schneier

A 40cm-square patch that renders you invisible to person-detecting AIs

Researchers from KU Leuven have published a paper showing how they can create a 40cm x 40cm "patch" that fools a convoluted neural network classifier that is otherwise a good tool for identifying humans into thinking that a person is not a person -- something that could be used to defeat AI-based security camera systems. They theorize that the could just print the patch on a t-shirt and get the same result. Read the rest

Front-line programmers default to insecure practices unless they are instructed to do otherwise

It's always sort of baffling when security breaches reveal that a company has stored millions of users' passwords in unencrypted form, or put their data on an insecure cloud drive, or transmitted it between the users' devices and the company's servers without encryption, or left an API wide open, or some other elementary error: how does anyone in this day and age deploy something so insecure? Read the rest

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption. Read the rest

Letterlocking: the long-lost art of using paper-folding to foil snoops

"Letterlocking" is a term coined by MIT Libraries conservator Jana Dambrogio after she discovered a trove of letters while spelunking in the conservation lab of the Vatican Secret Archives; the letters had been ingeniously folded and sealed so that they couldn't be opened and re-closed without revealing that they had been read. Some even contained "booby traps" to catch the unwary. Read the rest

Using information security to explain why disinformation makes autocracies stronger and democracies weaker

The same disinformation campaigns that epitomize the divisions in US society -- beliefs in voter fraud, vaccine conspiracies, and racist conspiracies about migrants, George Soros and Black Lives Matter, to name a few -- are a source of strength for autocracies like Russia, where the lack of a consensus on which groups and views are real and which are manufactured by the state strengthens the hand of Putin and his clutch of oligarchs. Read the rest

"The End of Trust" - EFF/McSweeney's collaboration on privacy and surveillance - is in stores and free to download now!

The End of Trust (previously) is a special issue of McSweeney's, produced in collaboration with the Electronic Frontier Foundation, on the themes of technology, privacy and surveillance: it's in stores today, and free to download under a Creative Commons license. Read the rest

If you're an American of European descent, your stupid cousins have probably put you in vast commercial genomic databases

Remember when they caught the Golden State Killer by comparing DNA crime-scene evidence to big commercial genomic databases (like those maintained by Ancestry.com, 23 and Me, etc) to find his family members and then track him down? Read the rest

EFF and McSweeney's collaborated on a publication: "The End of Trust"

The End of Trust will be McSweeney's issue 54, the first-ever all-nonfiction issue of McSweeney's, with more than 30 contributions on "surveillance in the digital age." Read the rest

Schneier's "Click Here To Kill Everybody pervasive connected devices mean we REALLY can't afford shitty internet policy

Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.

70+ internet pioneers to the EU: you are transforming the internet into a "tool for automated surveillance and control" SHARE THIS!

In one week, an EU committee will vote on a pair of extreme copyright proposals that will ban linking to news articles without permission, and force internet platforms to spy on all the pictures, text, video, audio and code their users post, sending it to AIs designed to catch copyright infringement and automatically censor anything that might violate copyright. Read the rest

Even if governments backdoor crypto, they still won't be able to spy on terrorists

In a paper published by the International Association for Cryptologic Research, a group of Harvard and MIT cryptographers demonstrate that even if the government were to backdoor encryption and lock up anyone who used non-backdoored systems, people could still hide undetectable, secure, private messages within the messages sent over the compromised systems. Read the rest

Online copyright infringement is up, and water is still wet

During the Napster wars, Bruce Schneier famously quipped, "Making bits harder to copy is like making water less wet." Read the rest

Playing low frequency noise to disrupt hard-drives: denial of service for CCTVs, data-centers, and other computing environments

A group of Princeton and Purdue researchers have demonstrated a successful acoustic attack against mechanical hard-drives where low-frequency noise keyed to the resonant frequency of the drive components is played nearby, causing the drive to vibrate so that the drive can neither be read nor written to. Read the rest

For 40 years, American Conservatives have filed down the definition of "corruption," turning the Framers' spear into a blunt stub

Zephyr Teachout's (previously) 2014 book Corruption in America is an incredibly important, timely book about the way that American policy and politics have been distorted by money, something that's gotten steadily worse as it is supercharged by (and supercharges) wealth inequality. Read the rest

Here's everything that's wrong with America's insecure electronic voting machines, and what to do about it

The University of Pennsylvania's Matt Blaze (previously) is a legendary figure in cryptography and security circles; most recently he convened Defcon's Vote Hacking Village where security experts with no particular knowledge of voting machines repeatedly, fatally hacked surplus voting machines of the sort routinely used in US elections. Read the rest

Kids' smart watches are a security/privacy dumpster-fire

The Norwegian Consumer Council hired a security firm called Mnemonic to audit the security of four popular brands of kids' smart watches and found a ghastly array of security defects: the watches allow remote parties to seize control over them in order to monitor children's movements and see where they've gone, covertly listen in on them, and steal their personal information. The data the watches gather and transmit to offshore servers is copious and sent in the clear. The watches incorporate cameras and the photos children take are also easily plundered by hackers. Read the rest

A service that turns pictures of keys into working keys

Snap a picture of a key and Key Me will turn it into a working metal key: just a reminder that locks probably aren't as secure you imagine. (via Schneier) Read the rest

Previous PageNext page

:)