Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2026/05/29 9:5 p.m.17 views

Friday Squid Blogging: Another Squid

Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/16 1:3 a.m.17 views

Friday Squid Blogging: Bigfin Squid

Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/28 11:6 a.m.17 views

What Anthropic’s Mythos Means for the Future of Cybersecurity

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure tha...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/14 4:2 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026. I’m speaking at RSAC 2026 in San Francisco, California, USA, on Wednesday, March 25, 2026. I’m part...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/16 3:19 p.m.17 views

CVE Program Almost Unfunded

Mitre's CVE's program--which provides common naming and other informational resources about cybersecurity vulnerabilities--was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/10 11:1 a.m.17 views

Thousands of WordPress Websites Infected with Malware

The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven't seen before. Which introduces another type of attack made possibly by abusing websites that don't monitor...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/10 4:1 p.m.17 views

New Attack Against Self-Driving Car AI

This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/06 11:3 a.m.17 views

New Lawsuit Attempting to Make Adversarial Interoperability Legal

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision--and an even more obscure typo. Read this...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/26 11:1 a.m.17 views

Long Article on GM Spying on Its Cars’ Drivers

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them--and then sold that data to insurance companies...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/27 11:1 a.m.17 views

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Its pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/22 9:3 p.m.17 views

Friday Squid Blogging: New Species of Squid Discovered

A new species of squid was discovered, along with about a hundred other species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/21 11:3 a.m.17 views

Public AI as an Alternative to Corporate AI

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. Its nothing I havent said here before, but for anyone who hasnt read my longer essays on the topic, its a shorter introduction. The increasingly centralized control of AI is an ominous sign. When tech...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/19 11:5 a.m.17 views

AI and the Evolution of Social Media

Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022...

6.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/06 12:6 p.m.17 views

Surveillance through Push Notifications

The Washington Post is reporting on the FBIs increasing use of push notification data--"push tokens"--to identify people. The police can request this data from companies like Apple and Google without a warrant. The investigative technique goes back years. Court orders that were issued in 2019 to...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/01 12:8 p.m.17 views

NIST Cybersecurity Framework 2.0

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It al...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/29 12:0 p.m.17 views

How the “Frontier” Became the Slogan of Uncontrolled AI

Artificial intelligence AI has been billed as the next frontier of humanity: the newly available expanse whose exploration will drive the next era of growth, wealth, and human flourishing. Its a scary metaphor. Throughout American history, the drive for expansion and the very concept of terrain u...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/28 12:2 p.m.17 views

A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/06 5:3 p.m.17 views

Documents about the NSA’s Banning of Furby Toys in the 1990s

Via a FOIA request, we have documents from the NSA about their banning of Furby toys. 404 Media has the story. EDITED TO ADD: The documents are now on Archive.org...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/26 12:9 p.m.17 views

Chatbots and Human Conversation

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/12 10:6 p.m.17 views

Friday Squid Blogging: Giant Squid from Newfoundland in the 1800s

Interesting article, with photographs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/05 12:7 p.m.17 views

Improving Shor’s Algorithm

We dont have a useful quantum computer yet, but we do have quantum algorithms. Shors algorithm has the potential to factor large numbers faster than otherwise possible, which--if the run times are actually feasible--could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/17 10:1 p.m.17 views

Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy

In a rare squid/security post, heres an article about unpatched vulnerabilities in the Squid caching proxy. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/02 11:7 a.m.17 views

Spyware in India

Apple has warned leaders of the opposition government in India that their phones are being spied on: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that "Apple believes you are being targeted by state-sponsored attackers...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/31 11:3 a.m.17 views

The Future of Drone Warfare

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/05 11:12 a.m.17 views

Political Disinformation and AI

Elections around the world are facing an evolving threat from foreign actors, one that involves artificial intelligence. Countries trying to influence each others elections entered a new era in 2016, when the Russians launched a series of social media disinformation campaigns targeting the US...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/29 11:3 a.m.17 views

Identity Theft from 1965 Uncovered through Face Recognition

Interesting story: Napoleon Gonzalez, of Etna, assumed the identity of his brother in 1965, a quarter century after his siblings death as an infant, and used the stolen identity to obtain Social Security benefits under both identities, multiple passports and state identification cards, law...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/11 11:57 a.m.17 views

Privacy of Printing Services

The Washington Post has an article about popular printing services, and whether or not they read your documents and mine the data when you use them for printing: Ideally, printing services should avoid storing the content of your files, or at least delete daily. Print services should also...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/21 5:54 p.m.17 views

Ethical Problems in Computer Security

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: "Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation": Abstract: The computer security research community regularly tackles ethical...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/27 1:38 p.m.17 views

Security Risks of AI

Stanford and Georgetown have a new report on the security risks of AI--particularly adversarial machine learning--based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 8:4 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “Cybersecurity Thinking to Reinvent Democracy” at RSA Conference 2023 in San Francisco, California, on Tuesday, April 25, 2023, at 9:40 AM PT. I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:3...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 7:6 p.m.17 views

Hacking Suicide

Heres a religious hack: You want to commit suicide, but its a mortal sin: your soul goes straight to hell, forever. So what you do is murder someone. That will get you executed, but if you confess your sins to a priest beforehand you avoid hell. Problem solved. This was actually a problem in the...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/23 11:5 a.m.17 views

Mass Ransomware Attack

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack: TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However,...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/01 12:6 p.m.17 views

Fooling a Voice Authentication System with an AI-Generated Voice

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyds Bank...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/23 12:27 p.m.17 views

Cyberwar Lessons from the War in Ukraine

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: "The Cyber Defense Assistance Imperative ­ Lessons from Ukraine." Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/10 10:11 p.m.17 views

Friday Squid Blogging: Squid Is a Blockchain Thingy

I had no idea--until I read this incredibly jargon-filled article: Squid is a cross-chain liquidity and messaging router that swaps across multiple chains and their native DEXs via axlUSDC. So there. As usual, you can also use this squid post to talk about the security stories in the news that I...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/08 11:46 a.m.17 views

SolarWinds and Market Incentives

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration of government and corporate networks worldwide is the result of inadequate cyberdefenses across the...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/06 11:2 a.m.17 views

Attacking Machine Learning Systems

The field of machine learning ML security--and corresponding adversarial ML--is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many...

Exploits0
Schneier on Security
Schneier on Security
added 2023/02/03 12:7 p.m.17 views

Manipulating Weights in Face-Recognition AI Systems

Interesting research: "Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons": Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural network...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/27 12:2 p.m.17 views

A Guide to Phishing Attacks

This is a good list of modern phishing techniques...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/13 12:13 p.m.17 views

Threats of Machine-Generated Text

With the release of ChatGPT, Ive read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. Its a solid grounding amongst all of the hype...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/15 12:16 p.m.17 views

Another Event-Related Spyware App

Last month, we were warned not to install Qatars World Cup app because it was spyware. This month, its Egypts COP27 Summit app: The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users emails and messages. Even...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/20 11:47 a.m.17 views

Interview with Signal’s New President

Long and interesting interview with Signals new president, Meredith Whittaker: WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day ­- and big props to them for doing that. But you...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/07 11:13 a.m.17 views

Spyware Maker Intellexa Sued by Journalist

The Greek journalist Thanasis Koukakis was spied on by his own government, with a commercial spyware product called "Predator." That product is sold by a company in North Macedonia called Cytrox, which is in turn owned by an Israeli company called Intellexa. Koukakis is suing Intellexa. The lawsu...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/23 9:32 p.m.17 views

Friday Squid Blogging: Another Giant Squid Washes Up on New Zealand Beach

This one has chewed-up tentacles. Note that this is a different squid than the one that recently washed up on a South African beach. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/07 2:26 p.m.17 views

The LockBit Ransomware Gang Is Surprisingly Professional

This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom. LockBitSupp said that the ransomware...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/02 9:32 p.m.17 views

Friday Squid Blogging: Squid Images

iStock has over 13,000 royalty-free images of squid. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/16 11:59 a.m.17 views

Remotely Controlling Touchscreens

This is more of a demonstration than a real-world vulnerability, but researchers can use electromagnetic interference to remotely control touchscreens. From a news article: Its important to note that the attack has a few key limitations. Firstly, the hackers need to know the targets phone passcod...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/11 1:23 p.m.17 views

Hacking Starlink

This is the first--of many, I assume--hack of Starlink. Leveraging a string of vulnerabilities, attackers can access the Starlink system and run custom code on the devices...

4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/03 11:50 a.m.17 views

Drone Deliveries into Prisons

Seems its now common to sneak contraband into prisons with a drone...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/08 2:18 p.m.17 views

Apple’s Lockdown Mode

Apple has introduced lockdown mode for high-risk users who are concerned about nation-state attacks. It trades reduced functionality for increased security in a very interesting way...

4.4AI score
Exploits0
Total number of security vulnerabilities2980