Bruce Schneier

Syndicate content
A blog covering security and security technology.
Updated: 4 years 33 weeks ago

Smarter People are More Trusting

Thu, 03/27/2014 - 03:52
Interesting research. Both vocabulary and question comprehension were positively correlated with generalized trust. Those with the highest vocab scores were 34 percent more likely to trust others than those with the lowest scores, and someone who had a good perceived understanding of the survey questions was 11 percent more likely to trust others than someone with a perceived poor understanding....

Geolocating Twitter Users

Wed, 03/26/2014 - 10:10
Interesting research into figuring out where Twitter users are located, based on similar tweets from other users: While geotags are the most definitive location information a tweet can have, tweets can also have plenty more salient information: hashtags, FourSquare check-ins, or text references to certain cities or states, to name a few. The authors of the paper created their algorithm...

Chilean Drug Trafficker Pencil-and-Paper Code

Wed, 03/26/2014 - 03:16
Interesting....

Password Hashing Competition

Tue, 03/25/2014 - 02:58
There's a private competition to identify new password hashing schemes. Submissions are due at the end of the month....

NSA Hacks Huawei

Mon, 03/24/2014 - 09:51
Both Der Spiegel and the New York Times are reporting that the NSA has hacked Huawei pretty extensively, getting copies of the company's products' source code and most of the e-mail from the company. Aside from being a pretty interesting story about the operational capabilities of the NSA, it exposes some pretty blatant US government hypocrisy on this issue. As...

An Open Letter to IBM's Open Letter

Mon, 03/24/2014 - 03:58
Last week, IBM published an "open letter" about "government access to data," where it tried to assure its customers that it's not handing everything over to the NSA. Unfortunately, the letter (quoted in part below) leaves open more questions than it answers. At the outset, we think it is important for IBM to clearly state some simple facts: IBM has...

Giant Squid as an Omen

Fri, 03/21/2014 - 13:31
An omen of what? An increase in the number of giant squid being caught along the Sea of Japan coast is leading puzzled fishermen to fear their presence may be some kind of 'omen' -- although experts think the invertebrate are simply a bit cold....

New Book on Data and Power

Fri, 03/21/2014 - 09:19
I'm writing a new book, with the tentative title of Data and Power. While it's obvious that the proliferation of data affects power, it's less clear how it does so. Corporations are collecting vast dossiers on our activities on- and off-line -- initially to personalize marketing efforts, but increasingly to control their customer relationships. Governments are using surveillance, censorship, and...

Liveblogging the Financial Cryptography Conference

Fri, 03/21/2014 - 04:42
Ross Anderson liveblogged Financial Cryptography 2014. Interesting stuff....

Automatic Face-Recognition Software Getting Better

Thu, 03/20/2014 - 04:12
Facebook has developed a face-recognition system that works almost as well as the human brain: Asked whether two unfamiliar photos of faces show the same person, a human being will get it right 97.53 percent of the time. New software developed by researchers at Facebook can score 97.25 percent on the same challenge, regardless of variations in lighting or whether...

Schneier Talks and Interviews

Sat, 03/15/2014 - 05:55
Here is my talk on the NSA from the RSA Conference, although this version, from MIT a few weeks earlier, is better. I was interviewed on stage by Joe Menn at TrustyCon about the NSA; here's the video. Various text, audio, and video interviews from the RSA Conference. Interviews about the iOS flaw, security and power, and incident response....

Friday Squid Blogging: Squid Ring

Fri, 03/14/2014 - 13:14
It's a nice design, even if you aren't a squid person....

Nicholas Weaver Explains how QUANTUM Works

Fri, 03/14/2014 - 11:01
An excellent essay. For the non-technical, his conclusion is the most important: Everything we've seen about QUANTUM and other internet activity can be replicated with a surprisingly moderate budget, using existing tools with just a little modification. The biggest limitation on QUANTUM is location: The attacker must be able to see a request which identifies the target. Since the same...

Security as a Public Health Issue

Fri, 03/14/2014 - 03:01
Cory Doctorow argues that computer security is analogous to public health: I think there's a good case to be made for security as an exercise in public health. It sounds weird at first, but the parallels are fascinating and deep and instructive. Last year, when I finished that talk in Seattle, a talk about all the ways that insecure computers...

Metadata = Surveillance

Thu, 03/13/2014 - 09:13
Ever since reporters began publishing stories about NSA activities, based on documents provided by Edward Snowden, we've been repeatedly assured by government officials that it's "only metadata." This might fool the average person, but it shouldn't fool those of us in the security field. Metadata equals surveillance data, and collecting metadata on people means putting them under surveillance. An easy...

How the NSA Exploits VPN and VoIP Traffic

Thu, 03/13/2014 - 06:37
These four slides, released yesterday, describe one process the NSA has for eavesdropping on VPN and VoIP traffic. There's a lot of information on these slides, though it's a veritable sea of code names. No details as to how the NSA decrypts those ESP -- "Encapsulating Security Payload" -- packets, although there are some clues in the form of code...

STELLARWIND Classification Guide

Wed, 03/12/2014 - 10:14
Also released today is the STELLARWIND classification guide, in conjunction with a New York Times article on how the FISA court expanded domestic surveillance. (Here's the previous story about STELLARWIND, from the Washington Post.) See also this NSA document. Both stories are based on Snowden documents. Is it only me, or does anyone else wonder why a court with the...

New Information on the NSA's QUANTUM Program

Wed, 03/12/2014 - 09:55
There's a new (overly breathless) article on the NSA's QUANTUM program, including a bunch of new source documents. Of particular note is this page listing a variety of QUANTUM programs. Note that QUANTUMCOOKIE, "which forces users to divulge stored cookies," is not on this list. I'm busy today, so please tell me anything interesting you see in the comments. I...

Insurance Companies Pushing for More Cybersecurity

Wed, 03/12/2014 - 09:06
This is a good development: For years, said Ms Khudari, Kiln and many other syndicates had offered cover for data breaches, to help companies recover if attackers penetrated networks and stole customer information. Now, she said, the same firms were seeking multi-million pound policies to help them rebuild if their computers and power-generation networks were damaged in a cyber-attack. "They...

Postmortem: NSA Exploits of the Day

Wed, 03/12/2014 - 03:31
When I decided to post an exploit a day from the TAO implant catalog, my goal was to highlight the myriad of capabilities of the NSA's Tailored Access Operations group, basically, its black bag teams. The catalog was published by Der Spiegel along with a pair of articles on the NSA's CNE -- that's Computer Network Exploitation -- operations, and...