Schneier on Security

AUGUST 3, 2021

Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said.

Manufacturing 363

Manufacturing Spyware Surveillance Encryption 363

Schneier on Security

JULY 24, 2019

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. After all, we are not talking about protecting the Nation's nuclear launch codes.

Encryption 279

Encryption Telecommunications Risk Government 279

Schneier on Security

AUGUST 14, 2019

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. After all, we are not talking about protecting the Nation's nuclear launch codes.

Encryption 268

Encryption Telecommunications Risk Government 268

The Last Watchdog

OCTOBER 18, 2023

The ubiquity of smart surveillance systems has contributed greatly to public safety. Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. Attribute-based encryption can be utilized to do a number of things,” Wu noted. Here are my takeaways.

Encryption 264

Encryption Surveillance Internet Internet 264

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. ” reads the report published by Amnesty.

Spyware 105

Spyware Surveillance Technology Mobile 105

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance 360

Surveillance Encryption Wireless Government 360

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance 145

Surveillance Mobile Spyware Malware 145

Schneier on Security

SEPTEMBER 24, 2019

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams.

Hacking 253

Hacking Surveillance Encryption Internet 253

Schneier on Security

AUGUST 10, 2021

It opens the door for all sorts of other surveillance, since now that the system is build it can be used for all sorts of other messages. And it breaks end-to-end encryption, despite Apple’s denials : Does this break end-to-end encryption in Messages? Notice Apple changing the definition of “end-to-end encryption.”

Surveillance 363

Surveillance Encryption Accountability 363

Schneier on Security

JUNE 16, 2021

This is the joint US/Australia-run encrypted messaging service that lured criminals to use it, and then spied on everything they did. You don’t even know which foreign companies the NSA has targeted for mass surveillance. Presumably all of those companies follow the laws on their home country. And it matters.

VPN 333

VPN Surveillance Encryption Risk 333

The Last Watchdog

SEPTEMBER 17, 2018

Should law enforcement and military officials have access to a digital backdoor enabling them to bypass any and all types of encryption that exist today? The disturbing thing is that in North America and Europe more and more arguments are being raised in support of creating and maintaining encryption backdoors for government use.

Encryption 157

Encryption Government Surveillance Technology 157

Schneier on Security

JUNE 21, 2022

Both bills have provisions that could be used to break end-to-end encryption. It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud (which Apple does not currently offer). That is, end-to-end encryption products. There is a significant problem, though.

Internet 334

Internet Internet Encryption Backups 334

Security Affairs

DECEMBER 1, 2021

Which are the most secure encrypted messaging apps? The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. An FBI document shows what data can be obtained from them. Pierluigi Paganini.

Encryption 145

Encryption Surveillance Hacking Information Security 145

SecureWorld News

NOVEMBER 21, 2023

In a groundbreaking investigative report, the European Investigative Collaborations (EIC) media network, with technical assistance from Amnesty International's Security Lab, has exposed the shocking extent of the global surveillance crisis and the glaring inadequacies of EU regulation in curbing it. Chairman, Cedric Leighton Associates, LLC.

Surveillance 124

Surveillance Spyware Media Technology 124

Schneier on Security

MAY 20, 2020

Bart Gellman's long-awaited (at least by me) book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State , will finally be published in a couple of weeks. It's an interesting read, mostly about the government surveillance of him and other journalists. There is an adapted excerpt in the Atlantic.

Surveillance 265

Surveillance Encryption Government Media 265

Schneier on Security

JUNE 23, 2021

Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device — including passwords, search queries and messages sent via encrypted messaging apps — can be tracked and monitored.

Manufacturing 288

Manufacturing Spyware Surveillance Marketing 288

Schneier on Security

FEBRUARY 22, 2022

He also leaves out the NSA — whose effectiveness rests on all of these global insecurities — and the FBI, whose incessant push for encryption backdoors goes against his vision of increased cybersecurity. Or the surveillance capitalists, for that matter. I’m not sure how he’s going to get them on board.

Cybersecurity 338

Cybersecurity Surveillance Marketing Encryption 338

Schneier on Security

OCTOBER 23, 2023

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution.

Encryption 323

Encryption Government Surveillance 323

Security Affairs

MARCH 21, 2025

Russian intelligence agencies could use these exploits for surveillance and espionage purposes. Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage. Gaining access without cooperation from Telegram itself could be highly valuable.

Government 144

Government Surveillance Mobile Hacking 144

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption 130

Encryption Government Artificial Intelligence Surveillance 130

SecureList

NOVEMBER 29, 2021

The victim was infected by PowerShell malware and we discovered evidence that the actor had already stolen data from the victim and had been surveilling this victim for several months. The script compares the given encrypted string with a second string to get an index of matched characters. Description. up: Upload file. seconds.

Surveillance 144

Surveillance Malware Phishing Encryption 144

Zero Day

MARCH 15, 2021

The executive says the indictment highlights the “vilification” of anyone “who takes a stance against unwarranted surveillance.”

Surveillance 140

Surveillance Encryption 140

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance 129

Surveillance IoT Accountability Passwords 129

Schneier on Security

AUGUST 12, 2019

The first concern was over high numbers: in both 2016 and 2017, the Foreign Intelligence Surveillance Court issued 40 orders for collection, but the NSA collected hundreds of millions of CDRs, and the agency provided little clarification for the high numbers. For a time, the new program seemed to be functioning well.

Surveillance 244

Surveillance Architecture Encryption Technology 244

Schneier on Security

JULY 29, 2019

Each of these images fails to convey anything about either the importance or the complexity of the topic­ -- or the huge stakes for governments, industry and ordinary people alike inherent in topics like encryption, surveillance and cyber conflict. I agree that this is a problem. It's not something I noticed until recently.

Cybersecurity 232

Cybersecurity Surveillance Encryption Government 232

Tech Republic Security

FEBRUARY 7, 2025

As reported by The Washington Post, Apple received notice of a possible request in March 2024, but the official ask occurred in January 2025.

Encryption 183

Encryption Government Surveillance Cybersecurity 183

Security Affairs

MARCH 13, 2025

North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. The configuration request, sent as an encrypted JSON, controls parameters like C2 ping frequency, plugin URLs, and victim messages.

Spyware 75

Spyware Surveillance Encryption Malware 75

Schneier on Security

MAY 23, 2024

Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users. And the incentives of surveillance capitalism are just too much to resist. I wrote about this AI trust problem last year: One of the promises of generative AI is a personal digital assistant.

Surveillance 303

Surveillance Marketing Engineering Encryption 303

Webroot

NOVEMBER 21, 2024

The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. Split tunneling: Allows you to choose which internet traffic goes through the VPN (with encryption) and which goes directly to the internet. How do VPNs work?

VPN 111

VPN Antivirus Internet Internet 111

Malwarebytes

MARCH 12, 2023

In fact, WhatsApp would rather cease serving UK users, which make up 2% of its global market, than weaken its end-to-end encryption (E2EE). At the moment, organizations cannot scan end-to-end encrypted messages. This also precedes state-mandated surveillance on a mass scale, with privacy and security risks affecting entire societies.

Encryption 97

Encryption Surveillance Marketing Internet 97

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Who controls these servers?

Surveillance 108

Surveillance Hacking Firmware Manufacturing 108

WIRED Threat Level

FEBRUARY 15, 2025

Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

Surveillance 126

Surveillance Encryption Hacking 126

Adam Levin

MAY 15, 2019

The vulnerability, discovered earlier this month, allowed third parties to see and intercept encrypted communications. The spyware deployed has been traced back to NSO Group, an Israeli cyber company alleged to have enabled Middle East governments to surveil its citizens.

Spyware 200

Spyware Mobile Surveillance Government 200

Schneier on Security

JANUARY 18, 2019

Australia, and elsewhere -- argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems susceptible to government eavesdropping. Levy and Robinson write: In a world of encrypted services, a potential solution could be to go back a few decades.

Encryption 274

Encryption Government Surveillance Hacking 274

Schneier on Security

SEPTEMBER 13, 2018

It is too dangerous to mandate encryption backdoors, but targeted hacking of endpoints could ensure investigators access to same or similar necessary data with less risk. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking.

Government 204

Government Hacking Risk Surveillance 204

Schneier on Security

MARCH 13, 2019

And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. On the other hand, WhatsApp -- purchased by Facebook in 2014 -- provides users with end-to-end encrypted messaging. Better data security so Facebook sees less. How Facebook manages for privacy.

Advertising 243

Advertising Surveillance Engineering Encryption 243

Security Boulevard

APRIL 17, 2025

Man-in-the-middle (MitM) attacks: VPN traffic is often encrypted, but still visible and interceptable. Rather than relying on a single encrypted tunnel, Dispersive splits sessions across multiple encrypted and randomized paths that are dynamically routed in real time. Download now.

Firewall 64

Firewall VPN Encryption Architecture 64