Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2024/03/15 11:5 a.m.18 views

Improving C++

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem "is" that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds,...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/07 12:0 p.m.18 views

How Public AI Can Strengthen Democracy

With the worlds focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But were learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/27 12:3 p.m.18 views

China Surveillance Company Hacked

Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. Lots of details in the news articles. These arent details about the tools or techniques, more the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/20 12:2 p.m.18 views

Microsoft Is Spying on Users of Its AI Tools

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools--presumably coding tools--to improve their hacking abilities. From their report: In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries--tracked as...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/14 12:8 p.m.18 views

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NISTs post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/06 5:3 p.m.18 views

Documents about the NSA’s Banning of Furby Toys in the 1990s

Via a FOIA request, we have documents from the NSA about their banning of Furby toys. 404 Media has the story. EDITED TO ADD: The documents are now on Archive.org...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/08 12:3 p.m.18 views

Second Interdisciplinary Workshop on Reimagining Democracy

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy IWORD 2023 at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/02 12:4 p.m.18 views

TikTok Editorial Analysis

TikTok seems to be skewing things in the interests of the Chinese Communist Party. This is a serious analysis, and the methodology looks sound. Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikToks Impartiality Given the research above, we assess a strong possibility...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/21 12:10 p.m.18 views

Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

The Solntsepek group has taken credit for the attack. Theyre linked to the Russian military, so its unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/07 12:8 p.m.18 views

Spaf on the Morris Worm

Gene Spafford wrote an essay reflecting on the Morris Worm of 1988--thirty-five years ago. His lessons from then are still applicable today...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/02 11:7 a.m.18 views

Spyware in India

Apple has warned leaders of the opposition government in India that their phones are being spied on: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that "Apple believes you are being targeted by state-sponsored attackers...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/30 11:10 a.m.18 views

Hacking Scandinavian Alcohol Tax

The islands of Åland are an important tax hack: Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/08 9:3 p.m.18 views

Friday Squid Blogging: Glass Squid Video

Heres a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/05 11:3 a.m.18 views

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

Interesting research: Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System CVSS is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In th...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/16 11:17 a.m.18 views

UK Electoral Commission Hacked

The UK Electoral Commission discovered last year that it was hacked the year before. Thats fourteen months between the hack and the discovery. It doesnt know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/27 11:4 a.m.18 views

Fooling an AI Article Writer

World of Warcraft players wrote about a fictional game element, "Glorbo," on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked: And it…worked. Zleague auto-published a post titled "World of Warcraft Players Excited For Glorbo’s Introduction." … That is…a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/21 11:16 a.m.18 views

AI and Microdirectives

Imagine a future in which AIs automatically interpret--and enforce--laws. All day and every day, you constantly receive highly personalized instructions for how to comply with the law, sent directly by your government and law enforcement. Youre told how to cross the street, how fast to drive on t...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/07 11:11 a.m.18 views

The AI Dividend

For four decades, Alaskans have opened their mailboxes to find checks waiting for them, their cut of the black gold beneath their feet. This is Alaskas Permanent Fund, funded by the states oil revenues and paid to every Alaskan each year. Were now in a different sort of resource rush, with...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/06 11:3 a.m.18 views

Belgian Tax Hack

Heres a fascinating tax hack from Belgium listen to the details here, episode 484 of "No Such Thing as a Fish," at 28:00. Basically, its about a music festival on the border between Belgium and Holland. The stage was in Holland, but the crowd was in Belgium. When the copyright collector came...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/12 11:11 a.m.18 views

FBI Advising People to Avoid Public Charging Stations

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB por...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/23 11:5 a.m.18 views

Mass Ransomware Attack

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack: TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However,...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/21 12:34 p.m.18 views

US Citizen Hacked by Spyware

The New York Times is reporting that a US citizens phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/17 10:3 p.m.18 views

Friday Squid Blogging: Thermal Batteries from Squid Proteins

Researchers are making thermal batteries from "a synthetic material thats derived from squid ring teeth protein." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/16 12:14 p.m.18 views

Hacked Cellebrite and MSAB Software Released

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 8:7 p.m.18 views

Existential Risk and the Fermi Paradox

We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hackers Mind coming in February 2023, I write: Our societal systems, in general, may have grown fairer and more...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/14 11:51 a.m.18 views

Weird Fallout from Peiter Zatko’s Twitter Whistleblowing

People are trying to dig up dirt on Peiter Zatko, better known as Mudge. For the record, I have not been contacted. Im not sure if I should feel slighted...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/26 9:8 p.m.18 views

Friday Squid Blogging: 14-foot Giant Squid Washes Ashore in Cape Town

Its an Architeuthis dux, the second this year. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/28 11:16 a.m.18 views

New UFEI Rootkit

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article: The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/19 2:40 p.m.18 views

NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders

Yet another basic human rights violation, courtesy of NSO Group: Citizen Lab has the details: Key Findings We discovered an extensive espionage campaign targeting Thai pro-democracy protesters, and activists calling for reforms to the monarchy. We forensically confirmed that at least 30 individua...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/29 11:19 a.m.18 views

Ecuador’s Attempt to Resettle Edward Snowden

Someone hacked the Ecuadorian embassy in Moscow and found a document related to Ecuadors 2013 efforts to bring Edward Snowden there. If you remember, Snowden was traveling from Hong Kong to somewhere when the US revoked his passport, stranding him in Russia. In the document, Ecuador asks Russia t...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 2:30 p.m.18 views

Twitter Used Two-Factor Login Details for Ad Targeting

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/25 3:30 p.m.18 views

Manipulating Machine-Learning Systems through the Order of the Training Data

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not rando...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/18 11:6 a.m.18 views

iPhone Malware that Operates Even When the Phone Is Turned Off

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. t turns out that the iPhone’s Bluetooth chip­--which is key to making features like Find My work­--has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/02 12:25 p.m.18 views

Vulnerability in Stalkerware Apps

TechCrunch is reporting -- but not describing in detail -- a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isnt in the apps installed on the victims phones, but in the website the stalker goes to view the information the app...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/25 10:0 p.m.18 views

Friday Squid Blogging: Squid Videos

Here are six beautiful squid videos. I know nothing more about them. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 2/25: This post accidentally went live on Wednesday, two days...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/23 12:28 p.m.18 views

Bypassing Apple’s AirTag Security

A Berlin-based company has developed an AirTag clone that bypasses Apples anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apples anti-stalker security only works with iPhones. Apple wrote an Android app that...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/18 10:12 p.m.18 views

Friday Squid Blogging: South American Squid Stocks Threatened by Chinese Fishing

Theres a lot of fishing going on: The number of Chinese-flagged vessels in the south Pacific has surged 13-fold from 54 active vessels in 2009 to 707 in 2020, according to the SPRFMO. Meanwhile, the size of Chinas squid catch has grown from 70,000 tons in 2009 to 358,000. As usual, you can also u...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/11 12:17 p.m.18 views

On the Irish Health Services Executive Hack

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices: The report notes that: The HSE did not have a Chief Information Security Officer CISO or a “single responsible owner for cybersecurity at either senior executive o...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/10 12:13 p.m.18 views

Bunnie Huang’s Plausibly Deniable Database

Bunnie Huang has created a Plausibly Deniable Database. Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. This allows specific and enforceable demands to be made: “Give us the...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/09 12:25 p.m.18 views

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/19 11:7 a.m.18 views

Ransomware Attacks against Water Treatment Plants

According to a report from CISA last week, there were three ransomware attacks against water treatment plants last year. WWS Sector cyber intrusions from 2019 to early 2021 include: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. The...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/15 2:30 p.m.18 views

Security Risks of Client-Side Scanning

Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldnt touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. Its not a cryptographic backdoor, b...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/22 2:30 p.m.18 views

FBI Had the REvil Decryption Key

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didnt pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying i...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/07 11:14 a.m.18 views

Lightning Cable with Embedded Eavesdropping

Normal-looking cables USB-C, Lightning, and so on that exfiltrate data over a wireless network. I blogged about a previous prototype here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/05 3:28 p.m.18 views

California Proposition 24 Passes

Californias Proposition 24, aimed at improving the California Consumer Privacy Act, passed this week. Analyses are very mixed. I was very mixed on the proposition, but on the whole I supported it. The proposition has some serious flaws, and was watered down by industry, but voting for privacy fee...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/29 2:52 p.m.18 views

Tracking Users on Waze

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users: I found out that I can visit Waze from any web browser at waze.com/livemap so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/18 3:3 p.m.18 views

Using Disinformation to Cause a Blackout

Interesting paper: "How weaponizing disinformation can bring down a city's power grid": Abstract: Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/09 11:16 a.m.18 views

Traffic Analysis of Home Security Cameras

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/01 2:31 p.m.18 views

Securing the International IoT Supply Chain

Together with Nate Kim former student and Trey Herr Atlantic Council Cyber Statecraft Initiative, I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/01/14 7:0 p.m.18 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from...

1.1AI score
Exploits0
Total number of security vulnerabilities2981