Bruce Schneier – Page 50 – WindowsTechs.com

Friday Squid Blogging: Transcriptome Analysis of the Indian Squid

Posted on November 22, 2024 by Bruce Schneier

Lots of details that are beyond me.
Blog moderation policy.
Continue reading Friday Squid Blogging: Transcriptome Analysis of the Indian Squid→

The Scale of Geoblocking by Nation

Posted on November 22, 2024 by Bruce Schneier

Interesting analysis:

We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity about sanctions compliance are concrete steps the U.S. can take to ensure it does not undermine its own aims.

The paper: “…

Continue reading The Scale of Geoblocking by Nation→

Secret Service Tracking People’s Locations without Warrant

Posted on November 21, 2024 by Bruce Schneier

This feels important:
The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn&#821… Continue reading Secret Service Tracking People’s Locations without Warrant→

Steve Bellovin’s Retirement Talk

Posted on November 20, 2024 by Bruce Schneier

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.
Continue reading Steve Bellovin’s Retirement Talk→

Why Italy Sells So Much Spyware

Posted on November 19, 2024 by Bruce Schneier

Interesting analysis:

Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document, as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.

As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a …

Continue reading Why Italy Sells So Much Spyware→

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Posted on November 18, 2024 by Bruce Schneier

Zero-day vulnerabilities are more commonly used, according to the Five Eyes:

Key Findings

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.

Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities…

Continue reading Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days→

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Posted on November 15, 2024 by Bruce Schneier

Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack.
An earlier related post.
Blog moderation policy.
Continue reading Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs→

Good Essay on the History of Bad Password Policies

Posted on November 15, 2024 by Bruce Schneier

Stuart Schechter makes some good points on the history of bad password policies:

Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistakes that would impede future progress in improving passwords for decades.

First, was Morris and Thompson’s confidence that their solution, a password policy, would fix the underlying problem of weak passwords. They incorrectly assumed that if they prevented the specific categories of weakness that they had noted, that the result would be something strong. After implementing a requirement that password have multiple characters sets or more total characters, they wrote:…

Continue reading Good Essay on the History of Bad Password Policies→

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Posted on November 14, 2024 by Bruce Schneier

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.
This is a really good se… Continue reading New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones→

Mapping License Plate Scanners in the US

Posted on November 13, 2024 by Bruce Schneier

DeFlock is a crowd-sourced project to map license plate scanners.
It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.
The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.
Continue reading Mapping License Plate Scanners in the US→