Lucene search
K
SchneierMost viewed

2978 matches found

Schneier on Security
Schneier on Security
added 2020/07/14 11:17 a.m.20 views

Enigma Machine for Sale

A four-rotor Enigma machine -- with rotors -- is up for auction...

4.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/25 12:9 p.m.20 views

Analyzing IoT Security Best Practices

New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things IoT security have recently attracted considerable attention worldwide from industry and governments, while academic research...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/16 3:20 p.m.20 views

Eavesdropping on Sound Using Variations in Light Bulbs

New research is able to recover sound waves in a room by observing minute changes in the room's light bulbs. This technique works from a distance, even from a building across the street through a window. Details: In an experiment using three different telescopes with different lens diameters from...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/02 11:14 a.m.20 views

Using In-Game Purchases to Launder Money

Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/17 11:20 a.m.20 views

Installing a Credit Card Skimmer on a POS Terminal

Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/06/07 10:56 a.m.20 views

An Example of Deterrence in Cyberspace

In 2016, the US was successfully deterred from attacking Russia in cyberspace because of fears of Russian capabilities against the US. I have two citations for this. The first is from the book Russian Roulette: The Inside Story of Putin's War on America and the Election of Donald Trump, by Michae...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/18 2:58 p.m.20 views

IoT Cybersecurity: What's Plan B?

In August, four US Senators introduced a bill designed to improve Internet of Things IoT security. The IoT Cybersecurity Improvement Act of 2017 is a modest piece of legislation. It doesn't regulate the IoT market. It doesn't single out any industries for particular attention, or force any...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/16 1:39 p.m.20 views

New KRACK Attack Against Wi-Fi Encryption

Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks This ...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/20 11:21 a.m.20 views

Ceramic Knife Used in Israel Stabbing

I have no comment on the politics of this stabbing attack, and only note that the attacker used a ceramic knife -- that will go through metal detectors. I have used a ceramic knife in the kitchen. It's sharp. EDITED TO ADD 6/22: It looks like the knife had nothing to do with the attack discussed ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/15 11:52 a.m.20 views

Millennials and Secret Leaking

I hesitate to blog this, because it's an example of everything that's wrong with pop psychology. Malcolm Harris writes about millennials, and has a theory of why millennials leak secrets. My guess is that you could write a similar essay about every named generation, every age group, and so on...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/06 11:11 a.m.20 views

Spear Phishing Attacks

Really interesting research: "Unpacking Spear Phishing Susceptibility," by Zinaida Benenson, Freya Gassmann, and Robert Landwirth. Abstract: We report the results of a field experiment where we sent to over 1200 university students an email or a Facebook message with a link to non-existing party...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/22 11:6 a.m.20 views

Extending the Airplane Laptop Ban

The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effectively allowing wealthier and more frequent...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/10 7:14 p.m.20 views

Securing Elections

Technology can do a lot more to make our elections more secure and reliable, and to ensure that participation in the democratic process is available to all. There are three parts to this process. First, the voter registration process can be improved. The whole process can be streamlined. People...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/05 9:5 p.m.20 views

Friday Squid Blogging: Squid Communications

In the oval squid Sepioteuthis lessoniana, males use body patterns to communicate with both females and other males: To gain insight into the visual communication associated with each behavior in terms of the body patterning's key components, the co-expression frequencies of two or more component...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/21 10:4 p.m.20 views

Friday Squid Blogging: Video of Squid Attacking Another Squid

Wow, is this cool. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/18 11:8 a.m.19 views

Zero-Day Exploit Against Windows BitLocker

It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/21 12:3 p.m.19 views

Secret Service Tracking People’s Locations without Warrant

This feels important: The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn't need a warrant...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/13 11:2 a.m.19 views

AI and the Indian Election

As India concluded the worlds largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies--and what lessons that holds for the rest of the world. The campaigns made extensive use of AI...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/29 11:1 a.m.19 views

Privacy Implications of Tracking Wireless Access Points

Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/25 11:2 a.m.19 views

The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is comin...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/03 11:1 a.m.19 views

Class-Action Lawsuit against Google’s Incognito Mode

The lawsuit has been settled: Google has agreed to delete "billions of data records" the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit file...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/22 11:1 a.m.19 views

Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. Its $2M less than in 2022, but its still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the programs launch in 2010 has reached $59 million. For Android, the worlds most popular and widely used mobile...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/08 12:6 p.m.19 views

A Taxonomy of Prompt Injection Attacks

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the "compound instruction attack,...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/22 12:9 p.m.19 views

AI Bots on X (Twitter)

You can find them by searching for OpenAI chatbot warning messages, like: "Im sorry, I cannot provide a response as it goes against OpenAIs use case policy." I hadnt thought about this before: identifying bots by searching for distinctive bot phrases...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/16 12:21 p.m.19 views

The Story of the Mirai Botnet

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/29 12:3 p.m.19 views

AI Is Scarily Good at Guessing the Location of Random Photos

Wow: To test PIGEONs performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didnt seem to...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/28 12:1 p.m.19 views

AI and Lossy Bottlenecks

Artificial intelligence is poised to upend much of society, removing human limitations inherent in many systems. One such limitation is information and logistical bottlenecks in decision-making. Traditionally, people have been forced to reduce complex choices to a small handful of options that do...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/27 12:1 p.m.19 views

New iPhone Security Features to Protect Stolen Devices

Apple is rolling out a new "Stolen Device Protection" feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/24 12:4 p.m.19 views

LitterDrifter USB Worm

A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond. The group­--known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm--has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/20 11:57 a.m.19 views

Using Generative AI for Surveillance

Generative AI is going to be a powerful tool for data analysis and summarization. Heres an example of it being used for sentiment analysis. My guess is that it isnt very good yet, but that it will get better...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/27 11:1 a.m.19 views

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/15 11:15 a.m.19 views

On Technologies for Automatic Facial Recognition

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvands head, Facebook could prevent users from ever forgetting a colleagues name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/01 9:29 p.m.19 views

Friday Squid Blogging: We’re Genetically Engineering Squid Now

Is this a good idea? The transparent squid is a genetically altered version of the hummingbird bobtail squid, a species usually found in the tropical waters from Indonesia to China and Japan. Its typically smaller than a thumb and shaped like a dumpling. And like other cephalopods, it has a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/24 11:24 a.m.19 views

Parmesan Anti-Forgery Protection

The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/23 11:6 a.m.19 views

December’s Reimagining Democracy Workshop

Imagine that weve all--all of us, all of society--landed on some alien planet, and we have to form a government: clean slate. We dont have any legacy systems from the US or any other country. We dont have any special or unique interests to perturb our thinking. How would we govern ourselves? Its...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/28 7:15 p.m.19 views

Hacking the Layoff Process

My latest book, A Hackers Mind, is filled with stories about the rich and powerful hacking systems, but it was hard to find stories of the hacking by the less powerful. Heres one I just found. An article on how layoffs at big companies work inadvertently suggests an employee hack to avoid being...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/20 10:47 a.m.19 views

New Zero-Click Exploits against iOS

Citizen Lab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Groups Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apples Lockdown Mode part of iOS 16...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/18 11:19 a.m.19 views

Using LLMs to Create Bioweapons

Im not sure there are good ways to build guardrails to prevent this sort of thing: There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poison...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/03 8:3 p.m.19 views

A Hacker’s Mind News

A Hackers Mind will be published on Tuesday. I have done a written interview and a podcast interview about the book. Its been chosen as a "February 2023 Must-Read Book" by the Next Big Idea Club. And an "Editors Pick"--whatever that means--on Amazon. There have been three reviews so far. I am...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/31 12:3 p.m.19 views

Ransomware Payments Are Down

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 10:59 p.m.19 views

Friday Squid Blogging: Squid-Inspired Hydrogel

Scientists have created a hydrogel "using squid mantle and creative chemistry." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/18 12:19 p.m.19 views

AI and Political Lobbying

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails, college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/09 10:6 p.m.19 views

Friday Squid Blogging: China Bans Taiwanese Squid Imports

Today I have some squid geopolitical news. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/28 11:19 a.m.19 views

Cold War Bugging of Soviet Facilities

Found documents in Poland detail US spying operations against the former Soviet Union. The file details a number of bugs found at Soviet diplomatic facilities in Washington, D.C., New York, and San Francisco, as well as in a Russian government-owned vacation compound, apartments used by Russia...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/26 11:54 a.m.19 views

Security and Cheap Complexity

Ive been saying that complexity is the worst enemy of security for a long time now. Heres me in 1999. And its been true for a long time. In 2018, Thomas Dullien of Googles Project Zero talked about "cheap complexity." Andrew Appel summarizes: The anomaly of cheap complexity. For most of human...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/15 2:14 p.m.19 views

$23 Million YouTube Royalties Scam

Scammers were able to convince YouTube that other peoples music was their own. They successfully stole $23 million before they were caught. No one knows how common this scam is, and how much money total is being stolen in this way. Presumably this is not an uncommon fraud. While the size of the...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/13 11:48 a.m.19 views

Cryptanalysis of ENCSecurity’s Encryption Implementation

ENCSecurity markets a file encryption system, and its used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, its implementation is flawed in multiple ways--and breakable. The moral is, as it always is, that implementing cryptography securely is hard. Dont roll...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/03 7:1 p.m.19 views

Me on Public-Interest Tech

Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: "The Story of the Internet and How it Broke Bad: A Call for Public-Interest Technologists." It was something I was really proud of, and its finally up on...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/20 7:5 p.m.19 views

The Onion on Google Map Surveillance

"Google Maps Adds Shortcuts through Houses of People Google Knows Arent Home Right Now." Excellent satire...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/20 11:2 a.m.19 views

Bluetooth Flaw Allows Remote Unlocking of Digital Locks

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device...

1.1AI score
Exploits0
Total number of security vulnerabilities2978