Schneier on Security

In this issue:

1. Security Analysis of Apple’s “Find My…” Protocol
2. On the Insecurity of ES&S Voting Machines’ Hash Code
3. Illegal Content and the Blockchain
4. Exploiting Spectre Over the Internet
5. Easy SMS Hijacking
6. Details of a Computer Banking Scam
7. Accellion Supply Chain Hack
8. Determining Key Shape from Sound
9. Hacking Weapons Systems
10. System Update: New Android Malware
11. Fugitive Identified on YouTube By His Distinctive Tattoos
12. Malware Hidden in Call of Duty Cheating Software
13. Wi-Fi Devices as Physical Object Sensors
14. Phone Cloning Scam
15. Signal Adds Cryptocurrency Support
16. Google’s Project Zero Finds a Nation-State Zero-Day Operation
17. Backdoor Added — But Found — in PHP
18. More Biden Cybersecurity Nominations
19. The FBI Is Now Securing Networks Without Their Owners’ Permission
20. Upcoming Speaking Engagements

In this issue:

1. On Vulnerability-Adjacent Vulnerabilities
2. Deliberately Playing Copyrighted Music to Avoid Being Live-Streamed
3. US Cyber Command Valentine’s Day Cryptography Puzzles
4. Malicious Barcode Scanner App
5. Browser Tracking Using Favicons
6. Virginia Data Privacy Law
7. WEIS 2021 Call for Papers
8. Router Security
9. GPS Vulnerabilities
10. Dependency Confusion: Another Supply-Chain Vulnerability
11. Twelve-Year-Old Vulnerability Found in Windows Defender
12. On Chinese-Owned Technology Platforms
13. The Problem with Treating Data as a Commodity
14. National Security Risks of Late-Stage Capitalism
15. Mysterious Macintosh Malware
16. Encoded Message in the Perseverance Mars Lander’s Parachute
17. Chinese Hackers Stole an NSA Windows Exploit in 2014
18. Four Microsoft Exchange Zero-Days Exploited by China
19. Threat Model Humor
20. No, RSA Is Not Broken
21. Hacking Digitally Signed PDF Files
22. On Not Fixing Old Vulnerabilities
23. More on the Chinese Zero-Day Microsoft Exchange Hack
24. Fast Random Bit Generation
25. Metadata Left in Security Agency PDFs
26. Upcoming Speaking Engagements

In this issue:

1. Cell Phone Location Privacy
2. Injecting a Backdoor into SolarWinds Orion
3. Sophisticated Watering Hole Attack
4. SVR Attacks on Microsoft 365
5. Insider Attack on Home Surveillance Systems
6. Massive Brazilian Data Breach
7. Dutch Insider Attack on COVID-19 Data
8. Police Have Disrupted the Emotet Botnet
9. New iMessage Security Features
10. Including Hackers in NATO Wargames
11. Georgia’s Ballot-Marking Devices
12. More SolarWinds News
13. Another SolarWinds Orion Hack
14. Presidential Cybersecurity and Pelotons
15. NoxPlayer Android Emulator Supply-Chain Attack
16. SonicWall Zero-Day
17. Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer
18. Ransomware Profitability
19. Attack against Florida Water Treatment Facility
20. Medieval Security Techniques
21. Chinese Supply-Chain Attack on Computer Systems

In this issue:

1. Another Massive Russian Hack of US Government Networks
2. How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication
3. Zodiac Killer Cipher Solved
4. Mexican Drug Cartels with High-Tech Spyware
5. More on the SolarWinds Breach
6. US Schools Are Buying Cell Phone Unlocking Systems
7. NSA on Authentication Hacks (Related to SolarWinds Breach)
8. Eavesdropping on Phone Taps from Voice Assistants
9. Investigating the Navalny Poisoning
10. How China Uses Stolen US Personnel Data
11. Russia’s SolarWinds Attack
12. On the Evolution of Ransomware
13. Brexit Deal Mandates Old Insecure Crypto Algorithms
14. Amazon Has Trucks Filled with Hard Drives and an Armed Guard
15. Military Cryptanalytics, Part III
16. Latest on the SVR’s SolarWinds Hack
17. Backdoor in Zyxel Firewalls and Gateways
18. Extracting Personal Information from Large Language Models Like GPT-2
19. Russia’s SolarWinds Attack and Software Security
20. APT Horoscope
21. Changes in WhatsApp’s Privacy Policy
22. Cloning Google Titan 2FA keys
23. On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security
24. Finding the Location of Telegram Users
25. Upcoming Speaking Engagements
26. Click Here to Kill Everybody Sale