Friday Squid Blogging: Squidfall Safety

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer at Harvard’s Kennedy School and a board member of EFF. This personal website expresses the opinions of neither of those organizations. Source: https://www.schneier.com

December 7, 2019
Read More >>

Andy Ellis on Risk Assessment

Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I’ve written about this before. One quote: “The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small family groups in the East African highlands in 100,000 BC, and not to living in the New York City of…

December 6, 2019
Read More >>

Election Machine Insecurity Story

Election Machine Insecurity Story Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge’s race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across more than 100 precincts. Some machines reported zero votes for him. In a county with the ability…

December 5, 2019
Read More >>

Becoming a Tech Policy Activist

Blog > Becoming a Tech Policy Activist Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It’s a powerful call for public-interest technologists. Tags: activism, policy, public interest Posted on December 4, 2019 at 6:04 AM • 0 Comments Comments Subscribe to comments on this entry Sidebar photo of Bruce Schneier by Joe MacInnis. Source: https://www.schneier.com

December 4, 2019
Read More >>

RSA-240 Factored

RSA-240 Factored This just in: We are pleased to announce the factorization of RSA-240, from RSA’s challenge list, and the computation of a discrete logarithm of the same size (795 bits): RSA-240 = 12462036678171878406583504460810659043482037465167880575481878888328 966680118821085503603957027250874750986476843845862105486553797025393057189121 768431828636284694840530161441643046806687569941524699318570418303051254959437 1372159029236099 = 509435952285839914555051023580843714132648382024111473186660296521821206469746 700620316443478873837606252372049619334517 * 244624208838318150567813139024002896653802092578931401452041221336558477095178 155258218897735030590669041302045908071447 […] The previous records were RSA-768 (768 bits) in December 2009 [2], and a 768-bit prime discrete logarithm in June 2016 [3]. It is the first time…

December 3, 2019
Read More >>

The Story of Tiversa

The Story of Tiversa The New Yorker has published the long and interesting story of the cybersecurity firm Tiversa. Watching “60 Minutes,” Boback saw a remarkable new business angle. Here was a multibillion-dollar industry with a near-existential problem and no clear solution. He did not know it then, but, as he turned the opportunity over in his mind, he was setting in motion a sequence of events that would earn…

December 3, 2019
Read More >>

Friday Squid Blogging: Squid-Like Underwater Drone

SpaceLifeForm • November 29, 2019 5:01 PM I doubt many here did not see this coming. https[:]//www.vice.com/en_us/article/j5ywxb/rcs-rich-communications-services-text-call-interception Some of those issues include how devices receive RCS configuration files. In one instance, a server provides the configuration file for the right device by identifying them by their IP address. But because they also use that IP address, “Any app that you install on your phone, even if you give it no…

November 30, 2019
Read More >>

Manipulating Machine Learning Systems by Manipulating Training Data

Interesting research: “TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents“: Abstract:: Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training process. In particular, we focus on Trojan attacks that augment…

November 29, 2019
Read More >>

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but this is a welcome development. The DHS is seeking public feedback. Posted on November 27, 2019 at 3:34 PM • 0 Comments…

November 28, 2019
Read More >>

Friday Squid Blogging: T-Shirt

Blog > Friday Squid Blogging: T-Shirt “Squid Pro Quo” T-shirt. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Tags: humor, squid Posted on November 22, 2019 at 4:19 PM • 2 Comments Comments Subscribe to comments on this entry Sidebar photo of Bruce Schneier by Joe MacInnis. Source: https://www.schneier.com

November 23, 2019
Read More >>