http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2014-03-01 00:51:30 - Schneier on Security : Pretty As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/500590.shtmlhttp://www.secuobs.com/revue/news/500590.shtml Secuobs.com : 2014-02-28 21:51:54 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog NEBULA S SI FVEY Multi-Protocol macro-class Network-In-a-Box NIB system Leverages the existing Typhon GUI and supports GSM, UMTS, CDMA2000 applications LTE capability currently under development S SI REL Operational Restrictions exist for equipment deployment S SI REL Features Dual Carrier System EGSM 900MHz UMTS 2100MHz CDMA2000 1900MHz Macro-class Base station 32 Km Range Optional Battery http://www.secuobs.com/revue/news/500564.shtmlhttp://www.secuobs.com/revue/news/500564.shtml Secuobs.com : 2014-02-28 13:40:02 - Schneier on Security - The Voynich Manuscript has been partially decoded This seems not to be a hoax And the manuscript seems not to be a hoax, either Here's the paper http://www.secuobs.com/revue/news/500456.shtmlhttp://www.secuobs.com/revue/news/500456.shtml Secuobs.com : 2014-02-27 22:08:48 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog GENESIS S SI REL Commercial GSM handset that has been modified to include a Software Defined Radio SDR and additional system memory The internal SDR allows a witting user to covertly perform network surveys, record RF spectrum, or perform handset location in hostile environments S SI REL The GENESIS systems are designed http://www.secuobs.com/revue/news/500332.shtmlhttp://www.secuobs.com/revue/news/500332.shtml Secuobs.com : 2014-02-27 14:01:44 - Schneier on Security - Last October, I speculated on the best ways to go about designing and implementing a software backdoor I suggested three characteristics of a good backdoor low chance of discovery, high deniability if discovered, and minimal conspiracy to implement The critical iOS vulnerability that Apple patched last week is an excellent example Look at the code What caused the vulnerability is http://www.secuobs.com/revue/news/500216.shtmlhttp://www.secuobs.com/revue/news/500216.shtml Secuobs.com : 2014-02-26 22:45:28 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog ENTOURAGE S SI REL Direction Finding application operating on the HOLLOWPOINT platform The system is capable of providing line of bearing for GSM UMTS CDMA2000 FRS signals A band-specific antenna and laptop controller is needed to compliment the HOLLOWPOINT system and completes the ground based system S SI The ENTOURAGE application leverages the 4 http://www.secuobs.com/revue/news/500059.shtmlhttp://www.secuobs.com/revue/news/500059.shtml Secuobs.com : 2014-02-26 14:53:23 - Schneier on Security - Interesting research Abstract The HLR AuC is considered to be one of the most important network elements of a 3G network It can serve up to five million subscribers and at least one transaction with HLR AuC is required for every single phone call or data session This paper presents experimental results and observations that can be exploited to perform a novel http://www.secuobs.com/revue/news/499968.shtmlhttp://www.secuobs.com/revue/news/499968.shtml Secuobs.com : 2014-02-25 22:09:01 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog EBSR S SI REL Multi-purpose, Pico class, tri-band active GSM base station with internal 80211 GPS handset capability S SI REL Operational Restrictions exist for equipment deployment S SI REL Features LxT Model 900 1800 1900MHz LxU Model 850 1800 1900MHz Pico-class 1Watt Base station Optional Battery Kits Highly Mobile and Deployable Integrated GPS, MS, 80211 Voice High-speed http://www.secuobs.com/revue/news/499824.shtmlhttp://www.secuobs.com/revue/news/499824.shtml Secuobs.com : 2014-02-25 14:04:38 - Schneier on Security - The NSA has become too big and too powerful What was supposed to be a single agency with a dual mission -- protecting the security of US communications and eavesdropping on the communications of our enemies -- has become unbalanced in the post-Cold War, all-terrorism-all-the-time era Putting the US Cyber Command, the military's cyberwar wing, in the same location and http://www.secuobs.com/revue/news/499700.shtmlhttp://www.secuobs.com/revue/news/499700.shtml Secuobs.com : 2014-02-24 22:41:19 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog CYCLONE Hx9 S SI FVEY EGSM 900MGz macro-class Network-In-a-Box NIB system Uses the existing Typhon GUI and supports the full Typhon feature base and applications S SI REL Operational Restrictions exist for equipment deployment S SI REL Features EGSM 900MHz Macro-class 43dBm 32 Km Range Optional Battery Kits Highly Mobile and Deployable Integrated GPS, MS, http://www.secuobs.com/revue/news/499609.shtmlhttp://www.secuobs.com/revue/news/499609.shtml Secuobs.com : 2014-02-24 13:54:33 - Schneier on Security - Amit Sahai and others have some new results in software obfuscation The papers are here An over-the top Wiredcom story on the research is here And Matthew Green has a great blog post explaining what's real and what's hype http://www.secuobs.com/revue/news/499470.shtmlhttp://www.secuobs.com/revue/news/499470.shtml Secuobs.com : 2014-02-22 00:06:51 - Schneier on Security - This video is pretty fantastic The narrator does a great job at explaining what's going on here, blow by gross blow, but here are the highlights Black-eyed squid snares owlfish with its two tentacles, which are tipped with hooks and suckers, and reels it in Black-eyed squid gnaws away at the owlfish's spinal cord using its very sharp beak Owlfish http://www.secuobs.com/revue/news/499251.shtmlhttp://www.secuobs.com/revue/news/499251.shtml Secuobs.com : 2014-02-21 22:13:58 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog CROSSBEAM TS SI REL CROSSBEAM is a GSM module that mates a modified commercial cellular product with a WAGONBED controller board TS SI REL CROSSBEAM is a reusable CHIMNEYPOOL-compliant GSM communications module capable of collecting and compressing voice data CROSSBEAM can receive GSM voice, record voice data, and transmit the received information http://www.secuobs.com/revue/news/499238.shtmlhttp://www.secuobs.com/revue/news/499238.shtml Secuobs.com : 2014-02-21 21:16:11 - Schneier on Security - Co3 Systems is going to be at the RSA Conference We don't have our own booth on the show floor, but there are four ways you can find us Monday, we're at the Innovation Sandbox 1 00 5 00 in Moscone North At the conference, we're in the RSA Security booth Go to the SecOps section of the booth and ask about us http://www.secuobs.com/revue/news/499220.shtmlhttp://www.secuobs.com/revue/news/499220.shtml Secuobs.com : 2014-02-21 17:16:43 - Schneier on Security - There's an interesting project to detect false rumors on the Internet The EU-funded project aims to classify online rumours into four types speculation -- such as whether interest rates might rise controversy -- as over the MMR vaccine misinformation, where something untrue is spread unwittingly and disinformation, where it's done with malicious intent The system will also automatically categorise sources http://www.secuobs.com/revue/news/499182.shtmlhttp://www.secuobs.com/revue/news/499182.shtml Secuobs.com : 2014-02-20 23:38:49 - Schneier on Security - Nice profile of Brian Krebs, cybersecurity journalist Russian criminals routinely feed Mr Krebs information about their rivals that they obtained through hacks After one such episode, he began receiving daily calls from a major Russian cybercriminal seeking his files back Mr Krebs is writing a book about the ordeal, called Spam Nation, to be published by Sourcebooks this year In http://www.secuobs.com/revue/news/499021.shtmlhttp://www.secuobs.com/revue/news/499021.shtml Secuobs.com : 2014-02-20 21:37:12 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog CANDYGRAM S SI REL Mimics GSM cell tower of a target network Capable of operations at 900, 1800, or 1900 MHz Whenever a target handset enters the CANDYGRAM base station's area of influence, the system sends out an SMS through the external network to registered watch phones S SI REL Typical use http://www.secuobs.com/revue/news/499005.shtmlhttp://www.secuobs.com/revue/news/499005.shtml Secuobs.com : 2014-02-20 17:26:34 - Schneier on Security - Remote-Controlled System RCS is a piece of spyware sold exclusively to governments by a Milan company called Hacking Team Recently, Citizen Lab found this spyware being used by the Ethiopian government against journalists, including American journalists More recently, Citizen Lab mapped the software and who's using it Hacking Team advertises that their RCS spyware is untraceable to a specific government http://www.secuobs.com/revue/news/498952.shtmlhttp://www.secuobs.com/revue/news/498952.shtml Secuobs.com : 2014-02-19 21:39:10 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog TOTEGHOSTLY 20 TS SI REL TOTEGHOSTLY 20 is STRAITBIZARRE based implant for the Windows Mobile embedded operating system and uses the CHIMNEYPOOL framework TOTEGHOSTLY 20 is compliant with the FREEFLOW project, therefore it is supported in the TURBULENCE architecture TS SI REL TOTEGHOSTLY 20 is a software implant for the Windows Mobile http://www.secuobs.com/revue/news/498788.shtmlhttp://www.secuobs.com/revue/news/498788.shtml Secuobs.com : 2014-02-19 14:31:52 - Schneier on Security - It's the season Here are two http://www.secuobs.com/revue/news/498688.shtmlhttp://www.secuobs.com/revue/news/498688.shtml Secuobs.com : 2014-02-18 21:54:27 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog TOTECHASER TS SI REL TOTECHASER is a Windows CE implant targeting the Thuraya 2520 handset The Thuraya is a dual mode phone that can operate either in SAT or GSM modes The phone also supports a GPRS data connection for Web browsing, e-mail, and MMS messages The initial software implant http://www.secuobs.com/revue/news/498573.shtmlhttp://www.secuobs.com/revue/news/498573.shtml Secuobs.com : 2014-02-18 16:23:47 - Schneier on Security - In a story about a stolen Stradivarius violin, there's this Information from a stun gun company, an anonymous tip and hours of surveillance paved the way for authorities to find a stolen 300-year-old Stradivarius violin in the attic of a Milwaukee home, police said Thursday Taser International, the maker of the stun gun used in the attack, provided invaluable http://www.secuobs.com/revue/news/498495.shtmlhttp://www.secuobs.com/revue/news/498495.shtml Secuobs.com : 2014-02-17 22:31:39 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog PICASSO S SI REL Modified GSM target handset that collects user data, location information and room audio Command and data exfil is done from a laptop and regular phone via SMS Short Messaging Service , without alerting the target S SI Target Data via SMS Incoming call numbers Outgoing call numbers Recently http://www.secuobs.com/revue/news/498363.shtmlhttp://www.secuobs.com/revue/news/498363.shtml Secuobs.com : 2014-02-17 19:18:05 - Schneier on Security - I signed an open letter from US researchers in cryptography and information security on NSA surveillance It has received a lot of media coverage http://www.secuobs.com/revue/news/498329.shtmlhttp://www.secuobs.com/revue/news/498329.shtml Secuobs.com : 2014-02-17 12:53:45 - Schneier on Security - One of the recommendations by the president's Review Group on Intelligence and Communications Technologies on reforming the National Security Agency No 5, if you're counting is that the government should not collect and store telephone metadata Instead, a private company -- either the phone companies themselves or some other third party -- should store the metadata and provide it to the government http://www.secuobs.com/revue/news/498254.shtmlhttp://www.secuobs.com/revue/news/498254.shtml Secuobs.com : 2014-02-14 23:24:07 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog MONKEYCALENDAR TS SI REL MONKEYCALENDAR is a software implant for GSM Global System for Mobile communication subscriber identity module SIM cards This implant pulls geolocation information from a target handset and exfiltrates it to a user-defined phone number via short message service SMS TS SI REL Modern SIM cards Phase 2 have http://www.secuobs.com/revue/news/498005.shtmlhttp://www.secuobs.com/revue/news/498005.shtml Secuobs.com : 2014-02-14 23:24:07 - Schneier on Security - Interesting As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/498004.shtmlhttp://www.secuobs.com/revue/news/498004.shtml Secuobs.com : 2014-02-14 22:17:11 - Schneier on Security - Earlier this month, I gave a talk about the NSA at MIT The video is available ETA The video doesn't display on some Firefox browsers If you have trouble, try a different browser http://www.secuobs.com/revue/news/497993.shtmlhttp://www.secuobs.com/revue/news/497993.shtml Secuobs.com : 2014-02-14 14:26:07 - Schneier on Security - We now know a lot about the security of the Rapiscan 522 B x-ray system used to scan carry-on baggage in airports worldwide Billy Rios, director of threat intelligence at Qualys, got himself one and analyzed it And he presented his results at the Kaspersky Security Analyst Summit this week It s worse than you might have expected It runs on http://www.secuobs.com/revue/news/497896.shtmlhttp://www.secuobs.com/revue/news/497896.shtml Secuobs.com : 2014-02-13 21:49:40 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog GOPHERSET TS SI REL GOPHERSET is a software implant for GSM Global System for Mobile communication subscriber identity module SIM cards This implant pulls Phonebook, SMS, and call log information from a target handset and exfiltrates it to a user-defined phone number via short message service SMS TS SI REL Modern SIM http://www.secuobs.com/revue/news/497768.shtmlhttp://www.secuobs.com/revue/news/497768.shtml Secuobs.com : 2014-02-13 14:05:39 - Schneier on Security - Glenn Greenwald is back reporting about the NSA, now with Pierre Omidyar's news organization FirstLook and its introductory publication, The Intercept Writing with national security reporter Jeremy Scahill, his first article covers how the NSA helps target individuals for assassination by drone Leaving aside the extensive political implications of the story, the article and the NSA source documents reveal additional http://www.secuobs.com/revue/news/497649.shtmlhttp://www.secuobs.com/revue/news/497649.shtml Secuobs.com : 2014-02-12 21:12:17 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog DROPOUTJEEP TS SI REL DROPOUTJEEP is a STRAITBIZARRE based software implant for the Apple iPhone operating system and uses the CHIMNEYPOOL framework DROPOUTJEEP is compliant with the FREEFLOW project, therefore it is supported in the TURBULENCE architecture TS SI REL DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular http://www.secuobs.com/revue/news/497533.shtmlhttp://www.secuobs.com/revue/news/497533.shtml Secuobs.com : 2014-02-11 22:36:14 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog SURLYSPAWN TS SI REL TO USA,FVEY Data RF retro-reflector Provides return modulated with target data keyboard, low data rate digital device when illuminated with radar U Capabilities TS SI REL TO USA,FVEY SURLYSPAWN has the capability to gather keystrokes without requiring any software running on the targeted system It also only requires that http://www.secuobs.com/revue/news/497252.shtmlhttp://www.secuobs.com/revue/news/497252.shtml Secuobs.com : 2014-02-11 14:51:57 - Schneier on Security - We ve got a new nation-state espionage malware The Mask was discovered by Kaspersky Labs The primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists Victims of this targeted attack have been found in 31 countries around the world -- from the Middle East and Europe to Africa and the Americas The http://www.secuobs.com/revue/news/497138.shtmlhttp://www.secuobs.com/revue/news/497138.shtml Secuobs.com : 2014-02-11 14:51:57 - Schneier on Security - Cory Doctorow gives a good history of the intersection of Digital Rights Management DRM software and the law, describes how DRM software is antithetical to end-user security, and speculates how we might convince the law to recognize that Every security system relies on reports of newly discovered vulnerabilities as a means of continuously improving The forces that work against security http://www.secuobs.com/revue/news/497137.shtmlhttp://www.secuobs.com/revue/news/497137.shtml Secuobs.com : 2014-02-10 22:17:41 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog WISTFULTOLL TS SI REL WISTFULTOLL is a UNITEDRAKE and STRAITBIZZARE plug-in used for harvesting and returning forensic information from a target using Windows Management Instrumentation WMI calls and Registry extractions TS SI REL This plug-in supports systems running Microsoft Windows 2000, 2003, and XP TS SI REL Through remote access or interdiction, WISTFULLTOLL is http://www.secuobs.com/revue/news/496994.shtmlhttp://www.secuobs.com/revue/news/496994.shtml Secuobs.com : 2014-02-10 14:48:23 - Schneier on Security - There has been a lot of news about Bengian cryptographer Jean-Jacques Quisquater having his computer hacked, and whether the NSA or GCHQ is to blame It's a lot of assumptions and hyperbole, mostly related to the GCHQ attack against the Belgian telcom operator Belgicom I'm skeptical Not about the attack, but about the NSA's or GCHQ's involvement I don't think http://www.secuobs.com/revue/news/496899.shtmlhttp://www.secuobs.com/revue/news/496899.shtml Secuobs.com : 2014-02-08 00:17:01 - Schneier on Security - Uh oh And the real story As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/496679.shtmlhttp://www.secuobs.com/revue/news/496679.shtml Secuobs.com : 2014-02-07 22:10:44 - Schneier on Security - Generate your own fake TAO implant This is even more fun than the fake NSA program generator Sadly, the NSA will probably use these to help develop their R D roadmap http://www.secuobs.com/revue/news/496668.shtmlhttp://www.secuobs.com/revue/news/496668.shtml Secuobs.com : 2014-02-07 22:10:44 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog TRINITY TS SI REL TRINITY is a miniaturized digital core packaged in a Multi-Chip Module MCM to be used in implants with size constraining concealments TS SI REL TRINITY uses the TAO standard implant architecture The architecture provides a robust, reconfigurable, standard digital platform resulting in a dramatic performance improvement over the http://www.secuobs.com/revue/news/496667.shtmlhttp://www.secuobs.com/revue/news/496667.shtml Secuobs.com : 2014-02-06 21:35:41 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog SWAP TS SI REL SWAP provides software application persistence by exploiting the motherboard BIOS and the hard drive's Host Protected Area to gain periodic execution before the Operating System loads TS SI REL This technique supports single or multi-processor systems running Windows, Linux, FreeBSD, or Solaris with the following file systems FAT32, http://www.secuobs.com/revue/news/496422.shtmlhttp://www.secuobs.com/revue/news/496422.shtml Secuobs.com : 2014-02-06 13:28:14 - Schneier on Security - Interesting paper by Steven J Murdoch and Ross Anderson in this year's Financial Cryptography conference Security Protocols and Evidence Where Many Payment Systems Fail Abstract As security protocols are used to authenticate more transactions, they end up being relied on in legal proceedings Designers often fail to anticipate this Here we show how the EMV protocol -- the dominant card http://www.secuobs.com/revue/news/496317.shtmlhttp://www.secuobs.com/revue/news/496317.shtml Secuobs.com : 2014-02-05 21:51:26 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog SOMBERKNAVE TS SI REL SOMBERKNAVE is Windows XP wireless software implant that provides covert internet connectivity for isolated targets TS SI REL SOMBEKNAVE is a software implant that surreptitiously routes TCP traffic from a designated process to a secondary network via an unused embedded 80211 network device If an Internet-connected wireless Access http://www.secuobs.com/revue/news/496177.shtmlhttp://www.secuobs.com/revue/news/496177.shtml Secuobs.com : 2014-02-05 13:48:47 - Schneier on Security - From Betty Medsger's book on the 1971 FBI burglary page 22 As burglars, they used some unusual techniques, ones Davidon enjoyed recalling years later, such as what some of them did in 1970 at a draft board office in Delaware During their casing, they had noticed that the interior door that opened to the draft board office was always locked http://www.secuobs.com/revue/news/496075.shtmlhttp://www.secuobs.com/revue/news/496075.shtml Secuobs.com : 2014-02-04 21:46:59 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog MAESTRO-II TS SI REL MAESTRO-II is a miniaturized digital core packaged in a Multi-Chip Module MCM to be used in implants with size constraining concealments TS SI REL MAESTRO-II uses the TAO standard implant architecture The architecture provides a robust, reconfigurable, standard digital platform resulting in a dramatic performance improvement over the http://www.secuobs.com/revue/news/495951.shtmlhttp://www.secuobs.com/revue/news/495951.shtml Secuobs.com : 2014-02-04 14:01:57 - Schneier on Security - I think this is a great hack A man bought a first-class ticket and used it to have free meals and drinks at the airport's VIP lounge almost every day for nearly a year, Kwong Wah Yit Poh reported The itinerary for the ticket was found to have been changed more than 300 times within a year, and the owner http://www.secuobs.com/revue/news/495837.shtmlhttp://www.secuobs.com/revue/news/495837.shtml Secuobs.com : 2014-02-03 21:57:41 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog JUNIORMINT TS SI REL JUNIORMINT is a digital core packaged in both a mini Printed circuit Board PCB , to be used in typical concealments, and a miniaturized Flip Chip Module FCM , to be used in implants with size constraining concealments TS SI REL JUNIORMINT uses the TAO standard implant architecture The architecture http://www.secuobs.com/revue/news/495716.shtmlhttp://www.secuobs.com/revue/news/495716.shtml Secuobs.com : 2014-02-03 12:46:04 - Schneier on Security - The most recent story from the Snowden documents is from Canada it claims the CSEC Communications Security Establishment Canada used airport Wi-Fi information to track travelers That's not really true What the top-secret presentation shows is a proof-of-concept project to identify different IP networks, using a database of user IDs found on those networks over time, and then potentially using http://www.secuobs.com/revue/news/495614.shtmlhttp://www.secuobs.com/revue/news/495614.shtml Secuobs.com : 2014-01-31 22:22:35 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog IRATEMONK TS SI REL IRATEMONK provides software application persistence on desktop and laptop computers by implanting in the hard drive firmware to gain execution through Master Boot Record MBR substitution TS SI REL This technique supports systems without RAID hardware that boot from a variety of Western Digital, Seagate, Maxtor, and Samsung http://www.secuobs.com/revue/news/495380.shtmlhttp://www.secuobs.com/revue/news/495380.shtml Secuobs.com : 2014-01-31 14:13:29 - Schneier on Security - This is a pretty impressive social engineering story an attacker compromised someone's GoDaddy domain registration in order to change his e-mail address and steal his Twitter handle It's a complicated attack My claim was refused because I am not the current registrant GoDaddy asked the attacker if it was ok to change account information, while they didn't bother asking me http://www.secuobs.com/revue/news/495265.shtmlhttp://www.secuobs.com/revue/news/495265.shtml Secuobs.com : 2014-01-31 03:51:03 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog HOWLERMONKEY TS SI REL HOWLERMONKEY is a custom Short to Medium range impant RF Tranceiver It is used in conjumction with a digital core to provide a complete implant TS SI REL HOWLERMONKEY is a COTS-based transceiver deigned to be compatible with CONJECTURE SPECULATION networks and STRIKEZONE devices running a HOWLERMONKEY personality PCB http://www.secuobs.com/revue/news/495168.shtmlhttp://www.secuobs.com/revue/news/495168.shtml Secuobs.com : 2014-01-30 20:03:41 - Schneier on Security - The male túngara frog Physalaemus pustulosus uses calls to attract females But croaking also causes ripples in the water, which are eavesdropped on -- both by rival male frogs and frog-eating bats http://www.secuobs.com/revue/news/495095.shtmlhttp://www.secuobs.com/revue/news/495095.shtml Secuobs.com : 2014-01-30 14:09:03 - Schneier on Security - This looks to be very good Add that to these three indexes of NSA source material, and these two summaries This excellent parody website has a good collection of all the leaks, too http://www.secuobs.com/revue/news/495013.shtmlhttp://www.secuobs.com/revue/news/495013.shtml Secuobs.com : 2014-01-29 22:26:56 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog GINSU TS SI REL GINSU provides software application persistence for the CNE implant, KONGUR, on target systems with the PCI bus hardware implant, BULLDOZER TS SI REL This technique supports any desktop PC system that contains at least one PCI connector for BULLDOZER installation and Microsoft Windows 9x, 2000, 20003, XP, or http://www.secuobs.com/revue/news/494882.shtmlhttp://www.secuobs.com/revue/news/494882.shtml Secuobs.com : 2014-01-29 20:27:24 - Schneier on Security - Interesting paper The value of Online Privacy, by Scott Savage and Donald M Waldman Abstract We estimate the value of online privacy with a differentiated products model of the demand for Smartphone apps We study the apps market because it is typically necessary for the consumer to relinquish some personal information through privacy permissions to obtain the app and its http://www.secuobs.com/revue/news/494859.shtmlhttp://www.secuobs.com/revue/news/494859.shtml Secuobs.com : 2014-01-29 14:24:50 - Schneier on Security - This is very good one might suppose that modern democratic states, with the lessons of history at hand, would seek to minimize fear or at least minimize its effect on deliberative decision-making in both foreign and domestic policy But today the opposite is frequently true Even democracies founded in the principles of liberty and the common good often take http://www.secuobs.com/revue/news/494766.shtmlhttp://www.secuobs.com/revue/news/494766.shtml Secuobs.com : 2014-01-28 21:57:38 - Schneier on Security - Back in December, Der Spiegel published a lot of information about the NSA's Tailored Access Operations TAO group, including a 2008 catalog of hardware and software implants Because there were so many items in the catalog, the individual items didn't get a lot of discussion By highlighting an individual implant every day, my goal is to fix that Today's item http://www.secuobs.com/revue/news/494624.shtmlhttp://www.secuobs.com/revue/news/494624.shtml Secuobs.com : 2014-01-28 19:58:55 - Schneier on Security - Now we know why the president gave his speech on NSA surveillance last week he wanted to get ahead of the Privacy and Civil Liberties Oversight Board Last week, it issued a report saying that NSA mass surveillance of Americans is illegal and should end Both EPIC and EFF have written about this What frustrates me about all of this http://www.secuobs.com/revue/news/494596.shtmlhttp://www.secuobs.com/revue/news/494596.shtml Secuobs.com : 2014-01-28 14:04:32 - Schneier on Security - This makes a lot of sense Viviane Reding dismissed recent fines for Google as pocket money and said the firm would have had to pay 1bn under her plans for privacy failings Ms Reding said such punishments were necessary to ensure firms took the use of personal data seriously And she questioned how Google was able to take so long http://www.secuobs.com/revue/news/494523.shtmlhttp://www.secuobs.com/revue/news/494523.shtml Secuobs.com : 2014-01-28 03:45:24 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog SPARROW II TS SI REL An embedded computer system running BLINDDATE tools Sparrow II is a fully functional WLAN collection system with integrated Mini PCI slots for added functionality such as GPS and multiple Wireless Network Interface Cards U FOUO System Specs Processor IBM Power PC 405GPR Memory 64MB SDRAM , 16MB http://www.secuobs.com/revue/news/494435.shtmlhttp://www.secuobs.com/revue/news/494435.shtml Secuobs.com : 2014-01-27 14:02:55 - Schneier on Security - Microsoft is trying to stop supporting Windows XP The problem is that a majority of ATMs still use that OS And once Microsoft stops issuing security updates to XP, those machines will become increasingly vulnerable Although I have to ask the question how many of those ATMs have been keeping up with their patches so far We have far to http://www.secuobs.com/revue/news/494300.shtmlhttp://www.secuobs.com/revue/news/494300.shtml Secuobs.com : 2014-01-25 00:18:32 - Schneier on Security - It's big 13 feet long The fisherman was stunned to discover the giant squid trapped in his net, having been caught at a depth of around 70m, about two-thirds of a mile from the coast As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/493993.shtmlhttp://www.secuobs.com/revue/news/493993.shtml Secuobs.com : 2014-01-24 22:15:12 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog PHOTOANGLO TS SI REL TO USA,FVEY PHOTOANGLO is a joint NSA GCHQ project to develop a new radar system to take the place of the CTX4000 U Capabilities TS SI REL TO USA,FVEY The planned capabilities for this system are Frequency range 1 - 2 GHz, which will be later extended to 1 - http://www.secuobs.com/revue/news/493976.shtmlhttp://www.secuobs.com/revue/news/493976.shtml Secuobs.com : 2014-01-24 21:04:19 - Schneier on Security - I'm sure this is a pirated copy Looking at it, it's amazing how long ago twenty years was http://www.secuobs.com/revue/news/493964.shtmlhttp://www.secuobs.com/revue/news/493964.shtml Secuobs.com : 2014-01-24 14:29:09 - Schneier on Security - This is an interesting way to characterizing income inequality as a security issue growing inequality menaces vigorous societies It is a proxy for how effectively an elite has constructed institutions that extract value from the rest of society Professor Sam Bowles, also part of the INET network, goes further He argues that inequality pulls production away from value creation to http://www.secuobs.com/revue/news/493875.shtmlhttp://www.secuobs.com/revue/news/493875.shtml Secuobs.com : 2014-01-23 22:26:38 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog NIGHTWATCH TS SI REL TO USA,FVEY NIGHTWATCH is a portable computer with specialized, internal hardware designed to process progressive-scan non-interlaced VAGRANT signals U Capability Summary TS SI REL TO USA,FVEY The current implementation of NIGHTWATCH consists of a general-purpose PC inside of a shielded case The PC has PCI digitizing and clock http://www.secuobs.com/revue/news/493691.shtmlhttp://www.secuobs.com/revue/news/493691.shtml Secuobs.com : 2014-01-23 15:03:10 - Schneier on Security - Tim Hartford talks about consumer manipulation Consider, first, confusion by design Las Vegas casinos are mazes, carefully crafted to draw players to the slot machines and to keep them there Casino designers warn against the yellow brick road effect of having a clear route through the casino One side effect it takes paramedics a long time to find gamblers in http://www.secuobs.com/revue/news/493582.shtmlhttp://www.secuobs.com/revue/news/493582.shtml Secuobs.com : 2014-01-22 21:31:01 - Schneier on Security - Today's device from the NSA's Tailored Access Operations TAO group implant catalog NIGHTSTAND TS SI REL An active 80211 wireless exploitation and injection tool for payload exploit delivery into otherwise denied target space NIGHTSTAND is typically used in operations where wired access to the target is not possible TS SI REL NIGHTSTAND - Close Access Operations Battlefield Tested Windows Exploitation Standalone http://www.secuobs.com/revue/news/493399.shtmlhttp://www.secuobs.com/revue/news/493399.shtml Secuobs.com : 2014-01-22 20:26:56 - Schneier on Security - Coming barely weeks after my essay on the security risks from embedded systems, the Proofpoint report of a spam-sending refrigerator was just too good to be true I was skeptical, so I didn't blog it Now Ars Technica has a good analysis of the report, and is also skeptical In any case it could happen, and sooner or later it http://www.secuobs.com/revue/news/493393.shtmlhttp://www.secuobs.com/revue/news/493393.shtml Secuobs.com : 2014-01-22 14:05:45 - Schneier on Security - Two reports have recently been published questioning the efficacy of the NSA's bulk-collection programs The first one is from the left-leaning New American Foundation report here, and one-page tabular summary here However, our review of the government s claims about the role that NSA bulk surveillance of phone and email communications records has had in keeping the United States safe from http://www.secuobs.com/revue/news/493297.shtmlhttp://www.secuobs.com/revue/news/493297.shtml Secuobs.com : 2014-01-21 22:04:37 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog LOUDAUTO TS SI REL TO USA,FVEY Audio-based RF retro-reflector Provides room audio from targeted space using radar and basic post-processing U Capabilities TS SI REL TO USA,FVEY LOUDAUTO's current design maximizes the gain of the microphone This makes it extremely useful for picking up room audio It can pick up speech at http://www.secuobs.com/revue/news/493149.shtmlhttp://www.secuobs.com/revue/news/493149.shtml Secuobs.com : 2014-01-21 13:54:50 - Schneier on Security - This is not a good development To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions Once the deal is http://www.secuobs.com/revue/news/493024.shtmlhttp://www.secuobs.com/revue/news/493024.shtml Secuobs.com : 2014-01-20 21:41:45 - Schneier on Security - Today's device -- this one isn't an implant -- from the NSA's Tailored Access Operations TAO group implant catalog CTX4000 TS SI REL TO USA,FVEY The CTX4000 is a portable continuous wave CW radar unit It can be used to illuminate a target system to recover different off net information Primary uses include VAGRANT and DROPMIRE collection TS SI REL TO USA,FVEY The CTX4000 http://www.secuobs.com/revue/news/492901.shtmlhttp://www.secuobs.com/revue/news/492901.shtml Secuobs.com : 2014-01-20 13:46:12 - Schneier on Security - This is new The NTP method first began to appear late last year To bring down a server such as one running League of Legends, the attackers trick NTP servers into thinking they've been queried by the League of Legends server The NTP servers, thinking they're responding to a legitimate query, message the League of Legends server, overloading it with http://www.secuobs.com/revue/news/492792.shtmlhttp://www.secuobs.com/revue/news/492792.shtml Secuobs.com : 2014-01-18 00:40:13 - Schneier on Security - Interesting research Cephalopods possess a sophisticated array of mechanisms to achieve camouflage in dynamic underwater environments While active mechanisms such as chromatophore patterning and body posturing are well known, passive mechanisms such as manipulating light with highly evolved reflectors may also play an important role To explore the contribution of passive mechanisms to cephalopod camouflage, we investigated the optical and http://www.secuobs.com/revue/news/492505.shtmlhttp://www.secuobs.com/revue/news/492505.shtml Secuobs.com : 2014-01-17 22:42:17 - Schneier on Security - There's a new piece of ransomware out there, PowerLocker also called PrisonLocker , that uses Blowfish PowerLocker could prove an even more potent threat because it would be sold in underground forums as a DIY malware kit to anyone who can afford the 100 for a license, Friday's post warned CryptoLocker, by contrast, was custom built for use by a single http://www.secuobs.com/revue/news/492492.shtmlhttp://www.secuobs.com/revue/news/492492.shtml Secuobs.com : 2014-01-17 21:46:11 - Schneier on Security - Today's implant from the NSA's Tailored Access Operations TAO group implant catalog STUCCOMONTANA TS SI REL STUCCOMONTANA provides persistence for DNT implants The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card TS SI REL Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process http://www.secuobs.com/revue/news/492481.shtmlhttp://www.secuobs.com/revue/news/492481.shtml Secuobs.com : 2014-01-17 20:47:22 - Schneier on Security - Generate your own fake NSA programs http://www.secuobs.com/revue/news/492473.shtmlhttp://www.secuobs.com/revue/news/492473.shtml Secuobs.com : 2014-01-17 13:38:24 - Schneier on Security - No surprise here Although we some new codenames DISHFIRE The NSA's program to collect text messages and text-message metadata PREFER The NSA's program to perform automatic analysis on the text-message data and metadata The documents talk about not just collecting chatty text messages, but VCards, SIM card changes, missed calls, roaming information indicating border crossings, travel itineraries, and financial transactions http://www.secuobs.com/revue/news/492388.shtmlhttp://www.secuobs.com/revue/news/492388.shtml Secuobs.com : 2014-01-16 22:53:59 - Schneier on Security - Today's implant from the NSA's Tailored Access Operations TAO group implant catalog SIERRAMONTANA TS SI REL SIERRAMONTANA provides persistence for DNT implants The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card TS SI REL Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process http://www.secuobs.com/revue/news/492228.shtmlhttp://www.secuobs.com/revue/news/492228.shtml Secuobs.com : 2014-01-16 20:45:42 - Schneier on Security - This morning I spent an hour in a closed room with six Members of Congress Rep Logfren, Rep Sensenbrenner, Rep Scott, Rep Goodlate, Rep Thompson, and Rep Amash No staffers, no public just them Lofgren asked me to brief her and a few Representatives on the NSA She said that the NSA wasn't forthcoming about their activities, and they wanted http://www.secuobs.com/revue/news/492204.shtmlhttp://www.secuobs.com/revue/news/492204.shtml Secuobs.com : 2014-01-16 19:36:46 - Schneier on Security - Elgar's cryptography puzzles from the late 1890s http://www.secuobs.com/revue/news/492184.shtmlhttp://www.secuobs.com/revue/news/492184.shtml Secuobs.com : 2014-01-16 15:19:03 - Schneier on Security - This is interesting Adding credence to the theory that Brooklyn landlord Menachem Stark was kidnapped and murdered by professionals, a law enforcement source tells the Post that the NYPD found a cell phone attached to the bottom of his car, which could have been used to track his movements This is interesting Presumably the criminals installed one of those track http://www.secuobs.com/revue/news/492113.shtmlhttp://www.secuobs.com/revue/news/492113.shtml Secuobs.com : 2014-01-15 22:56:52 - Schneier on Security - Today's implant from the NSA's Tailored Access Operations TAO group implant catalog SCHOOLMONTANA TS SI REL SCHOOLMONTANA provides persistence for DNT implants The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card TS SI REL Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process http://www.secuobs.com/revue/news/491843.shtmlhttp://www.secuobs.com/revue/news/491843.shtml Secuobs.com : 2014-01-15 13:39:39 - Schneier on Security - From Ashkan Soltani's blog post The Yale Law Journal Online YLJO just published an article that I co-authored with Kevin Bankston first workshopped at the Privacy Law Scholars Conference last year entitled Tiny Constables and the Cost of Surveillance Making Cents Out of United States v Jones In it, we discuss the drastic reduction in the cost of tracking an http://www.secuobs.com/revue/news/491706.shtmlhttp://www.secuobs.com/revue/news/491706.shtml Secuobs.com : 2014-01-14 21:30:58 - Schneier on Security - Today's implant from the NSA's Tailored Access Operations TAO group implant catalog HEADWATER TS SI REL HEADWATER is a Persistent Backdoor PDB software implant for selected Huawei routers The implant will enable covert functions to be remotely executed within the router via an Internet connection TS SI REL HEADWATER PBD implant will be transferred remotely over the Internet to the selected target router by http://www.secuobs.com/revue/news/491588.shtmlhttp://www.secuobs.com/revue/news/491588.shtml Secuobs.com : 2014-01-14 15:10:54 - Schneier on Security - It's something that we're hearing a lot, both from NSA Director General Keith Alexander and others the NSA's mass surveillance programs could have stopped 9 11 It's not true, and recently two people have published good essays debunking this claim The first is from Lawrence Wright, who wrote the best book The Looming Tower on the lead-up to 9 11 Judge Pauley http://www.secuobs.com/revue/news/491484.shtmlhttp://www.secuobs.com/revue/news/491484.shtml Secuobs.com : 2014-01-13 22:24:11 - Schneier on Security - One of the top secret NSA documents published by Der Spiegel is a 50-page catalog of implants from the NSA's Tailored Access Group Because the individual implants are so varied and we saw so many at once, most of them were never discussed in the security community Also, the pages were pds, which makes them harder to index and search http://www.secuobs.com/revue/news/491357.shtmlhttp://www.secuobs.com/revue/news/491357.shtml Secuobs.com : 2014-01-13 14:04:09 - Schneier on Security - Secret NSA eavesdropping is still in the news Details about once secret programs continue to leak The Director of National Intelligence has recently declassified additional information, and the President's Review Group has just released its report and recommendations With all this going on, it's easy to become inured to the breadth and depth of the NSA's activities But through the http://www.secuobs.com/revue/news/491252.shtmlhttp://www.secuobs.com/revue/news/491252.shtml Secuobs.com : 2014-01-11 00:27:37 - Schneier on Security - Happy squid new year As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/490953.shtmlhttp://www.secuobs.com/revue/news/490953.shtml Secuobs.com : 2014-01-10 14:31:13 - Schneier on Security - Interesting story burglars took a lock pick and a crowbar and broke into a Federal Bureau of Investigation office in a suburb of Philadelphia, making off with nearly every document inside They were never caught, and the stolen documents that they mailed anonymously to newspaper reporters were the first trickle of what would become a flood of revelations about extensive http://www.secuobs.com/revue/news/490846.shtmlhttp://www.secuobs.com/revue/news/490846.shtml Secuobs.com : 2014-01-09 20:25:35 - Schneier on Security - Today's implant from the NSA's Tailored Access Operations TAO group implant catalog JETPLOW TS SI REL JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA Adaptive Security Appliance firewalls It persists DNT's BANANAGLEE software implant JETPLOW also has a persistent back-door capability TS SI REL JETPLOW is a firmware persistence impant for Cisco PIX Series and ASA Adaptive Security Appliance firewalls http://www.secuobs.com/revue/news/490690.shtmlhttp://www.secuobs.com/revue/news/490690.shtml Secuobs.com : 2014-01-09 14:16:38 - Schneier on Security - We're at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself -- as with the Internet of Things These embedded computers are riddled with vulnerabilities, and there's no good way to patch them It's not unlike what happened in the mid-1990s, when the insecurity of personal computers was reaching http://www.secuobs.com/revue/news/490595.shtmlhttp://www.secuobs.com/revue/news/490595.shtml Secuobs.com : 2014-01-08 21:34:19 - Schneier on Security - Today's implant from the NSA's Tailored Access Operations TAO group implant catalog HALLUXWATER TS SI REL The HALLUXWATER Persistence Back Door implant is installed on a target Huawei Eudemon firewall as a boot ROM upgrade When the target reboots, the PBD installer software will find the needed patch points and install the back door in the inbound packet processing routine Once installed, http://www.secuobs.com/revue/news/490469.shtmlhttp://www.secuobs.com/revue/news/490469.shtml Secuobs.com : 2014-01-08 15:24:50 - Schneier on Security - Paper from First Monday Transaction costs, privacy, and trust The laudable goals and ultimate failure of notice and choice to respect privacy Abstract The goal of this paper is to outline the laudable goals and ultimate failure of notice and choice to respect privacy online and suggest an alternative framework to manage and research privacy This paper suggests that the http://www.secuobs.com/revue/news/490403.shtmlhttp://www.secuobs.com/revue/news/490403.shtml Secuobs.com : 2014-01-08 00:33:33 - Schneier on Security - I have an official Twitter feed of my blog it's schneierblog There's also an unofficial feed at Bruce_Schneier I have nothing to do with that one I wouldn't mind the unofficial feed -- if people are reading my blog, who cares -- except that it isn't working right, and hasn't been for some time It publishes some posts weeks late http://www.secuobs.com/revue/news/490276.shtmlhttp://www.secuobs.com/revue/news/490276.shtml Secuobs.com : 2014-01-07 21:28:26 - Schneier on Security - Continuing our walk through the NSA's Tailored Access Operations TAO group implant catalog GOURMETTROUGH TS SI REL GOURMETTROUGH is a user configurable implant for certain Juniper firewalls It persists DNT's BANANAGLEE implant across reboots and OS upgrades For some platforms, it supports a minimal implant with beaconing for OS's unsupported by BANANAGLEE TS SI REL For supported platforms, DNT may configure without ANT involvement http://www.secuobs.com/revue/news/490258.shtmlhttp://www.secuobs.com/revue/news/490258.shtml Secuobs.com : 2014-01-07 16:11:07 - Schneier on Security - Matt Blaze makes a point that I have been saying for a while now Don't get me wrong, as a security specialist, the NSA's Tailored Access Operations TAO scare the daylights of me I would never want these capabilities used against me or any other innocent person But these tools, as frightening and abusable as they are, represent far less http://www.secuobs.com/revue/news/490189.shtmlhttp://www.secuobs.com/revue/news/490189.shtml Secuobs.com : 2014-01-06 21:45:31 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog FEEDTROUGH TS SI REL FEEDTROUGH is a persistence technique for two software implants, DNT's BANANAGLEE and CES's ZESTYLEAK used against Juniper Netscreen firewalls TS SI REL FEEDTROUGH can be used to persist two implants, ZESTYLEAK and or BANANAGLEE across reboots and software upgrades on known and covered OS's for the following Netscreen firewalls, http://www.secuobs.com/revue/news/490021.shtmlhttp://www.secuobs.com/revue/news/490021.shtml Secuobs.com : 2014-01-06 13:35:15 - Schneier on Security - For decades, I've said that good security is a combination of protection, detection, and response In 1999, when I formed Counterpane Internet Security, I focused the company on what was then the nascent area of detection Since then, there have been many products and services that focus on detection, and it's a huge part of the information security industry Now, http://www.secuobs.com/revue/news/489908.shtmlhttp://www.secuobs.com/revue/news/489908.shtml Secuobs.com : 2014-01-03 23:12:18 - Schneier on Security - Just the thing http://www.secuobs.com/revue/news/489647.shtmlhttp://www.secuobs.com/revue/news/489647.shtml Secuobs.com : 2014-01-03 22:08:47 - Schneier on Security - There are more source documents from the recent Spiegel story on the NSA than I realized Here is what I think is the complete list Tailored Access Operations presentation, 14 pages Lots of information about QUANTUM NSA QUANTUM Tasking Techniques for the R T Analyst presentation, 28 pages Includes details about MARINA Getting Close to the Adversary Forward-based Defense with QFIRE http://www.secuobs.com/revue/news/489640.shtmlhttp://www.secuobs.com/revue/news/489640.shtml Secuobs.com : 2014-01-03 20:01:01 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog is IRONCHEF IRONCHEF TS SI REL IRONCHEF provides access persistence to target systems by exploiting the motherboard BIOS and utilizing System Management Mode SMM to communicate with a hardware implant that provides two-way RF communication TS SI REL This technique supports the HP Proliant 380DL G6 server, onto which a hardware implant http://www.secuobs.com/revue/news/489619.shtmlhttp://www.secuobs.com/revue/news/489619.shtml Secuobs.com : 2014-01-03 13:47:22 - Schneier on Security - It has amazed me that the NSA doesn't seem to do any cost benefit analyses on any of its surveillance programs This seems particularly important for bulk surveillance programs, as they have significant costs aside from the obvious monetary costs In this paper, John Mueller and Mark G Stewart have done the analysis on one of these programs Worth reading http://www.secuobs.com/revue/news/489541.shtmlhttp://www.secuobs.com/revue/news/489541.shtml Secuobs.com : 2014-01-03 00:34:20 - Schneier on Security - Today's item from the NSA's Tailored Access Operations TAO group implant catalog is DEITYBOUNCE DEITYBOUNCE TS SI REL DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode SMM to gain periodic execution while the Operating System loads TS SI REL This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and http://www.secuobs.com/revue/news/489459.shtmlhttp://www.secuobs.com/revue/news/489459.shtml Secuobs.com : 2014-01-02 14:36:38 - Schneier on Security - I don't know what to think about this Around 1 00 AM on April 16, at least one individual possibly two entered two different manholes at the PG E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation That knocked out some local 911 services, landline service to the substation, and cell phone service http://www.secuobs.com/revue/news/489350.shtmlhttp://www.secuobs.com/revue/news/489350.shtml Secuobs.com : 2013-12-31 15:10:25 - Schneier on Security - Der Spiegel has a good article on the NSA's Tailored Access Operations unit basically, its hackers The article also has more details on how QUANTUM -- particularly, QUANTUMINSERT -- works Another article discusses the various tools TAO has at its disposal A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its http://www.secuobs.com/revue/news/489074.shtmlhttp://www.secuobs.com/revue/news/489074.shtml Secuobs.com : 2013-12-30 17:51:00 - Schneier on Security - Joseph Stiglitz has an excellent essay on the value of trust, and the lack of it in today's society Trust is what makes contracts, plans and everyday transactions possible it facilitates the democratic process, from voting to law creation, and is necessary for social stability It is essential for our lives It is trust, more than money, that makes the http://www.secuobs.com/revue/news/488914.shtmlhttp://www.secuobs.com/revue/news/488914.shtml Secuobs.com : 2013-12-27 23:31:19 - Schneier on Security - Frozen squid makes him happy As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/488621.shtmlhttp://www.secuobs.com/revue/news/488621.shtml Secuobs.com : 2013-12-26 17:13:31 - Schneier on Security - Talking to Vula is the story of a 1980s secret communications channel between black South African leaders and others living in exile in the UK The system used encrypted text encoded into DTMF touch tones and transmitted from pay phones Our next project was one that led to the breakthrough we had been waiting for We had received a request, http://www.secuobs.com/revue/news/488447.shtmlhttp://www.secuobs.com/revue/news/488447.shtml Secuobs.com : 2013-12-25 14:44:18 - Schneier on Security - Amusing http://www.secuobs.com/revue/news/488360.shtmlhttp://www.secuobs.com/revue/news/488360.shtml Secuobs.com : 2013-12-24 14:49:35 - Schneier on Security - Fascinating report from Citizen Lab on the use of malware in the current Syrian conflict EFF summary and Wired article http://www.secuobs.com/revue/news/488237.shtmlhttp://www.secuobs.com/revue/news/488237.shtml Secuobs.com : 2013-12-23 13:55:24 - Schneier on Security - On Friday, Reuters reported that RSA entered a secret contract to make DUAL_EC_PRNG the default random number generator in the BSAFE toolkit DUA_EC_PRNG is now known to be back-doored by the NSA Yesterday, RSA denied it Recent press coverage has asserted that RSA entered into a secret contract with the NSA to incorporate a known flawed random number generator into http://www.secuobs.com/revue/news/488059.shtmlhttp://www.secuobs.com/revue/news/488059.shtml Secuobs.com : 2013-12-20 23:54:25 - Schneier on Security - Minecraft parody As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/487803.shtmlhttp://www.secuobs.com/revue/news/487803.shtml Secuobs.com : 2013-12-20 22:47:37 - Schneier on Security - The Register reported that I am leaving BT at the end of the year It quoted BT as saying We hired Bruce because of his thought leadership in security and as part of our acquisition of Counterpane We have agreed to part ways as we felt our relationship had run its course and come to a natural end It has http://www.secuobs.com/revue/news/487787.shtmlhttp://www.secuobs.com/revue/news/487787.shtml Secuobs.com : 2013-12-20 14:20:45 - Schneier on Security - Last week, Eben Moglen and I had a conversation about NSA surveillance Audio and video are online http://www.secuobs.com/revue/news/487687.shtmlhttp://www.secuobs.com/revue/news/487687.shtml Secuobs.com : 2013-12-19 13:42:36 - Schneier on Security - This is neat Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA The attack can extract full 4096-bit RSA decryption keys from laptop computers of various models , within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts We experimentally demonstrate that such attacks can be http://www.secuobs.com/revue/news/487405.shtmlhttp://www.secuobs.com/revue/news/487405.shtml Secuobs.com : 2013-12-18 17:31:16 - Schneier on Security - Eldo Kim sent an e-mail bomb threat to Harvard so he could skip a final exam It's just a coincidence that I was on the Harvard campus that day Even though he used an anonymous account and Tor, the FBI identified him Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed http://www.secuobs.com/revue/news/487196.shtmlhttp://www.secuobs.com/revue/news/487196.shtml Secuobs.com : 2013-12-17 15:21:51 - Schneier on Security - An interesting research paper documents a honeymoon effect when it comes to software and vulnerabilities attackers are more likely to find vulnerabilities in older and more familiar code It's a few years old, but I haven't seen it before now The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith Familiarity Breeds Contempt The Honeymoon Effect and http://www.secuobs.com/revue/news/486856.shtmlhttp://www.secuobs.com/revue/news/486856.shtml Secuobs.com : 2013-12-16 13:41:55 - Schneier on Security - This story is about how at least two professional online poker players had their hotel rooms broken into and their computers infected with malware I agree with the conclusion So, what's the moral of the story If you have a laptop that is used to move large amounts of money, take good care of it Lock the keyboard when you http://www.secuobs.com/revue/news/486577.shtmlhttp://www.secuobs.com/revue/news/486577.shtml Secuobs.com : 2013-12-14 00:00:30 - Schneier on Security - Snappy-looking bow tie As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/486237.shtmlhttp://www.secuobs.com/revue/news/486237.shtml Secuobs.com : 2013-12-13 20:50:38 - Schneier on Security - Really good article from the New Yorker http://www.secuobs.com/revue/news/486215.shtmlhttp://www.secuobs.com/revue/news/486215.shtml Secuobs.com : 2013-12-13 18:48:19 - Schneier on Security - This is an interesting story from World War II about trust Jones notes that the Germans doubted their system because they knew the British could radio false orders to the German bombers with no trouble As Jones recalls, In fact we did not do this, but it seemed such an easy countermeasure that the German crews thought that we might, http://www.secuobs.com/revue/news/486190.shtmlhttp://www.secuobs.com/revue/news/486190.shtml Secuobs.com : 2013-12-12 20:59:49 - Schneier on Security - Last week the Washington Post reported on how the NSA tracks mobile phones world-wide, and this week they followed up with source documents and more detail Barton Gellman and Ashkan Soltani are doing some fantastic reporting on the Snowden NSA documents I hope to be able to do the same again, once Pierre Omidyar's media venture gets up and running http://www.secuobs.com/revue/news/485990.shtmlhttp://www.secuobs.com/revue/news/485990.shtml Secuobs.com : 2013-12-12 14:15:17 - Schneier on Security - The Washington Post has a detailed article on how the NSA uses cookie data to track individuals The EFF also has a good post on this I have been writing and saying that government surveillance largely piggy backs on corporate capabilities, and this is an example of that The NSA doesn't need the cooperation of any Internet company to use http://www.secuobs.com/revue/news/485913.shtmlhttp://www.secuobs.com/revue/news/485913.shtml Secuobs.com : 2013-12-10 17:06:42 - Schneier on Security - The NSA is spying on chats in World of Warcraft and other games There's lots of information -- and a good source document While it's fun to joke about the NSA and elves and dwarves from World of Warcraft, this kind of surveillance makes perfect sense If, as Dan Geer has pointed out, your assigned mission is to ensure that http://www.secuobs.com/revue/news/485420.shtmlhttp://www.secuobs.com/revue/news/485420.shtml Secuobs.com : 2013-12-09 19:22:43 - Schneier on Security - This is the best explanation of the Bitcoin protocol that I have read http://www.secuobs.com/revue/news/485181.shtmlhttp://www.secuobs.com/revue/news/485181.shtml Secuobs.com : 2013-12-07 00:23:33 - Schneier on Security - The weird squid-like creature floating around Bristol Harbour is a hoax As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/484823.shtmlhttp://www.secuobs.com/revue/news/484823.shtml Secuobs.com : 2013-12-06 22:27:08 - Schneier on Security - 0-Day Clothing has taken 25 Bruce Schneier Facts and turned them into T-shirts just in time for Christmas http://www.secuobs.com/revue/news/484800.shtmlhttp://www.secuobs.com/revue/news/484800.shtml Secuobs.com : 2013-12-06 22:27:08 - Schneier on Security - I have a new book It's Carry On Sound Advice from Schneier on Security, and it's my second collection of essays This book covers my writings from March 2008 to June 2013 My first collection of essays, Schneier on Security, covered my writings from April 2002 to February 2008 There's nothing in this book that hasn't been published before, and http://www.secuobs.com/revue/news/484799.shtmlhttp://www.secuobs.com/revue/news/484799.shtml Secuobs.com : 2013-12-06 13:37:15 - Schneier on Security - Telepathwords is a pretty clever research project that tries to evaluate password strength It's different from normal strength meters, and I think better Telepathwords tries to predict the next character of your passwords by using knowledge of common passwords, such as those made public as a result of security breaches common phrases, such as those that appear frequently on web http://www.secuobs.com/revue/news/484712.shtmlhttp://www.secuobs.com/revue/news/484712.shtml Secuobs.com : 2013-12-05 20:53:58 - Schneier on Security - Here's a new biometric I know nothing about The wristband relies on authenticating identity by matching the overall shape of the user's heartwave captured via an electrocardiogram sensor Unlike other biotech authentication methods -- like fingerprint scanning and iris- facial-recognition tech -- the system doesn't require the user to authenticate every time they want to unlock something Because it's a wearable http://www.secuobs.com/revue/news/484560.shtmlhttp://www.secuobs.com/revue/news/484560.shtml Secuobs.com : 2013-12-05 14:16:31 - Schneier on Security - Some apps are being distributed with secret Bitcoin-mining software embedded in them Coins found are sent back to the app owners, of course And to make it legal, it's part of the end-user license agreement EULA COMPUTER CALCULATIONS, SECURITY as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and http://www.secuobs.com/revue/news/484477.shtmlhttp://www.secuobs.com/revue/news/484477.shtml Secuobs.com : 2013-12-04 14:26:51 - Schneier on Security - The news is reporting about Evan Booth, who builds weaponry out of items you can buy after airport security It's clever stuff It's not new, though People have been explaining how to evade airport security for years Back in 2006, I -- and others -- explained how to print your own boarding pass and evade the photo-ID check, a trick http://www.secuobs.com/revue/news/484226.shtmlhttp://www.secuobs.com/revue/news/484226.shtml Secuobs.com : 2013-12-03 14:03:09 - Schneier on Security - As more and more media outlets from all over the world continue to report on the Snowden documents, it's harder and harder to keep track of what has been released The EFF, ACLU, and Cryptome are all trying None of them is complete, I believe Please post additions in the comments, and I will do my best to feed the http://www.secuobs.com/revue/news/484022.shtmlhttp://www.secuobs.com/revue/news/484022.shtml Secuobs.com : 2013-12-02 20:00:25 - Schneier on Security - One of the things I do is expert witness work in patent litigations Often, it's defending companies against patent trolls One of the patents I have worked on for several defendants is owned by a company called TQP Development The patent owner claims that it covers SSL and RC4, which is does not The patent owner claims that the patent http://www.secuobs.com/revue/news/483908.shtmlhttp://www.secuobs.com/revue/news/483908.shtml Secuobs.com : 2013-12-02 13:48:08 - Schneier on Security - Since we learned that the NSA has surreptitiously weakened Internet security so it could more easily eavesdrop, we've been wondering if it's done anything to antivirus products Given that it engages in offensive cyberattacks -- and launches cyberweapons like Stuxnet and Flame -- it's reasonable to assume that it's asked antivirus companies to ignore its malware We know that antivirus http://www.secuobs.com/revue/news/483838.shtmlhttp://www.secuobs.com/revue/news/483838.shtml Secuobs.com : 2013-11-30 00:12:33 - Schneier on Security - This squid-like worm -- Teuthidodrilus samae -- is new to science As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/483628.shtmlhttp://www.secuobs.com/revue/news/483628.shtml Secuobs.com : 2013-11-27 14:16:12 - Schneier on Security - Safeplug is an easy-to-use Tor appliance I like that it can also act as a Tor exit node http://www.secuobs.com/revue/news/483289.shtmlhttp://www.secuobs.com/revue/news/483289.shtml Secuobs.com : 2013-11-26 14:17:36 - Schneier on Security - This is a long article about the FBI's Data Intercept Technology Unit DITU , which is basically its own internal NSA It carries out its own signals intelligence operations and is trying to collect huge amounts of email and Internet data from US companies -- an operation that the NSA once conducted, was reprimanded for, and says it abandoned The http://www.secuobs.com/revue/news/483087.shtmlhttp://www.secuobs.com/revue/news/483087.shtml Secuobs.com : 2013-11-25 21:58:32 - Schneier on Security - This story should get more publicity than it has http://www.secuobs.com/revue/news/482983.shtmlhttp://www.secuobs.com/revue/news/482983.shtml Secuobs.com : 2013-11-25 14:40:26 - Schneier on Security - Google recently announced that it would start including individual users' names and photos in some ads This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached without your knowledge or consent Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on http://www.secuobs.com/revue/news/482891.shtmlhttp://www.secuobs.com/revue/news/482891.shtml Secuobs.com : 2013-11-23 00:18:46 - Schneier on Security - Neat photo Video, too As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/482673.shtmlhttp://www.secuobs.com/revue/news/482673.shtml Secuobs.com : 2013-11-22 22:00:04 - Schneier on Security - I just did an AMA on Reddit http://www.secuobs.com/revue/news/482656.shtmlhttp://www.secuobs.com/revue/news/482656.shtml Secuobs.com : 2013-11-21 21:07:35 - Schneier on Security - Renesys is reporting that Internet traffic is being manipulatively rerouted, presumably for eavesdropping purposes The attacks exploit flaws in the Border Gateway Protocol BGP Ars Technica has a good article explaining the details The odds that the NSA is not doing this sort of thing are basically zero, but I'm sure that their activities are going to be harder to http://www.secuobs.com/revue/news/482473.shtmlhttp://www.secuobs.com/revue/news/482473.shtml Secuobs.com : 2013-11-20 14:59:26 - Schneier on Security - The tips are more psychological than security http://www.secuobs.com/revue/news/482086.shtmlhttp://www.secuobs.com/revue/news/482086.shtml Secuobs.com : 2013-11-19 14:17:15 - Schneier on Security - Fokirtor is a Linux Trojan that exfiltrates traffic by inserting it into SSH connections It looks very well-designed and -constructed http://www.secuobs.com/revue/news/481842.shtmlhttp://www.secuobs.com/revue/news/481842.shtml Secuobs.com : 2013-11-18 14:42:16 - Schneier on Security - Nicholas Weaver has a great essay explaining how the NSA's QUANTUM packet injection system works, what we know it does, what else it can possibly do, and how to defend against it Remember that while QUANTUM is an NSA program, other countries engage in these sorts of attacks as well By securing the Internet against QUANTUM, we protect ourselves against http://www.secuobs.com/revue/news/481626.shtmlhttp://www.secuobs.com/revue/news/481626.shtml Secuobs.com : 2013-11-16 00:02:49 - Schneier on Security - Cool photo As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/481331.shtmlhttp://www.secuobs.com/revue/news/481331.shtml Secuobs.com : 2013-11-15 21:50:53 - Schneier on Security - News articles about me or with good quotes by me My talk at the IETF Vancouver meeting on NSA and surveillance I'm the first speaker after the administrivia Press articles about me and the IETF meeting Other video interviews with me http://www.secuobs.com/revue/news/481315.shtmlhttp://www.secuobs.com/revue/news/481315.shtml Secuobs.com : 2013-11-15 14:06:47 - Schneier on Security - The US government sets up secure tents for the president and other officials to deal with classified material while traveling abroad Even when Obama travels to allied nations, aides quickly set up the security tent -- which has opaque sides and noise-making devices inside -- in a room near his hotel suite When the president needs to read a classified http://www.secuobs.com/revue/news/481212.shtmlhttp://www.secuobs.com/revue/news/481212.shtml Secuobs.com : 2013-11-14 13:43:58 - Schneier on Security - The public private surveillance partnership between the NSA and corporate data collectors is starting to fray The reason is sunlight The publicity resulting from the Snowden documents has made companies think twice before allowing the NSA access to their users' and customers' data Pre-Snowden, there was no downside to cooperating with the NSA If the NSA asked you for copies of http://www.secuobs.com/revue/news/480928.shtmlhttp://www.secuobs.com/revue/news/480928.shtml Secuobs.com : 2013-11-13 21:49:17 - Schneier on Security - I think this is a good move on Microsoft's part Microsoft is recommending that customers and CA's stop using SHA-1 for cryptographic applications, including use in SSL TLS and code signing Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity of SHA-1 based certificates after 2016 More news SHA-1 isn't broken http://www.secuobs.com/revue/news/480798.shtmlhttp://www.secuobs.com/revue/news/480798.shtml Secuobs.com : 2013-11-13 14:03:14 - Schneier on Security - Der Speigel is reporting that the GCHQ used QUANTUMINSERT to direct users to fake LinkedIn and Slashdot pages run by -- this code name is not in the article -- FOXACID servers There's not a lot technically new in the article, but we do get some information about popularity and jargon According to other secret documents, Quantum is an extremely http://www.secuobs.com/revue/news/480663.shtmlhttp://www.secuobs.com/revue/news/480663.shtml Secuobs.com : 2013-11-12 20:55:43 - Schneier on Security - Adobe lost 150 million customer passwords Even worse, they had a pretty dumb cryptographic hash system protecting those passwords http://www.secuobs.com/revue/news/480479.shtmlhttp://www.secuobs.com/revue/news/480479.shtml Secuobs.com : 2013-11-12 14:32:38 - Schneier on Security - This article argues that online gambling is a strategic national threat because terrorists could use it to launder money The Harper demonstration showed the technology and techniques that terror and crime organizations could use to operate untraceable money laundering built on a highly liquid legalized online poker industry -- just the environment that will result from the spread of poker http://www.secuobs.com/revue/news/480377.shtmlhttp://www.secuobs.com/revue/news/480377.shtml Secuobs.com : 2013-11-11 14:09:50 - Schneier on Security - This talk by Dan Geer explains the NSA mindset of collect everything I previously worked for a data protection company Our product was, and I believe still is, the most thorough on the market By thorough I mean the dictionary definition, careful about doing something in an accurate and exact way To this end, installing our product instrumented every system http://www.secuobs.com/revue/news/480145.shtmlhttp://www.secuobs.com/revue/news/480145.shtml Secuobs.com : 2013-11-08 23:52:47 - Schneier on Security - This tree http wwwthisiscolossalcom 2013 10 a-yarn-bombed-tree-squid in San Mateo, CA, has been turned into a giant blue squid As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/479918.shtmlhttp://www.secuobs.com/revue/news/479918.shtml Secuobs.com : 2013-11-08 21:30:51 - Schneier on Security - There's a story that Edward Snowden successfully socially engineered other NSA employees into giving him their passwords http://www.secuobs.com/revue/news/479899.shtmlhttp://www.secuobs.com/revue/news/479899.shtml Secuobs.com : 2013-11-08 14:47:59 - Schneier on Security - In the Information Age, it's easier than ever to steal and publish data Corporations and governments have to adjust to their secrets being exposed, regularly When massive amounts of government documents are leaked, journalists sift through them to determine which pieces of information are newsworthy, and confer with government agencies over what needs to be redacted Managing this reality is http://www.secuobs.com/revue/news/479816.shtmlhttp://www.secuobs.com/revue/news/479816.shtml Secuobs.com : 2013-11-07 15:14:03 - Schneier on Security - I like this idea of giving each individual login attempt a risk score, based on the characteristics of the attempt The risk score estimates the risk associated with a log-in attempt based on a user's typical log-in and usage profile, taking into account their device and geographic location, the system they're trying to access, the time of day they typically http://www.secuobs.com/revue/news/479578.shtmlhttp://www.secuobs.com/revue/news/479578.shtml Secuobs.com : 2013-11-06 21:35:46 - Schneier on Security - The wings of the Goniurellia tridens fruit fly have images of an ant on them, to deceive predators When threatened, the fly flashes its wings to give the appearance of ants walking back and forth The predator gets confused and the fly zips off Click on the link to see the photo http://www.secuobs.com/revue/news/479443.shtmlhttp://www.secuobs.com/revue/news/479443.shtml Secuobs.com : 2013-11-06 14:06:30 - Schneier on Security - This is well-written and very good http://www.secuobs.com/revue/news/479332.shtmlhttp://www.secuobs.com/revue/news/479332.shtml Secuobs.com : 2013-11-05 14:54:29 - Schneier on Security - This is interesting reading, but I'm left wanting more What are the lessons here How can we do this better next time Clearly we won't be able to anticipate bombings even Israel can't do that We have to get better at responding Several years after 9 11, I conducted training with a military bomb unit charged with guarding Washington, DC Our http://www.secuobs.com/revue/news/479092.shtmlhttp://www.secuobs.com/revue/news/479092.shtml Secuobs.com : 2013-11-04 20:57:22 - Schneier on Security - This New York Times story on the NSA is very good, and contains lots of little tidbits of new information gleaned from the Snowden documents The agency s Dishfire database -- nothing happens without a code word at the NSA -- stores years of text messages from around the world, just in case Its Tracfin collection accumulates gigabytes of credit card http://www.secuobs.com/revue/news/478972.shtmlhttp://www.secuobs.com/revue/news/478972.shtml Secuobs.com : 2013-11-01 23:42:39 - Schneier on Security - Make your own 8-foot giant squid pillow As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/478565.shtmlhttp://www.secuobs.com/revue/news/478565.shtml Secuobs.com : 2013-11-01 20:42:51 - Schneier on Security - In Spring Semester, I'm running a reading group -- which seems to be a formal variant of a study group -- at Harvard Law School on Security, Power, and the Internet I would like a good mix of people, so non law students and non Harvard students are both welcome to sign up http://www.secuobs.com/revue/news/478488.shtmlhttp://www.secuobs.com/revue/news/478488.shtml Secuobs.com : 2013-11-01 20:42:51 - Schneier on Security - This is from 2006 -- I blogged it here -- but it's even more true today Under a top secret program initiated by the Bush Administration after the Sept 11 attacks, the name of agency FBI, CIA, NSA, etc have been gathering a vast database of type of records involving United States citizens This program is a vital tool in http://www.secuobs.com/revue/news/478487.shtmlhttp://www.secuobs.com/revue/news/478487.shtml Secuobs.com : 2013-11-01 13:21:12 - Schneier on Security - This article talks about applications in retail, but the possibilities are endless Every smartphone these days comes equipped with a WiFi card When the card is on and looking for networks to join, it's detectable by local routers In your home, the router connects to your device, and then voila you have the Internet on your phone But in http://www.secuobs.com/revue/news/478403.shtmlhttp://www.secuobs.com/revue/news/478403.shtml Secuobs.com : 2013-10-31 17:15:25 - Schneier on Security - The Washington Post reported that the NSA is eavesdropping on the Google and Yahoo private networks -- the code name for the program is MUSCULAR I may write more about this later, but I have some initial comments It's a measure of how far off the rails the NSA has gone that it's taking its Cold War era eavesdropping tactics -- http://www.secuobs.com/revue/news/478235.shtmlhttp://www.secuobs.com/revue/news/478235.shtml Secuobs.com : 2013-10-30 13:32:09 - Schneier on Security - We're in the middle of an epic battle for power in cyberspace On one side are the traditional, organized, institutional powers such as governments and large multinational corporations On the other are the distributed and nimble grassroots movements, dissident groups, hackers, and criminals Initially, the Internet empowered the second side It gave them a place to coordinate and communicate efficiently, http://www.secuobs.com/revue/news/477980.shtmlhttp://www.secuobs.com/revue/news/477980.shtml Secuobs.com : 2013-10-29 20:13:44 - Schneier on Security - Good summary from the London Review of Books http://www.secuobs.com/revue/news/477853.shtmlhttp://www.secuobs.com/revue/news/477853.shtml Secuobs.com : 2013-10-29 12:47:48 - Schneier on Security - Jack Goldsmith argues that we need the NSA to surveil the Internet not for terrorism reasons, but for cyberespionage and cybercrime reasons Daniel Gallington argues -- the headline has nothing to do with the content -- that the balance between surveillance and privacy is about right http://www.secuobs.com/revue/news/477748.shtmlhttp://www.secuobs.com/revue/news/477748.shtml Secuobs.com : 2013-10-28 13:03:00 - Schneier on Security - The primary difficulty of cyber security isn't technology -- it's policy The Internet mirrors real-world society, which makes security policy online as complicated as it is in the real world Protecting critical infrastructure against cyber-attack is just one of cyberspace's many security challenges, so it's important to understand them all before any one of them can be solved The list http://www.secuobs.com/revue/news/477481.shtmlhttp://www.secuobs.com/revue/news/477481.shtml Secuobs.com : 2013-10-27 01:25:48 - Schneier on Security - Here's a demonstration of the US government's capabilities to monitor the public Internet Former CIA and NSA Director Michael Hayden was on the Acela train between New York and Washington DC, taking press interviews on the phone Someone nearby overheard the conversation, and started tweeting about it Within 15 or so minutes, someone somewhere noticed the tweets, and informed someone http://www.secuobs.com/revue/news/477333.shtmlhttp://www.secuobs.com/revue/news/477333.shtml Secuobs.com : 2013-10-26 04:46:07 - Schneier on Security - Female squid exhibit sexually dimorphic tunable leucophores and iridocytes Just so you know Here's the story in more accessible language As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/477242.shtmlhttp://www.secuobs.com/revue/news/477242.shtml Secuobs.com : 2013-10-25 17:39:49 - Schneier on Security - Thomas Rid, Cyber War Will Not Take Place, Oxford University Press, 2013 Cyber war is possibly the most dangerous buzzword of the Internet era The fear-inducing rhetoric surrounding it is being used to justify major changes in the way the Internet is organized, governed, and constructed And in Cyber War Will Not Take Place, Thomas Rid convincingly argues that cyber http://www.secuobs.com/revue/news/477113.shtmlhttp://www.secuobs.com/revue/news/477113.shtml Secuobs.com : 2013-10-25 14:31:21 - Schneier on Security - Interesting paper Max Abrahms, The Credibility Paradox Violence as a Double-Edged Sword in International Politics, International Studies Quarterly, 2013 Abstract Implicit in the rationalist literature on bargaining over the last half-century is the political utility of violence Given our anarchical international system populated with egoistic actors, violence is thought to promote concessions by lending credibility to their threats From the http://www.secuobs.com/revue/news/477065.shtmlhttp://www.secuobs.com/revue/news/477065.shtml Secuobs.com : 2013-10-24 16:25:03 - Schneier on Security - DARPA is looking for a fully-automated network defense system What if computers had a check engine light that could indicate new, novel security problems What if computers could go one step further and heal security problems before they happen To find out, the Defense Advanced Research Projects Agency DARPA intends to hold the Cyber Grand Challenge CGC -- the first-ever http://www.secuobs.com/revue/news/476811.shtmlhttp://www.secuobs.com/revue/news/476811.shtml Secuobs.com : 2013-10-23 17:48:01 - Schneier on Security - This is from a Snowden document released by Le Monde General Term Descriptions HIGHLANDS Collection from Implants VAGRANT Collection of Computer Screens MAGNETIC Sensor Collection of Magnetic Emanations MINERALIZE Collection from LAN Implant OCEAN Optical Collection System for Raster-Based Computer Screens LIFESAFER Imaging of the Hard Drive GENIE Multi-stage operation jumping the airgap etc BLACKHEART Collection from an FBI Implant http://www.secuobs.com/revue/news/476559.shtmlhttp://www.secuobs.com/revue/news/476559.shtml Secuobs.com : 2013-10-23 13:25:14 - Schneier on Security - The news story about the guy who left dry ice bombs in restricted areas of LAX is really weird I can't get worked up over it, though Dry ice bombs are a harmless prank I set off a bunch of them when I was in college, although I used liquid nitrogen, because I was impatient -- and they're harmless I http://www.secuobs.com/revue/news/476494.shtmlhttp://www.secuobs.com/revue/news/476494.shtml Secuobs.com : 2013-10-22 19:15:33 - Schneier on Security - SlashDot asks the question I'm a big fan of Bruce Schneier, but just to play devil's advocate, let's say, hypothetically, that Schneier is actually in cahoots with the NSA Who better to reinstate public trust in weakened cryptosystems As an exercise in security that Schneier himself may find interesting, what methods are available for proving or at least affirming that http://www.secuobs.com/revue/news/476338.shtmlhttp://www.secuobs.com/revue/news/476338.shtml Secuobs.com : 2013-10-22 13:54:37 - Schneier on Security - We already know the NSA wants to eavesdrop on the Internet It has secret agreements with telcos to get direct access to bulk Internet traffic It has massive systems like TUMULT, TURMOIL, and TURBULENCE to sift through it all And it can identify ciphertext -- encrypted information -- and figure out which programs could have created it But what the http://www.secuobs.com/revue/news/476264.shtmlhttp://www.secuobs.com/revue/news/476264.shtml Secuobs.com : 2013-10-21 14:19:16 - Schneier on Security - Historically, surveillance was difficult and expensive Over the decades, as technology advanced, surveillance became easier and easier Today, we find ourselves in a world of ubiquitous surveillance, where everything is collected, saved, searched, correlated and analyzed But while technology allowed for an increase in both corporate and government surveillance, the private and public sectors took very different paths to get http://www.secuobs.com/revue/news/476019.shtmlhttp://www.secuobs.com/revue/news/476019.shtml Secuobs.com : 2013-10-19 00:17:18 - Schneier on Security - Even I think this is weird http://www.secuobs.com/revue/news/475722.shtmlhttp://www.secuobs.com/revue/news/475722.shtml Secuobs.com : 2013-10-18 20:05:17 - Schneier on Security - Several versions of D-Link router firmware contain a backdoor Just set the browser's user agent string to xmlset_roodkcableoj28840ybtide, and you're in Hint, remove the number and read it backwards It was probably put there for debugging purposes, but has all sorts of applications for surveillance Good article on the subject http://www.secuobs.com/revue/news/475689.shtmlhttp://www.secuobs.com/revue/news/475689.shtml Secuobs.com : 2013-10-18 13:46:37 - Schneier on Security - There seems to be a bunch of research into uniquely identifying cell phones through unique analog characteristics of the various embedded sensors These sorts of things could replace cookies as surveillance tools Slashdot and MetaFilter threads http://www.secuobs.com/revue/news/475609.shtmlhttp://www.secuobs.com/revue/news/475609.shtml Secuobs.com : 2013-10-17 20:15:03 - Schneier on Security - Ed Felten makes a strong argument that a court order is exactly the same thing as an insider attack To see why, consider two companies, which we'll call Lavabit and Guavabit At Lavabit, an employee, on receiving a court order, copies user data and gives it to an outside party -- in this case, the government Meanwhile, over at Guavabit, http://www.secuobs.com/revue/news/475444.shtmlhttp://www.secuobs.com/revue/news/475444.shtml Secuobs.com : 2013-10-17 14:57:54 - Schneier on Security - SecureDrop is an open-source whistleblower support system, originally written by Aaron Swartz and now run by the Freedom of the Press Foundation The first instance of this system was named StrongBox and is being run by the New Yorker To further add to the naming confusion, Aaron Swartz called the system DeadDrop when he wrote the code I participated in http://www.secuobs.com/revue/news/475375.shtmlhttp://www.secuobs.com/revue/news/475375.shtml Secuobs.com : 2013-10-16 15:27:10 - Schneier on Security - The new iPhone has a motion sensor chip, and that opens up new opportunities for surveillance The M7 coprocessors introduce functionality that some may instinctively identify as creepy Even Apple s own description hints at eerie omniscience M7 knows when you re walking, running, or even driving While it s quietly implemented within iOS, it s not secret for third party apps which require http://www.secuobs.com/revue/news/474975.shtmlhttp://www.secuobs.com/revue/news/474975.shtml Secuobs.com : 2013-10-15 21:24:08 - Schneier on Security - A new Snowden document shows that the NSA is harvesting contact lists -- e-mail address books, IM buddy lists, etc -- from Google, Yahoo, Microsoft, Facebook, and others Unlike PRISM, this unnamed program collects the data from the Internet This is similar to how the NSA identifies Tor users They get direct access to the Internet backbone, either through http://www.secuobs.com/revue/news/474807.shtmlhttp://www.secuobs.com/revue/news/474807.shtml Secuobs.com : 2013-10-15 20:27:47 - Schneier on Security - It's hard not to poke fun at this press release for Safeslinger, a new cell phone security app from Carnegie Mellon SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be, said Michael W Farb, a research programmer at Carnegie Mellon CyLab The most important feature is http://www.secuobs.com/revue/news/474794.shtmlhttp://www.secuobs.com/revue/news/474794.shtml Secuobs.com : 2013-10-15 14:19:22 - Schneier on Security - New paper Physical-Layer Cryptography Through Massive MIMO Abstract We propose the new technique of physical-layer cryptography based on using a massive MIMO channel as a key between the sender and desired receiver, which need not be secret The goal is for low-complexity encoding and decoding by the desired transmitter-receiver pair, whereas decoding by an eavesdropper is hard in terms of http://www.secuobs.com/revue/news/474690.shtmlhttp://www.secuobs.com/revue/news/474690.shtml Secuobs.com : 2013-10-14 20:27:03 - Schneier on Security - New paper Security Analysis of Pseudo-Random Number Generators with Input dev random is not Robust, by Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault, Damien Vergnaud, and Daniel Wichs Abstract A pseudo-random number generator PRNG is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform A formal security model for PRNGs with input was proposed in 2005 by Barak and http://www.secuobs.com/revue/news/474540.shtmlhttp://www.secuobs.com/revue/news/474540.shtml Secuobs.com : 2013-10-14 14:26:22 - Schneier on Security - In one of the documents recently released by the NSA as a result of an EFF lawsuit, there's discussion of a specific capability of a call records database to identify disposable burner phones Let s consider, then, the very specific data this query tool was designed to return The times and dates of the first and last call events, but apparently http://www.secuobs.com/revue/news/474471.shtmlhttp://www.secuobs.com/revue/news/474471.shtml Secuobs.com : 2013-10-11 23:44:09 - Schneier on Security - A 30-foot-long giant squid has washed ashore in Cantabria, Spain It died at sea, with a broken tentacle As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered http://www.secuobs.com/revue/news/474172.shtmlhttp://www.secuobs.com/revue/news/474172.shtml Secuobs.com : 2013-10-11 22:43:46 - Schneier on Security - It's a Tumblr feed Right now there are only six posts, all a year old Presumably that will change soon To clarify I have nothing to do with the feed, and anyone can post stuff to it http://www.secuobs.com/revue/news/474167.shtmlhttp://www.secuobs.com/revue/news/474167.shtml Secuobs.com : 2013-10-11 20:38:24 - Schneier on Security - Azerbaijan achieves a new low in voter fraud They government accidentally publishes the results of the election before the polls open The mistake came when an electoral commission accidentally published results showing a victory for Ilham Aliyev, the country s long-standing President, a day before voting Meydan TV, an online channel critical of the government, released a screenshot from a mobile http://www.secuobs.com/revue/news/474155.shtmlhttp://www.secuobs.com/revue/news/474155.shtml Secuobs.com : 2013-10-11 14:22:33 - Schneier on Security - Since I started working with Snowden's documents, I have been using a number of tools to try to stay secure from the NSA The advice I shared included using Tor, preferring certain cryptography over others, and using public-domain encryption wherever possible I also recommended using an air gap, which physically isolates a computer or local network of computers from the http://www.secuobs.com/revue/news/474048.shtmlhttp://www.secuobs.com/revue/news/474048.shtml Secuobs.com : 2013-10-10 19:37:28 - Schneier on Security - Neat http://www.secuobs.com/revue/news/473884.shtmlhttp://www.secuobs.com/revue/news/473884.shtml