Schneier on Security

In this issue:

1. Chip Cards Fail to Reduce Credit Card Fraud in the US
2. Hidden Cameras in Streetlights
3. Mailing Tech Support a Bomb
4. Israeli Surveillance Gear
5. Worst-Case Thinking Breeds Fear and Irrationality
6. What Happened to Cyber 9/11?
7. The PCLOB Needs a Director
8. Information Attacks against Democracies
9. Using Machine Learning to Create Fake Fingerprints
10. How Surveillance Inhibits Freedom of Expression
11. Propaganda and the Weakening of Trust in Government
12. Distributing Malware By Becoming an Admin on an Open-Source Project
13. FBI Takes Down a Massive Advertising Fraud Ring
14. That Bloomberg Supply-Chain-Hack Story
15. Three-Rotor Enigma Machine Up for Auction Today
16. Click Here to Kill Everybody News
17. The DoJ’s Secret Legal Arguments to Break Cryptography
18. Bad Consumer Security Advice
19. Security Risks of Chatbots
20. Your Personal Data is Already Stolen
21. Banks Attacked through Malicious Hardware Connected to the Local Network
22. Back Issues of the NSA’s Cryptolog
23. 2018 Annual Report from AI Now
24. New Australian Backdoor Law
25. Marriott Hack Reported as Chinese State-Sponsored
26. Real-Time Attacks Against Two-Factor Authentication

In this issue:

1. How DNA Databases Violate Everyone’s Privacy
2. Privacy for Tigers
3. Government Perspective on Supply Chain Security
4. West Virginia Using Internet Voting
5. Are the Police Using Smart-Home IoT Devices to Spy on People?
6. On Disguise
7. China’s Hacking of the Border Gateway Protocol
8. Android Ad-Fraud Scheme
9. Detecting Fake Videos
10. Security Vulnerability in Internet-Connected Construction Cranes
11. More on the Supermicro Spying Story
12. Cell Phone Security and Heads of State
13. ID Systems Throughout the 50 States
14. Was the Triton Malware Attack Russian in Origin?
15. Buying Used Voting Machines on eBay
16. How to Punish Cybercriminals
17. Troy Hunt on Passwords
18. Security of Solid-State-Drive Encryption
19. Consumer Reports Reviews Wireless Home-Security Cameras
20. iOS 12.1 Vulnerability
21. Privacy and Security of Data at Universities
22. The Pentagon Is Publishing Foreign Nation-State Malware
23. Hiding Secret Messages in Fingerprints
24. New IoT Security Regulations
25. Oracle and “Responsible Disclosure”
26. More Spectre/Meltdown-Like Attacks
27. Upcoming Speaking Engagements

In this issue:

1. NSA Attacks Against Virtual Private Networks
2. Public Shaming of Companies for Bad Security
3. Pegasus Spyware Used in 45 Countries
4. Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer
5. AES Resulted in a $250-Billion Economic Benefit
6. New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography
7. New Variants of Cold-Boot Attack
8. Evidence for the Security of PKCS #1 Digital Signatures
9. Counting People through a Wall with Wi-Fi
10. Yet Another IoT Cybersecurity Document
11. Major Tech Companies Finally Endorse Federal Privacy Regulation
12. More on the Five Eyes Statement on Encryption and Backdoors
13. Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising
14. Sophisticated Voice Phishing Scams
15. Terahertz Millimeter-Wave Scanners
16. The Effects of GDPR’s 72-Hour Notification Rule
17. Helen Nissenbaum on Data Privacy and Consent
18. Chinese Supply Chain Hardware Attack
19. Conspiracy Theories around the “Presidential Alert”
20. Detecting Credit Card Skimmers
21. Defeating the “Deal or No Deal” Arcade Game
22. The US National Cyber Strategy
23. Access Now Is Looking for a Chief Security Officer
24. Security Vulnerabilities in US Weapons Systems
25. Another Bloomberg Story about Supply-Chain Hardware Attacks from China
26. Security in a World of Physically Capable Computers
27. Upcoming Speaking Engagements

In this issue:

1. New Book Announcement: Click Here to Kill Everybody
2. Speculation Attack Against Intel’s SGX
3. New Ways to Track Internet Browsing
4. James Mickens on the Current State of Computer Security
5. “Two Stage” BMW Theft Attempt
6. Good Primer on Two-Factor Authentication Security
7. John Mueller and Mark Stewart on the Risks of Terrorism
8. Future Cyberwar
9. NotPetya
10. CIA Network Exposed through Insecure Communications System
11. Cheating in Bird Racing
12. Eavesdropping on Computer Screens through the Webcam Mic
13. Using a Smartphone’s Microphone and Speakers to Eavesdrop on Passwords
14. Five-Eyes Intelligence Services Choose Surveillance Over Security
15. Reddit AMA
16. Using Hacked IoT Devices to Disrupt the Power Grid
17. Security Vulnerability in Smart Electric Outlets
18. Security Risks of Government Hacking
19. Quantum Computing and Cryptography
20. Click Here to Kill Everybody Reviews and Press Mentions
21. Upcoming Speaking Engagements

In this issue:

1. New Book Announcement: Click Here to Kill Everybody
2. Reasonably Clever Extortion E-mail Based on Password Theft
3. Installing a Credit Card Skimmer on a POS Terminal
4. Defeating the iPhone Restricted Mode
5. Suing South Carolina Because Its Election Machines Are Insecure
6. New Report on Chinese Intelligence Cyber-Operations
7. 1Password’s Travel Mode
8. Nicholas Weaver on Cryptocurrencies
9. On Financial Fraud
10. Major Bluetooth Vulnerability
11. DARPA Wants Research into Resilient Anonymous Communications
12. Google Employees Use a Physical Token as Their Second Authentication Factor
13. Third Annual Cybercrime Conference
14. New Report on Police Digital Forensics Techniques
15. Identifying People by Metadata
16. The Poor Cybersecurity of US Space Assets
17. Hacking a Robot Vacuum
18. Backdoors in Cisco Routers
19. GCHQ on Quantum Key Distribution
20. Using In-Game Purchases to Launder Money
21. How the US Military Can Better Keep Hackers
22. Three of My Books Are Available in DRM-Free E-Book Format
23. Hacking the McDonald’s Monopoly Sweepstakes
24. Measuring the Rationality of Security Decisions
25. SpiderOak’s Warrant Canary Died
26. Detecting Phishing Sites with Machine Learning
27. Don’t Fear the TSA Cutting Airport Security. Be Glad That They’re Talking about It.
28. xkcd on Voting Computers
29. Identifying Programmers by their Coding Style
30. Google Tracks its Users Even if They Opt-Out of Tracking
31. My Speaking Engagements

In this issue:

• Important: Crypto-Gram Has Moved to MailChimp
• Thomas Dullien on Complexity and Security
• Ridiculously Insecure Smart Lock
• Are Free Societies at a Disadvantage in National Cybersecurity
• Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
• Algeria Shut Down the Internet to Prevent Students from Cheating on Exams
• Domain Name Stealing at Gunpoint
• The Effects of Iran’s Telegram Ban
• Secure Speculative Execution
• Bypassing Passcodes in iOS
• IEEE Statement on Strong Encryption vs. Backdoors
• Manipulative Social Media Practices
• Conservation of Threat
• Traffic Analysis of the LTE Mobile Standard
• California Passes New Privacy Law
• Beating Facial Recognition Software with Face Makeup
• The NSA’s Domestic Surveillance Centers
• PROPagate Code Injection Seen in the Wild
• Recovering Keyboard Inputs through Thermal Imaging
• Department of Commerce Report on the Botnet Threat
• WPA3
• Gas Pump Hack
• Schneier News

In this issue:

• Important: Crypto-Gram Is Moving to MailChimp
• Router Vulnerability and the VPNFilter Botnet
• E-Mail Vulnerabilities and Disclosure
• News
• Russian Censorship of Telegram
• Security and Human Behavior (SHB 2018)
• Schneier News
• Another Spectre-Like CPU Vulnerability
• An Example of Deterrence in Cyberspace
• New Data Privacy Regulations

In this issue:

• Securing Elections
• Details on a New PGP Vulnerability
• News
• Two NSA Algorithms Rejected by the ISO
• Ray Ozzie’s Encryption Backdoor
• Schneier News
• Supply-Chain Security

In this issue:

• Facebook and Cambridge Analytica
• News
• Israeli Security Company Attacks AMD by Publishing Zero-Day Exploits
• Schneier News
• Obscure E-Mail Vulnerability
• The Digital Security Exchange Is Live

In this issue:

• Artificial Intelligence and the Attack/Defense Balance
• News
• Writings on the Encryption Debate
• Schneier News
• Can Consumers’ Online Data Be Protected?

In this issue:

• The Effects of the Spectre and Meltdown Vulnerabilities
• News
• After Section 702 Reauthorization
• Schneier News
• Cabinet of Secret Documents from Australia

In this issue:

• Spectre and Meltdown Attacks Against Microprocessors
• News
• Susan Landau’s New Book: “Listening In”
• Schneier News
• New Book Coming in September: “Click Here to Kill Everybody”
• Daniel Miessler on My Writings about IoT Security