Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2020/09/22 11:36 a.m.21 views

Amazon Delivery Drivers Hacking Scheduling System

Amazon drivers -- all gig workers who dont work for the company -- are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are: The phones in trees seem to serve as master devices that dispatch routes to multiple...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 11:18 a.m.21 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 10:45 a.m.21 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/10 11:23 a.m.21 views

Smart Lock Vulnerability

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/24 11:36 a.m.21 views

Update on NIST's Post-Quantum Cryptography Program

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology NIST has winnowed the 69...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/15 2:29 p.m.21 views

NSA on Securing VPNs

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents a full and an abridged version on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/25 12:9 p.m.21 views

Analyzing IoT Security Best Practices

New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things IoT security have recently attracted considerable attention worldwide from industry and governments, while academic research...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/16 3:20 p.m.21 views

Eavesdropping on Sound Using Variations in Light Bulbs

New research is able to recover sound waves in a room by observing minute changes in the room's light bulbs. This technique works from a distance, even from a building across the street through a window. Details: In an experiment using three different telescopes with different lens diameters from...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/30 11:59 a.m.21 views

Defending Democracies Against Information Attacks

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security an...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/17 12:57 p.m.21 views

A "Department of Cybersecurity"

Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wron...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/17 11:20 a.m.21 views

Installing a Credit Card Skimmer on a POS Terminal

Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/18 2:58 p.m.21 views

IoT Cybersecurity: What's Plan B?

In August, four US Senators introduced a bill designed to improve Internet of Things IoT security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn't regulate the IoT market. It doesn't single out any industries for particular attention, or force any...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/16 1:39 p.m.21 views

New KRACK Attack Against Wi-Fi Encryption

Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This ...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/28 10:35 a.m.21 views

CIA Exploits Against Wireless Routers

WikiLeaks has published CherryBlossom, the CIA's program to hack into wireless routers. The program is about a decade old. Four good news articles. Five. And a list of vulnerable routers...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/21 6:58 p.m.21 views

Is Continuing to Patch Windows XP a Mistake?

Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry. Is this a good idea? This 2014 essay argues that it's not: The zero-day...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/22 11:6 a.m.21 views

Extending the Airplane Laptop Ban

The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effectively allowing wealthier and more frequent...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/10 7:14 p.m.21 views

Securing Elections

Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can be improved. The whole process can be streamlined. People...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/05 9:5 p.m.21 views

Friday Squid Blogging: Squid Communications

In the oval squid Sepioteuthis lessoniana, males use body patterns to communicate with both females and other males: To gain insight into the visual communication associated with each behavior in terms of the body patterning's key components, the co-expression frequencies of two or more component...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/21 10:4 p.m.21 views

Friday Squid Blogging: Video of Squid Attacking Another Squid

Wow, is this cool. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/29 4:5 p.m.20 views

Factoring RSA Keys with Many Zeros

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/15 11:1 a.m.20 views

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/18 11:8 a.m.20 views

Zero-Day Exploit Against Windows BitLocker

It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/13 11:3 a.m.20 views

OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities

The UK's AI Security Institute evaluated GPT-5.5's ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute's evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/10 12:6 p.m.20 views

Full-Face Masks to Frustrate Identification

This is going to be interesting. It's a video of someone trying on a variety of printed full-face masks. They won't fool anyone for long, but will survive casual scrutiny. And they're cheap and easy to swap...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/13 11:2 a.m.20 views

AI and the Indian Election

As India concluded the worlds largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of AI...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/10 9:7 p.m.20 views

Friday Squid Blogging: Squid Mating Strategies

Some squids are "consorts," others are "sneakers." The species is healthiest when individuals have different strategies randomly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/15 11:4 a.m.20 views

New Lattice Cryptanalytic Technique

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/28 11:5 a.m.20 views

Hardware Vulnerability in Apple’s M-Series Chips

Its yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/22 11:1 a.m.20 views

Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. Its $2M less than in 2022, but its still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the programs launch in 2010 has reached $59 million. For Android, the worlds most popular and widely used mobile...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/16 12:21 p.m.20 views

The Story of the Mirai Botnet

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/29 10:8 p.m.20 views

Friday Squid Blogging: Sqids

Theyre short unique strings: Sqids pronounced "squids" is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I havent dug into the details enough to know how they can...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/29 12:3 p.m.20 views

AI Is Scarily Good at Guessing the Location of Random Photos

Wow: To test PIGEONs performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didnt seem to...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/15 5:51 p.m.20 views

New SSH Vulnerability

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/14 12:6 p.m.20 views

How .tk Became a TLD for Scammers

Sad story of Tokelau, and how its top-level domain "became the unwitting host to the dark underworld by providing a never-ending supply of domain names that could be weaponized against internet users. Scammers began using .tk websites to do everything from harvesting passwords and payment...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/10 10:4 p.m.20 views

Friday Squid Blogging: The History and Morality of US Squid Consumption

Really interesting article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/11 11:4 a.m.20 views

Cisco Can’t Stop Using Hard-Coded Passwords

Theres a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/24 11:9 a.m.20 views

Google Reportedly Disconnecting Employees from the Internet

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/20 7:44 p.m.20 views

Kevin Mitnick Died

Obituary...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/21 2:19 p.m.20 views

Using the iPhone Recovery Key to Lock Owners Out of Their iPhones

This a good example of a security feature that can sometimes harm security: Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who turn on the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password. iPhone...

6.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/11 11:22 a.m.20 views

Car Thieves Hacking the CAN Bus

Car thieves are injecting malicious software into a cars network through wires in the headlights or taillights that fool the car into believing that the electronic key is nearby. News articles...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 11:4 a.m.20 views

Exploding USB Sticks

In case you dont have enough to worry about, people are hiding explosives--actual ones--in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/07 12:13 p.m.20 views

Prompt Injection Attacks on Large Language Models

This is a good survey on prompt injection attacks on large language models like ChatGPT. Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models LLMs. They are already being adopted in practice and integrated into many systems, including integrated...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/22 12:30 p.m.20 views

A Device to Turn Traffic Lights Green

Heres a story about a hacker who reprogrammed a device called "Flipper Zero" to mimic Opticom transmitters--to turn traffic lights in his path green. As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data or transmit it, with the right firmware in...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/10 8:3 p.m.20 views

A Hacker’s Mind Is Now Published

Tuesday was the official publication date of A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times, Cory Doctorows blog, Science, and the Associated Press. I wrote essays related to th...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 10:59 p.m.20 views

Friday Squid Blogging: Squid-Inspired Hydrogel

Scientists have created a hydrogel "using squid mantle and creative chemistry." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 8:19 p.m.20 views

Kevin Mitnick Hacked California Law in 1983

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that theres warrant for his arrest by the California Youth Authority, an...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/20 10:0 p.m.20 views

Friday Squid Blogging: Another Giant Squid Captured on Video

Heres a new video of a giant squid, filmed in the Sea of Japan. I believe its injured. Its so close to the surface, and not really moving very much. "We didnt see the kinds of agile movements that many fish and marine creatures normally show," he said. "Its tentacles and fins were moving very...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/28 6:14 p.m.20 views

QR Code Scam

An enterprising individual made fake parking tickets with a QR code for easy payment...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/25 11:45 a.m.20 views

Man-in-the-Middle Phishing Attack

Heres a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/12 9:6 p.m.20 views

Friday Squid Blogging: SQUID Acronym for Making Conscious Choices

I think the U is forced: SQUID consists of five steps: Stop, Question, Understand, Imagine, and Decide. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Total number of security vulnerabilities2981