Блог пользователя schneier

Attack against Florida Water Treatment Facility

12.02.2021 Шнайер Брюс , Американский криптограф
A water treatment plant in Oldsmar, Florida, was attacked last Friday. The attacker took control of one of the systems, and increased the amount of sodium hydroxide — that’s lye — by a factor of 100. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it.

Another SolarWinds Orion Hack

04.02.2021 Шнайер Брюс , Американский криптограф
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks:

Insider Attack on Home Surveillance Systems

25.01.2021 Шнайер Брюс , Американский криптограф
No one who reads this blog regularly will be surprised: A former employee of prominent home security company ADT has admitted that he hacked into the surveillance feeds of dozens of customer homes, doing so primarily to spy on naked women or to leer at unsuspecting couples while they had sex. […]

Injecting a Backdoor into SolarWinds Orion

19.01.2021 Шнайер Брюс , Американский криптограф
Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points

On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security

13.01.2021 Шнайер Брюс , Американский криптограф
Smart commentary:

Amazon Has Trucks Filled with Hard Drives and an Armed Guard

04.01.2021 Шнайер Брюс , Американский криптограф
From an interview with an Amazon Web Services security engineer: So when you use AWS, part of what you’re paying for is security. Right; it’s part of what we sell. Let’s say a prospective customer comes to AWS. They say, “I like pay-as-you-go pricing. Tell me more about that.” We say, “Okay, here’s how much you can use at peak capacity. Here are the savings we can see in your case.”

Russia’s SolarWinds Attack

28.12.2020 Шнайер Брюс , Американский криптограф
Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.

Investigating the Navalny Poisoning

23.12.2020 Шнайер Брюс , Американский криптограф
Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian FSB back in August. The details display some impressive traffic analysis.

Should There Be Limits on Persuasive Technologies?

14.12.2020 Шнайер Брюс , Американский криптограф
Persuasion is as old as our species. Both democracy and the market economy depend on it. Politicians persuade citizens to vote for them, or to support different policy positions. Businesses persuade consumers to buy their products or services. We all persuade our friends to accept our choice of restaurant, movie, and so on. It’s essential to society; we couldn’t get large groups of people to work together without it. But as with many things, technology is fundamentally changing the nature of persuasion. And society needs to adapt its rules of persuasion or suffer the consequences.

Oblivious DNS-over-HTTPS

09.12.2020 Шнайер Брюс , Американский криптограф
This new protocol, called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP.