Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2022/05/13 9:10 p.m.19 views

Friday Squid Blogging: Squidmobile

The Squidmobile. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/28 2:15 p.m.19 views

Microsoft Issues Report of Russian Cyberattacks against Ukraine

Microsoft has a comprehensive report on the dozens of cyberattacks -- and even more espionage operations -- Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat APT actors and other unattributed threats, have conducted destructive attacks,...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/08 11:6 a.m.19 views

AirTags Are Used for Stalking Far More than Previously Reported

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens o...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/11 10:1 p.m.19 views

Friday Squid Blog: 328-million-year-old Vampire Squid Ancestor Discovered

A fossilized ancestor of the vampire squid -- with ten arms -- was discovered and named Syllipsimopodi bideni after President Biden. Heres the research paper. Note: Vampire squids are not squids. Yes, its weird. As usual, you can also use this squid post to talk about the security stories in the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/07 12:20 p.m.19 views

Hacking Alexa through Alexa’s Speech

An Alexa can respond to voice commands it issues. This can be exploited: The attack works by using the devices speaker to issue voice commands. As long as the speech contains the device wake word usually "Alexa" or "Echo" followed by a permissible command, the Echo will carry it out, researchers...

3.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/05 12:12 p.m.19 views

More Russian Cyber Operations against Ukraine

Both Russia and Ukraine are preparing for military operations in cyberspace...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/31 10:3 p.m.19 views

Friday Squid Blogging: Deep-Dwelling Squid

We have discovered a squid -- Oegopsida, Magnapinnidae, Magnapinna sp. -- that lives at 6,000 meters deep. :They’re really weird," says Vecchione. "They drift along with their arms spread out and these really long, skinny, spaghetti-like extensions dangling down underneath them." Microscopic...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/16 3:50 p.m.19 views

More Log4j News

Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. "Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability,...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/07 12:25 p.m.19 views

Someone Is Running Lots of Tor Relays

Since 2017, someone is running about a thousand -- 10% of the total -- Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/02 2:32 p.m.19 views

Smart Contract Bug Results in $31 Million Loss

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/19 2:31 p.m.19 views

New Rowhammer Technique

Rowhammer is an attack technique involving accessing -- thats "hammering" -- rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancemen...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/16 12:18 p.m.19 views

Wire Fraud Scam Upgraded with Bitcoin

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam: As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/25 6:46 p.m.19 views

New York Times Journalist Hacked with NSO Spyware

Citizen Lab is reporting that a New York Times journalist was hacked with the NSO Groups spyware Pegasus, probably by the Saudis. The world needs to do something about these cyberweapons arms manufacturers. This kind of thing isnt enough; NSO Group is an Israeli company...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/19 1:7 p.m.19 views

Using Machine Learning to Guess PINs from Video

Researchers trained a machine-learning system on videos of people typing their PINs into ATMs: By using three tries, which is typically the maximum allowed number of attempts before the card is withheld, the researchers reconstructed the correct sequence for 5-digit PINs 30% of the time, and...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/06/11 9:18 p.m.19 views

Friday Squid Blogging: Fossil of Squid Eating and Being Eaten

We now have a fossil of a squid eating a crustacean while it is being eaten by a shark. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/15 11:10 a.m.19 views

Privacy Analysis of Ambient Light Sensors

Interesting privacy analysis of the Ambient Light Sensor API. And a blog post. Especially note the "Lessons Learned" section...

3.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 11:17 a.m.19 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/11 11:0 a.m.19 views

Collecting and Selling Mobile Phone Location Data

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/17 11:4 a.m.19 views

Twitter Hackers May Have Bribed an Insider

Motherboard is reporting that this week's Twitter hack involved a bribed insider. Twitter has denied it. I have been taking press calls all day about this. And while I know everyone wants to speculate about the details of the hack, we just don't know -- and probably won't for a couple of weeks...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/26 12:0 p.m.19 views

The Unintended Harms of Cybersecurity

Interesting research: "Identifying Unintended Harms of Cybersecurity Countermeasures": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures technologies or procedures to manage risks to their services or systems. In some cases, those countermeasures will produce unintended...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/23 2:14 p.m.19 views

G7 Comes Out in Favor of Encryption Backdoors

From a G7 meeting of interior ministers in Paris this month, an "outcome document": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when i...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/20 1:7 p.m.19 views

James Mickens on the Current State of Computer Security

James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security -- racism, sexism, etc. -- and the problems with machine learning and the Internet. Worth watching...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/20 11:38 a.m.19 views

New Report on Chinese Intelligence Cyber-Operations

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/02 12:38 p.m.19 views

Signed Malware

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/10/19 2:18 p.m.19 views

Security Flaws in Children's Smart Watches

The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children. Press release. News article. This is the same group that found all those security and privacy vulnerabilities in smart dolls. EDITED TO ADD 10/21: Slashdot...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/19 11:44 a.m.19 views

New Technique to Hijack Social Media Accounts

Access Now has documented it being used against a Twitter user, but it also works against other social media accounts: With the Doubleswitch attack, a hijacker takes control of a victim's account through one of several attack vectors. People who have not enabled an app-based form of multifactor...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/12 7:22 p.m.19 views

Chelsea Manning Profiled in New York Times Magazine

Interesting reading...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/29 4:5 p.m.18 views

Factoring RSA Keys with Many Zeros

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/15 11:1 a.m.18 views

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/13 11:3 a.m.18 views

OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities

The UK's AI Security Institute evaluated GPT-5.5's ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute's evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/06 7:9 p.m.18 views

New Mexico’s Meta Ruling and Encryption

Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the "design choices create liability" framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/30 11:0 a.m.18 views

AI and the 2024 US Elections

For years now, AI has undermined the public's ability to trust what it sees, hears, and reads. The Republican National Committee released a provocative ad offering an "AI-generated look into the country's possible future if Joe Biden is re-elected," showing apocalyptic, machine-made images of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/10 11:4 a.m.18 views

New Chrome Zero-Day

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency...

9.6CVSS7.1AI score0.19272EPSS
Exploits2
Schneier on Security
Schneier on Security
added 2024/06/18 11:4 a.m.18 views

Rethinking Democracy for the Age of AI

There is a lot written about technologys threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/23 11:0 a.m.18 views

Personal AI Assistants and Privacy

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall record...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/15 11:5 a.m.18 views

Improving C++

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem "is" that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds,...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/07 12:0 p.m.18 views

How Public AI Can Strengthen Democracy

With the worlds focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But were learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/27 12:3 p.m.18 views

China Surveillance Company Hacked

Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. Lots of details in the news articles. These arent details about the tools or techniques, more the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/20 12:2 p.m.18 views

Microsoft Is Spying on Users of Its AI Tools

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools--presumably coding tools--to improve their hacking abilities. From their report: In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries--tracked as...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/14 12:8 p.m.18 views

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NISTs post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/08 12:3 p.m.18 views

Second Interdisciplinary Workshop on Reimagining Democracy

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy IWORD 2023 at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/02 12:4 p.m.18 views

TikTok Editorial Analysis

TikTok seems to be skewing things in the interests of the Chinese Communist Party. This is a serious analysis, and the methodology looks sound. Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikToks Impartiality Given the research above, we assess a strong possibility...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/21 12:10 p.m.18 views

Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

The Solntsepek group has taken credit for the attack. Theyre linked to the Russian military, so its unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/07 12:8 p.m.18 views

Spaf on the Morris Worm

Gene Spafford wrote an essay reflecting on the Morris Worm of 1988--thirty-five years ago. His lessons from then are still applicable today...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/30 11:10 a.m.18 views

Hacking Scandinavian Alcohol Tax

The islands of Åland are an important tax hack: Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/08 9:3 p.m.18 views

Friday Squid Blogging: Glass Squid Video

Heres a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/05 11:3 a.m.18 views

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

Interesting research: Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System CVSS is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/16 11:17 a.m.18 views

UK Electoral Commission Hacked

The UK Electoral Commission discovered last year that it was hacked the year before. Thats fourteen months between the hack and the discovery. It doesnt know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/27 11:4 a.m.18 views

Fooling an AI Article Writer

World of Warcraft players wrote about a fictional game element, "Glorbo," on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked: And it…worked. Zleague auto-published a post titled "World of Warcraft Players Excited For Glorbo’s Introduction." … That is…a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/21 11:16 a.m.18 views

AI and Microdirectives

Imagine a future in which AIs automatically interpret--and enforce--laws. All day and every day, you constantly receive highly personalized instructions for how to comply with the law, sent directly by your government and law enforcement. Youre told how to cross the street, how fast to drive on t...

6.9AI score
Exploits0
Total number of security vulnerabilities2979