Bruce Schneier – Page 52 – WindowsTechs.com

Roger Grimes on Prioritizing Cybersecurity Advice

Posted on October 31, 2024 by Bruce Schneier

Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations. They are all great recommendations, which if followed, will reduce risk in your environment.

What they do not tell you is which of the recommended things will have the most impact on best reducing risk in your environment. They do not tell you that one, two or three of these things…among the hundreds that have been given to you, will reduce more risk than all the others…

Continue reading Roger Grimes on Prioritizing Cybersecurity Advice→

Tracking World Leaders Using Strava

Posted on October 31, 2024 by Bruce Schneier

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places w… Continue reading Tracking World Leaders Using Strava→

Simson Garfinkel on Spooky Cryptographic Action at a Distance

Posted on October 30, 2024 by Bruce Schneier

Excellent read. One example:

Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math.

When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine. Typically, I create the public and private keypair on my laptop and upload the public key to Amazon, which bakes my public key into the server’s administrator account. My laptop and that remove server are thus entangled, in that the only way to log into the server is using the key on my laptop. And because that administrator account can do anything to that server—read the sensitivity data, hack the web server to install malware on people who visit its web pages, or anything else I might care to do—the private key on my laptop represents a security risk for that server…

Continue reading Simson Garfinkel on Spooky Cryptographic Action at a Distance→

Law Enforcement Deanonymizes Tor Users

Posted on October 29, 2024 by Bruce Schneier

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay.
Tor has written about this.
Hacker News thread.
Continue reading Law Enforcement Deanonymizes Tor Users→

Criminals Are Blowing up ATMs in Germany

Posted on October 28, 2024 by Bruce Schneier

It’s low tech, but effective.
Why Germany? It has more ATMs than other European countries, and—if I read the article right—they have more money in them.
Continue reading Criminals Are Blowing up ATMs in Germany→

Friday Squid Blogging: Giant Squid Found on Spanish Beach

Posted on October 25, 2024 by Bruce Schneier

A giant squid has washed up on a beach in Northern Spain.
Blog moderation policy.
Continue reading Friday Squid Blogging: Giant Squid Found on Spanish Beach→

Watermark for LLM-Generated Text

Posted on October 25, 2024 by Bruce Schneier

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this … Continue reading Watermark for LLM-Generated Text→

Are Automatic License Plate Scanners Constitutional?

Posted on October 23, 2024 by Bruce Schneier

An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers.

“The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program,” the lawsuit notes. “In Norfolk, no one can escape the government’s 172 unblinking eyes,” it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk’s installation violates that.”…

Continue reading Are Automatic License Plate Scanners Constitutional?→

No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

Posted on October 22, 2024 by Bruce Schneier

The headline is pretty scary: “China’s Quantum Computer Scientists Crack Military-Grade Encryption.”
No, it’s not true.
This debunking saved me the trouble of writing one. It all seems to have come from this news article, which … Continue reading No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer→

Friday Squid Blogging: Squid Scarf

Posted on October 18, 2024 by Bruce Schneier

Cute squid scarf.
Blog moderation policy.
Continue reading Friday Squid Blogging: Squid Scarf→