Schneier on Security

JULY 24, 2019

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. After all, we are not talking about protecting the Nation's nuclear launch codes.

Encryption 279

Encryption Telecommunications Risk Government 279

Schneier on Security

AUGUST 14, 2019

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. After all, we are not talking about protecting the Nation's nuclear launch codes.

Encryption 273

Encryption Telecommunications Risk Government 273

The Last Watchdog

OCTOBER 18, 2023

The ubiquity of smart surveillance systems has contributed greatly to public safety. Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. Attribute-based encryption can be utilized to do a number of things,” Wu noted. Here are my takeaways.

Encryption 264

Encryption Surveillance Internet Internet 264

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. ” reads the report published by Amnesty.

Spyware 105

Spyware Surveillance Technology Mobile 105

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance 362

Surveillance Encryption Wireless Government 362

Schneier on Security

SEPTEMBER 24, 2019

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams.

Hacking 260

Hacking Surveillance Encryption Internet 260

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance 145

Surveillance Mobile Spyware Malware 145

Schneier on Security

AUGUST 10, 2021

It opens the door for all sorts of other surveillance, since now that the system is build it can be used for all sorts of other messages. And it breaks end-to-end encryption, despite Apple’s denials : Does this break end-to-end encryption in Messages? Notice Apple changing the definition of “end-to-end encryption.”

Surveillance 363

Surveillance Encryption Accountability 363

Schneier on Security

JUNE 21, 2022

Both bills have provisions that could be used to break end-to-end encryption. It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud (which Apple does not currently offer). That is, end-to-end encryption products. There is a significant problem, though.

Internet 337

Internet Internet Encryption Backups 337

Schneier on Security

MAY 20, 2020

Bart Gellman's long-awaited (at least by me) book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State , will finally be published in a couple of weeks. It's an interesting read, mostly about the government surveillance of him and other journalists. There is an adapted excerpt in the Atlantic.

Surveillance 270

Surveillance Encryption Government Media 270

Security Affairs

DECEMBER 1, 2021

Which are the most secure encrypted messaging apps? The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. An FBI document shows what data can be obtained from them. Pierluigi Paganini.

Encryption 145

Encryption Surveillance Hacking Information Security 145

Schneier on Security

JUNE 23, 2021

Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device — including passwords, search queries and messages sent via encrypted messaging apps — can be tracked and monitored.

Manufacturing 296

Manufacturing Spyware Surveillance Marketing 296

SecureWorld News

NOVEMBER 21, 2023

In a groundbreaking investigative report, the European Investigative Collaborations (EIC) media network, with technical assistance from Amnesty International's Security Lab, has exposed the shocking extent of the global surveillance crisis and the glaring inadequacies of EU regulation in curbing it. Chairman, Cedric Leighton Associates, LLC.

Surveillance 123

Surveillance Spyware Media Technology 123

Schneier on Security

MARCH 31, 2024

I know I was at the Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. He fought against surveillance and back doors, and for academic freedom. He was the first person to understand that security problems are often actually economic problems.

Surveillance 348

Surveillance Engineering Encryption Government 348

Schneier on Security

OCTOBER 23, 2023

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution.

Encryption 329

Encryption Government Surveillance 329

Schneier on Security

FEBRUARY 22, 2022

He also leaves out the NSA — whose effectiveness rests on all of these global insecurities — and the FBI, whose incessant push for encryption backdoors goes against his vision of increased cybersecurity. Or the surveillance capitalists, for that matter. I’m not sure how he’s going to get them on board.

Cybersecurity 341

Cybersecurity Surveillance Marketing Encryption 341

Security Affairs

MARCH 21, 2025

Russian intelligence agencies could use these exploits for surveillance and espionage purposes. Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage. Gaining access without cooperation from Telegram itself could be highly valuable.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

MARCH 13, 2025

North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. The configuration request, sent as an encrypted JSON, controls parameters like C2 ping frequency, plugin URLs, and victim messages.

Spyware 78

Spyware Surveillance Encryption Malware 78

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Transferring files electronically is what encryption is for.

Surveillance 351

Surveillance Computers and Electronics Government Encryption 351

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption 130

Encryption Government Artificial Intelligence Surveillance 130

Schneier on Security

AUGUST 12, 2019

The first concern was over high numbers: in both 2016 and 2017, the Foreign Intelligence Surveillance Court issued 40 orders for collection, but the NSA collected hundreds of millions of CDRs, and the agency provided little clarification for the high numbers. For a time, the new program seemed to be functioning well.

Surveillance 251

Surveillance Architecture Encryption Technology 251

Zero Day

MARCH 15, 2021

The executive says the indictment highlights the “vilification” of anyone “who takes a stance against unwarranted surveillance.”

Surveillance 140

Surveillance Encryption 140

Schneier on Security

JULY 29, 2019

Each of these images fails to convey anything about either the importance or the complexity of the topic­ -- or the huge stakes for governments, industry and ordinary people alike inherent in topics like encryption, surveillance and cyber conflict. I agree that this is a problem. It's not something I noticed until recently.

Cybersecurity 239

Cybersecurity Surveillance Encryption Government 239

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance 129

Surveillance IoT Accountability Passwords 129

Schneier on Security

MAY 23, 2024

Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users. And the incentives of surveillance capitalism are just too much to resist. I wrote about this AI trust problem last year: One of the promises of generative AI is a personal digital assistant.

Surveillance 315

Surveillance Marketing Engineering Encryption 315

Webroot

NOVEMBER 21, 2024

The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. Split tunneling: Allows you to choose which internet traffic goes through the VPN (with encryption) and which goes directly to the internet. How do VPNs work?

VPN 110

VPN Antivirus Internet Internet 110

Malwarebytes

MARCH 12, 2023

In fact, WhatsApp would rather cease serving UK users, which make up 2% of its global market, than weaken its end-to-end encryption (E2EE). At the moment, organizations cannot scan end-to-end encrypted messages. This also precedes state-mandated surveillance on a mass scale, with privacy and security risks affecting entire societies.

Encryption 97

Encryption Surveillance Marketing Internet 97

Tech Republic Security

FEBRUARY 7, 2025

As reported by The Washington Post, Apple received notice of a possible request in March 2024, but the official ask occurred in January 2025.

Encryption 170

Encryption Government Surveillance Cybersecurity 170

Schneier on Security

SEPTEMBER 13, 2018

It is too dangerous to mandate encryption backdoors, but targeted hacking of endpoints could ensure investigators access to same or similar necessary data with less risk. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking.

Government 213

Government Hacking Risk Surveillance 213

Adam Levin

MAY 15, 2019

The vulnerability, discovered earlier this month, allowed third parties to see and intercept encrypted communications. The spyware deployed has been traced back to NSO Group, an Israeli cyber company alleged to have enabled Middle East governments to surveil its citizens.

Spyware 200

Spyware Mobile Surveillance Government 200

Schneier on Security

MARCH 13, 2019

And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. On the other hand, WhatsApp -- purchased by Facebook in 2014 -- provides users with end-to-end encrypted messaging. Better data security so Facebook sees less. How Facebook manages for privacy.

Advertising 250

Advertising Surveillance Engineering Encryption 250

SecureWorld News

APRIL 24, 2023

As the frequency of data breaches surges, it becomes increasingly imperative to guarantee the security and adequate encryption of passwords. In this article, I will provide an overview of password encryption, explaining its essence and modus operandi. What is password encryption? Why is password encryption necessary?

Encryption 97

Encryption Passwords Software Password Management 97

SecureList

JUNE 16, 2021

These formats suggest that the threat actor is interested in Office documents, encryption keys, password manager files and image files.The upload is performed by using the same POST request as the one used by the ‘uploadsf’ command. argument: path to file to upload. – List files and repositories.

Surveillance 145

Surveillance Malware Password Management Passwords 145

Security Affairs

SEPTEMBER 9, 2018

CheckPoint uncovered an extensive surveillance operation conducted by Iranian APT actor and tracked as Domestic Kitten aimed at specific groups of individuals. ” This means that the Domestic Kitten surveillance operation had collateral victims whose details were leaked from contact lists or conversations with the targets.

Surveillance 79

Surveillance Mobile Advertising Spyware 79

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. He declined to comment on the particulars of the extortion incident.

Hacking 358

Hacking Ransomware Banking Accountability 358

WIRED Threat Level

FEBRUARY 15, 2025

Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

Surveillance 112

Surveillance Encryption Hacking 112

Schneier on Security

OCTOBER 27, 2023

The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. However, jabber.ru Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service.

Encryption 317

Encryption Surveillance 317