Long Article on NSO Group
Schneier on Security
APRIL 21, 2022
Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.
This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.
Schneier on Security
APRIL 21, 2022
Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists.
Schneier on Security
APRIL 26, 2024
Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JULY 27, 2023
World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. The article was left online for a while but has finally been taken down ( here’s a mirror, it’s hilarious ). It worked : And it…worked.
Schneier on Security
JULY 15, 2024
These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each scientific publication. The result?
Schneier on Security
NOVEMBER 11, 2021
ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” ” It’s pretty good.
Schneier on Security
JULY 31, 2024
News articles. Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published.
Schneier on Security
APRIL 11, 2023
News articles. Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby.
Schneier on Security
JANUARY 20, 2023
From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.
Schneier on Security
SEPTEMBER 17, 2021
News articles on the exploit. Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately.
Schneier on Security
AUGUST 27, 2024
Ars Technica has a good article on what’s happening in the world of television surveillance. More than even I realized.
Schneier on Security
OCTOBER 27, 2021
Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.
Schneier on Security
NOVEMBER 10, 2023
Article based on a Mozilla report.
Schneier on Security
JANUARY 30, 2024
News article. GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?).
Schneier on Security
JANUARY 30, 2024
Some news articles. It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise.
Schneier on Security
MAY 4, 2021
News article. It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes — in short, pretty much what a driver pressing various buttons on the console can do. This attack does not yield drive control of the car though. That last sentence is important.
Schneier on Security
DECEMBER 21, 2020
News article. Cellebrite announced that it can break Signal. Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the Wayback Machine.). Slashdot post. The whole story is puzzling.
Schneier on Security
AUGUST 25, 2021
Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network.
Schneier on Security
DECEMBER 8, 2023
news articles. New attack breaks forward secrecy in Bluetooth. The vulnerability has been around for at least a decade.
Schneier on Security
OCTOBER 3, 2023
No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment. Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. It’s a complicated crime to monetize, though.
Schneier on Security
DECEMBER 17, 2020
Lots of details in the article. The cyberweapons arms business is immoral in many ways. This is just one of them.
Schneier on Security
AUGUST 6, 2021
Two good articles. The results we present demonstrate that it is possible to obtain a high coverage of the population (over 40%) with less than 10 master faces, for three leading deep face recognition systems.
Schneier on Security
JULY 6, 2021
This article explains how to securely generate passwords, why Kaspersky Password Manager failed, and how to exploit this flaw. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds.
Schneier on Security
MAY 24, 2024
This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward.
Schneier on Security
OCTOBER 22, 2024
It all seems to have come from this news article , which wasn’t bad but was taken widely out of proportion. The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” ” No, it’s not true. This debunking saved me the trouble of writing one.
Schneier on Security
JULY 2, 2021
News article. This, along with various techniques also detailed in the advisory, allowed the actors to evade defenses and collect and exfiltrate various information in the networks, including mailboxes.
Schneier on Security
APRIL 12, 2023
News article. Carry your own charger and USB cord and use an electrical outlet instead. How much of a risk is this, really? I am unconvinced, although I do carry a USB condom for charging stations I find suspicious.
Schneier on Security
APRIL 25, 2022
I am not getting the “Fedex package delivered” messages the article talks about. SMS phishing attacks — annoyingly called “smishing” — are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months.
Schneier on Security
OCTOBER 19, 2021
The article doesn’t contain a link to the original research. This works even if the person is covering the pad with their hands. If someone knows it, please put it in the comments. Slashdot thread.
Schneier on Security
JULY 27, 2021
News article. With the widespread application of artificial intelligence, utilizing neural networks becomes a forwarding trend of malware. We hope this work could provide a referenceable scenario for the defense on neural network-assisted attacks.
Schneier on Security
JANUARY 25, 2024
Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard.
Schneier on Security
OCTOBER 17, 2022
The article doesn’t say how the hacking tool got installed into cars. A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob.
Schneier on Security
FEBRUARY 27, 2024
Lots of details in the news articles. Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. These aren’t details about the tools or techniques, more the inner workings of the company.
Schneier on Security
JULY 2, 2024
This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness.
Schneier on Security
JULY 29, 2022
Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of our security. It needs to be stopped.
Schneier on Security
APRIL 24, 2024
Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.
Schneier on Security
NOVEMBER 16, 2020
More importantly: given the current state of computer security, any turnout increase derived from with Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded.
Schneier on Security
FEBRUARY 15, 2021
From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild. Another article on the talk. At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. This is an important insight.
Schneier on Security
NOVEMBER 20, 2020
News article. The attackers extensively use DLL side-loading in this campaign, and were also seen leveraging the ZeroLogon vulnerability that was patched in August 2020. Interesting details about the group’s tactics.
Schneier on Security
JUNE 22, 2022
News article : Researchers have unearthed a discovery that doesn’t occur all that often in the realm of malware: a mature, never-before-seen Linux backdoor that uses novel evasion techniques to conceal its presence on infected servers, in some cases even with a forensic investigation.
Schneier on Security
OCTOBER 20, 2021
The article doesn’t link to the indictment, so I don’t know how they were discovered. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned books. In all, they stole 14,000 textbooks worth over $1.5
Schneier on Security
OCTOBER 28, 2024
It has more ATMs than other European countries, and—if I read the article right—they have more money in them. It’s low tech , but effective. Why Germany?
Schneier on Security
APRIL 18, 2024
The article includes a list of suspicious patterns, and another list of security best practices.
Schneier on Security
JULY 28, 2022
From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive.
Schneier on Security
JUNE 29, 2023
I don’t particularly care about the redacted information, but it’s there in the article. It looks like someone redacted the documents with a black Sharpie but when you scan them in, it’s easy to see some of the redactions.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content