#Microsoft Signing Key Stolen by #Chinese - #Schneier on #Security

Actually, two things went badly wrong here. The first is that #Azure accepted an expired signing key, implying a #vulnerability in whatever is supposed to check key validity. The second is that this key was supposed to remain in the the system’s #HardwareSecurityModule —and not be in software
#privacy #China #signingkey

https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html

#Schneier on Security
Operation #Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click #iOS exploit in the wild:

Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,”

https://www.schneier.com/blog/archives/2023/06/operation-triangulation-zero-click-iphone-malware.html

Ladies and gentlemen (and everybody else!): From the writer of "Liars and Outliars" and "A Hacker's mind", here comes a new though-provoking idea by the great Sir Bruce Schneier. Read it.
#schneier #security #bruceschneider #democracy.
https://www.schneier.com/news/archives/2023/05/bruce-schneiers-plan-to-reinvent-democracy.html

I discovered this in one of @nethope 's toots and I think more people should know it exists:

https://www.schneierfacts.com/

#security #cyber #schneier

Bruce #Schneier at EPFL Lausanne:
How to reclaim power in the digital world? Conversation with Bruce Schneier
Thursday, March 16, 2023

Info, registration:
https://memento.epfl.ch/event/how-to-reclaim-power-in-the-digital-world-conversa/

#bruceschneier #security #privacy #epfl

Bruce #Schneier at EPFL Lausanne:
How to reclaim power in the digital world? Conversation with Bruce Schneier
Thursday, March 16, 2023

Info, registration:
https://memento.epfl.ch/event/how-to-reclaim-power-in-the-digital-world-conversa/

#bruceschneier #security #privacy #epfl

#20yrsago #Google notes from #SXSW https://cruftbox.com/blog/archives/000592.html#000592

#15yrsago Rules against questioning security make us less secure https://www.theguardian.com/technology/2008/mar/11/politics.hitechcrime

#15yrsago Presidential candidates as #MonsterManual monsters https://www.antipope.org/charlie/blog-static/2008/03/politics_as_she_is_played.html

#15yrsago Canada’s #DMCA: unnecessary, ill-starred and doomed https://web.archive.org/web/20080313025527/http://www.charlieangus.net/newsitem.php?id=301

#15yrsago #Schneier: transparency is not security https://www.wired.com/2008/03/securitymatters-0306/

5/

#Schneier on the disaster that banning #TikTok in the #US would bring.

https://www.schneier.com/blog/archives/2023/02/banning-tiktok.html

TIL:
Microsoft hat ein Feature namens Office 365 Message Encryption (OME). Nachrichten werden mit #AES verschlüsselt. Klingt ja gut, ABER es wird #ECB als Modus verwendet. Etwas, wovon Bruce #Schneier 1996 im Buch "Applied Cryptography" schon deutlich abrät. Warum nutzt man das in diesem Jahrtausend und warum fixt man das nicht, nachdem es gefunden wurde?

https://www.theregister.com/2022/10/14/microsoft_office_365_message_encryption/

The latest Bruce #Schneier list, security expert:
https://www.schneier.com/crypto-gram/archives/2023/0115.html

@worldethicaldataforum @iaintshootinmis Since this is about data ethics, #Schneier should be happy to clarify his moderation conduct.

@iaintshootinmis @worldethicaldataforum If you make it into that forum, plz ask #Schneier a question for me… ask why he censored a post about DuckDuckGo: https://infosec.exchange/@bojkotiMalbona/106047121046999119

@filippo Additional blog entry from Bruce #Schneier with different further links.

https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html

@ademalsasa @simondassow @ademalsasa I wouldn’t suggest pwsafe because it became an interoperability mess. #Schneier abandoned it and the #Debian pkg for pwsafe died. Then a couple other projects used the same name & created incompatible versions. IIRC, one pkg named pwsafe was entirely incompatible & another was partially compatible. I started use the partially compatible one & it caused corruption to the old db.

"First of all, security does not come for free. If you want security, you'll have to pay the price. If you can't afford it, then you won't get good security"
#schneier #nielsferguson #cryptography

I often think of this in terms of operations research. It's fundamental in that field that constraints added to a system reduce the output of the system. Security is a constraint.

What's less obvious is the second order effect. Increased security increases confidence in a system, which can increase throughput through a psychological effect.

#cryptography #schneier My Christmas reading, courtesy of my nephew.
Thanks Thomas

Funny blog post from Bruce #Schneier about a #captcha he encountered. Love his "Magritte-like existential question".
https://www.schneier.com/blog/archives/2022/12/captcha.html

If you are interested at all in security matters (not just computer security) Schneier's blog is worth following (www.schneier.com)

in the mean time in old good and decentralized and open USENET people conversations like when the internet was all about sharing and learning. <3 #schneier #quantun #computers #hacking

#CryptoGram: November 15, 2022 - #Schneier on Security https://www.schneier.com/crypto-gram/archives/2022/1115.html

That's a bit unsettling 😲
https://www.schneier.com/blog/archives/2022/11/an-untrustworthy-tls-certificate-in-browsers.html
#infosec #schneier