are Poor at Security

| | incentives, programming, psychologyofsecurity, securityengineering
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good ...
Schneier on Security

Critical Flaw in Swiss Internet Voting System

| | backdoors, securityengineering, Switzerland, voting
Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should ...
Schneier on Security

On the Security of Password Managers

| | encryption, passwords, passwordsafe, securityengineering
There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager ...
Schneier on Security

Security Flaws in Children’s Smart Watches

| | GPS, internetofthings, securityengineering, tracking
A year ago, the Norwegian Consumer Council published an excellent security analysis of children's GPS-connected smart watches. The security was terrible. Not only could parents track the children, anyone else could also ...
Schneier on Security

Security Vulnerabilities in Cell Phone Systems

| | cellphones, eavesdropping, economicsofsecurity, lawenforcement, nationalsecuritypolicy, securityengineering, Vulnerabilities
Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to ...
Schneier on Security

Consumer Reports Reviews Wireless Home-Security Cameras

| | cameras, internetofthings, securityengineering
Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't ...
Schneier on Security
Load more