Informations about SSL certificates and networks security
Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired’s Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China. Powered by WPeMatico
It’s likely the diamondback squid. There’s a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico
Last month, I gave a 15-minute talk in London titled: “Why technologists need to get involved in public policy.” In it, I try to make the case for public-interest technologists. (I also maintain a public-interest tech resources page, which has pretty much everything I can find in this space. If I’m missing something, please let … Read More “Why Technologists Need to Get Involved in Public Policy” »
Interesting proof of concept: At the CS3sthlm security conference later this month, security researcher Monta Elkins will show how he created a proof-of-concept version of that hardware hack in his basement. He intends to demonstrate just how easily spies, criminals, or saboteurs with even minimal skills, working on a shoestring budget, can plant a chip … Read More “Adding a Hardware Backdoor to a Networked Computer” »
This is interesting research: In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That’s unfortunately not very hard to do, since BGP itself doesn’t have any security procedures for validating that a message is actually coming from the place it … Read More “Using Machine Learning to Detect IP Hijacking” »
Lots of them weren’t very good: BSD co-inventor Dennis Ritchie, for instance, used “dmac” (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose “bourne”; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on “wendy!!!” (the name … Read More “Cracking the Passwords of Early Internet Pioneers” »
This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It’s interesting work, but I don’t want overstate the risk. We know from Shor’s Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently … Read More “Factoring 2048-bit Numbers Using 20 Million Qubits” »
Apple fixed the squid emoji in iOS 13.1: A squid’s siphon helps it move, breathe, and discharge waste, so having the siphon in back makes more sense than having it in front. Now, the poor squid emoji will look like it should, without a siphon on its front. As usual, you can also use this … Read More “Friday Squid Blogging: Apple Fixes Squid Emoji” »
I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. (The first two are Schneier on Security and Carry On.) There is nothing in this book is that is not available for free on my website; but if you’d like these essays in an easy-to-carry paperback … Read More “I Have a New Book: We Have Root” »
Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group’s lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky’s antivirus software on machines it uses to write … Read More “Details on Uzbekistan Government Malware: SandCat” »