🦜 Schneier on Security
@www.schneier.com@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline!
Brought to you by the RSS Parrot.
---
Your feed and you don't want it here? Just
e-mail the birb.
Remotely Exploding Pagers
https://www.schneier.com/blog/archives/2024/09/remotely-exploding-pagers.html
Published: September 17, 2024 15:54
Wow.
It seems they all exploded simultaneously, which means they were triggered.
Were they each tampered with physically, or did someone figure out how to trigger a thermal runaway remotely? Malicious code update, or natural vulnerability?
I have no idea,…
Python Developers Targeted with Malware During Fake Job Interviews
https://www.schneier.com/blog/archives/2024/09/python-developers-targeted-with-malware-during-fake-job-interviews.html
Published: September 17, 2024 11:02
Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article
These particular attacks from North Korean state-funded hacking team Lazarus Group are…
Legacy Ivanti Cloud Service Appliance Being Exploited
https://www.schneier.com/blog/archives/2024/09/legacy-ivanti-cloud-service-appliance-being-exploited.html
Published: September 16, 2024 14:49
CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported.
Welcome to the security nightmare that is the Internet of Things.
Upcoming Speaking Engagements
https://www.schneier.com/blog/archives/2024/09/upcoming-speaking-engagements-40.html
Published: September 14, 2024 16:01
This is a current list of where and when I am scheduled to speak:
I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th.
I’m briefly speaking at the EPIC…
Friday Squid Blogging: Squid as a Legislative Negotiating Tactic
https://www.schneier.com/blog/archives/2024/09/friday-squid-blogging-squid-as-a-legislative-negotiating-tactic.html
Published: September 13, 2024 21:00
This is an odd story of serving squid during legislative negotiations in the Philippines.
My TedXBillings Talk
https://www.schneier.com/blog/archives/2024/09/my-tedxbillings-talk.html
Published: September 13, 2024 18:02
Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is <a href="https://www.youtube.com/watch?v=uqC4nb7fLpY”>live.
Please share. I’m hoping for more than 200 views….
Microsoft Is Adding New Cryptography Algorithms
https://www.schneier.com/blog/archives/2024/09/microsoft-is-adding-new-cryptography-algorithms.html
Published: September 12, 2024 15:42
Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsoft’s details are here. From a news article:
The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber,…
Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
https://www.schneier.com/blog/archives/2024/09/evaluating-the-effectiveness-of-reward-modeling-of-generative-ai-systems-2.html
Published: September 11, 2024 11:03
New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of…
New Chrome Zero-Day
https://www.schneier.com/blog/archives/2024/09/new-chrome-zero-day.html
Published: September 10, 2024 11:04
According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.
Australia Threatens to Force Companies to Break Encryption
https://www.schneier.com/blog/archives/2024/09/australia-threatens-to-force-companies-to-break-encryption.html
Published: September 9, 2024 11:03
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption.
The Assistance and Access Act includes key components that outline investigatory powers…
Live Video of Promachoteuthis Squid
https://www.schneier.com/blog/archives/2024/09/live-video-of-promachoteuthis-squid.html
Published: September 6, 2024 21:09
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile.
Blog moderation policy.
YubiKey Side-Channel Attack
https://www.schneier.com/blog/archives/2024/09/yubikey-side-channel-attack.html
Published: September 6, 2024 15:16
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and…
Long Analysis of the M-209
https://www.schneier.com/blog/archives/2024/09/long-analysis-of-the-m-209.html
Published: September 5, 2024 11:05
Really interesting analysis of the American M-209 encryption device and its security.