This is a pilot project in Australia: Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be “hashed.” This means that the company converts the image into a unique digital fingerprint … Read More “Facebook Fingerprinting Photos to Prevent Revenge Porn” »
Last week, I testified before the House Energy and Commerce committee on the Equifax hack. You can watch the video here. And you can read my written testimony below. Testimony and Statement for the Record of Bruce Schneier Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School Fellow, Berkman Center for … Read More “Me on the Equifax Breach” »
There’s a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company’s or realty agent’s email account, track upcoming home purchases scheduled for settlements — the pricier … Read More “Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments” »
Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were. … Read More “Daphne Caruana Galizia’s Murder and the Security of WhatsApp” »
Lidl is recalling two of its packaged squid products because of the presence of struvite salt crystals. The danger is unclear. The article says that struvite crystals “may be mistaken as glass fragments,” which isn’t actually dangerous. It also says: “As these salt crystals may cause injury, the product should not be consumed.” Maybe it’s … Read More “Friday Squid Blogging: Squid Product Recall” »
I play Pokémon Go. (There, I’ve admitted it.) One of the interesting aspects of the game I’ve been watching is how the game’s publisher, Niantic, deals with cheaters. There are three basic types of cheating in Pokémon Go. The first is botting, where a computer plays the game instead of a person. The second is … Read More “Fraud Detection in Pokémon Go” »
Turns out that heart size doesn’t change throughout your adult life, and you can use low-level Doppler radar to scan the size — even at a distance — as a biometric. Research paper (to be available soon). Powered by WPeMatico
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with cute logo — for the attack, and Matthew Green’s excellent … Read More “Attack on Old ANSI Random Number Generator” »
Google has a new login service for high-risk users. it’s good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google’s … Read More “Google Login Security for High-Risk Users” »
Researchers in the British Virgin Islands have sunk a giant squid made out of steel mesh to serve as an artificial reef. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico