securityengineering – WindowsTechs.com

IoT Security Principles

Posted on July 7, 2020 by Bruce Schneier

The BSA — also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) — is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things." They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and international policies. Establishing regularly updated… Continue reading IoT Security Principles→

Hacked by Police

Posted on July 3, 2020 by Bruce Schneier

EncroChat Hacked by Police

Posted on July 3, 2020 by Bruce Schneier

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat’s phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm’s… Continue reading EncroChat Hacked by Police→

Analyzing IoT Security Best Practices

Posted on June 25, 2020 by Bruce Schneier

Analyzing IoT Security Best Practices

Posted on June 25, 2020 by Bruce Schneier

New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. We explore not the failure… Continue reading Analyzing IoT Security Best Practices→

Zoom Will Be End-to-End Encrypted for All Users

Posted on June 17, 2020 by Bruce Schneier

Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users … Continue reading Zoom Will Be End-to-End Encrypted for All Users→

Zoom Will Be End-to-End Encrypted for All Users

Posted on June 17, 2020 by Bruce Schneier

Zoom is doing the right thing: it’s making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) …we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as… Continue reading Zoom Will Be End-to-End Encrypted for All Users→

Availability Attacks against Neural Networks

Posted on June 10, 2020 by Bruce Schneier

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN applications, from image recognition to natural language processing (NLP). Adversaries might use these… Continue reading Availability Attacks against Neural Networks→

"Sign in with Apple" Vulnerability

Posted on June 2, 2020 by Bruce Schneier

Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD (6/2): Another story…. Continue reading "Sign in with Apple" Vulnerability→

Facebook Announces Messenger Security Features that Don’t Compromise Privacy

Posted on May 29, 2020 by Bruce Schneier

Note that this is "announced," so we don’t know when it’s actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers,… Continue reading Facebook Announces Messenger Security Features that Don’t Compromise Privacy→