Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2022/09/02 9:32 p.m.17 views

Friday Squid Blogging: Squid Images

iStock has over 13,000 royalty-free images of squid. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/16 11:59 a.m.17 views

Remotely Controlling Touchscreens

This is more of a demonstration than a real-world vulnerability, but researchers can use electromagnetic interference to remotely control touchscreens. From a news article: Its important to note that the attack has a few key limitations. Firstly, the hackers need to know the targets phone passcod...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/11 1:23 p.m.17 views

Hacking Starlink

This is the first--of many, I assume--hack of Starlink. Leveraging a string of vulnerabilities, attackers can access the Starlink system and run custom code on the devices...

4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/03 11:50 a.m.17 views

Drone Deliveries into Prisons

Seems its now common to sneak contraband into prisons with a drone...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/08 2:18 p.m.17 views

Apple’s Lockdown Mode

Apple has introduced lockdown mode for high-risk users who are concerned about nation-state attacks. It trades reduced functionality for increased security in a very interesting way...

4.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/28 11:22 a.m.17 views

When Security Locks You Out of Everything

Thought experiment story of someone who lost everything in a house fire, and now cant log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in--yo...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/21 11:34 a.m.17 views

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to "fix" the Internet than any other single...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/17 11:6 a.m.17 views

Tracking People via Bluetooth on Their Phones

Weve always known that phones--and the people carrying them--can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that thats not enough. Computer scientists at the University of California San Diego proved in a...

Exploits0
Schneier on Security
Schneier on Security
added 2022/06/14 12:19 p.m.17 views

Hacking Tesla’s Remote Key Cards

Interesting vulnerability in Teslas NFC key cards: Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/02 8:59 p.m.17 views

Remotely Controlling Touchscreens

Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting: The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/17 11:10 a.m.17 views

Attacks on Managed Service Providers Expected to Increase

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs--as a vector to their customers--are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the...

4.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/05 11:2 a.m.17 views

15.3 Million Request-Per-Second DDoS Attack

Cloudflare is reporting a large DDoS attack against an unnamed company "operating a crypto launchpad." While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/03 4:17 p.m.17 views

Using Pupil Reflection in Smartphone Camera Selfies

Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used: For now, the research is focusing on six different ways a user can hold a device like a smartphone: with both hands, just the left, or just the...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/11 11:4 a.m.17 views

De-anonymizing Bitcoin

Andy Greenberg wrote a long article -- an excerpt from his new book -- on how law enforcement de-anonymized bitcoin transactions to take down a global child porn ring. Within a few years of Bitcoins arrival, academic security researchers -- and then companies like Chainalysis -- began to tear...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/15 11:1 a.m.17 views

US Critical Infrastructure Companies Will Have to Report When They Are Hacked

This will be law soon: Companies critical to U.S. national interests will now have to report when theyre hacked or they pay ransomware, according to new rules approved by Congress. … The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/21 12:31 p.m.17 views

Stealing Bicycles by Swapping QR Codes

This is a clever hack against those bike-rental kiosks: Theyre stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app. The app doesnt work for the ride...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/14 6:2 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia on June 3, 2022. I’m speaking at the RSA Conference 2022 in San Francisco...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/24 12:27 p.m.17 views

Linux-Targeted Malware Increased by 35%

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/21 12:6 p.m.17 views

China’s Olympics App Is Horribly Insecure

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, ha...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/14 6:2 p.m.17 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/22 9:10 p.m.17 views

Friday Squid Blogging: Squid Eating Maine Shrimp

Squid are eating Maine shrimp, causing a collapse of the ecosystem. This seems to be a result of climate change. Maines shrimp fishery has been closed for nearly a decade since the stocks collapse in 2013. Scientists are now saying a species of squid that came into the Gulf of Maine during a...

Exploits0
Schneier on Security
Schneier on Security
added 2021/10/01 2:56 p.m.17 views

A Death Due to Ransomware

The Wall Street Journal is reporting on a babys death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. Amid the hack, fewer eyes were on the heart monitors -- normally tracked on a large screen at the nurses station, in...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/24 9:20 p.m.17 views

Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk

No, I dont understand it, either. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/09 11:13 a.m.17 views

More Detail on the Juniper Hack and the NSA PRNG Backdoor

We knew the basics of this story, but its good to have more detail. Heres me in 2015 about this Juniper hack. Heres me in 2007 on the NSA backdoor...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 7:21 p.m.17 views

Hacker-Themed Board Game

Black Hat is a hacker-themed board game...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/21 12:6 p.m.17 views

Cellebrite Can Break Signal

Cellebrite announced that it can break Signal. Note that the company has heavily edited its blog post, but the original -- with lots of technical details -- was saved by the Wayback Machine. News article. Slashdot post. The whole story is puzzling. Cellebrites details will make it easier for the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/12 11:8 a.m.17 views

Cryptanalysis of an Old Zip Encryption Algorithm

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/02 2:26 p.m.17 views

The Security Value of Inefficiency

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that's all profitable. Inefficiency, on th...

Exploits0
Schneier on Security
Schneier on Security
added 2018/09/28 11:24 a.m.17 views

Yet Another IoT Cybersecurity Document

This one is from NIST: "Considerations for Managing Internet of Things IoT Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 9:14 p.m.17 views

Friday Squid Blogging: Squids from Space Video Game

An early preview. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/09 9:25 p.m.17 views

Friday Squid Blogging: Sex Is Traumatic for the Female Dumpling Squid

The more they mate, the sooner they die. Academic paper paywall. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/08 12:15 p.m.17 views

Safety and Security and the Internet of Things

Ross Anderson blogged about his new paper on security and safety concerns about the Internet of Things. See also this short video. It's very much along the lines of what I've been writing...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/02 11:6 a.m.17 views

WannaCry and Vulnerabilities

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims' access to their computers...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/26 11:3 a.m.16 views

One Million Passports Leaked Online

A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential--a passport--was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it's the low-value system that got hacked, putting th...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/04 11:4 a.m.16 views

Hacking Meta’s AI Chatbot

Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automate...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/11 11:4 a.m.16 views

LLMs and Text-in-Text Steganography

Turns out that LLMs are really good at hiding text messages in other text messages...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/21 10:8 p.m.16 views

Friday Squid Blogging: New “Squid” Sneaker

I did not know Adidas sold a sneaker called "Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/04 11:6 a.m.16 views

Generative AI as a Cybercrime Assistant

Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/19 11:6 a.m.16 views

The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”

In response to a FOIA request, the NSA released "Fifty Years of Mathematical Cryptanalysis 1937-1987," by Glenn F. Stahly, with a lot of redactions. Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a few less redactions. And nothi...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/07 11:3 a.m.16 views

Chinese AI Submersible

A Chinese company has developed an AI-piloted submersible that can reach speeds "similar to a destroyer or a US Navy torpedo," dive "up to 60 metres underwater," and "remain static for more than a month, like the stealth capabilities of a nuclear submarine." In case you're worried about the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/28 6:17 p.m.16 views

Windscribe Acquitted on Charges of Not Collecting Users’ Data

The company doesn't keep logs, so couldn't turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/09 11:2 a.m.16 views

How to Leak to a Journalist

Neiman Lab has some good advice on how to leak a story to a journalist...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/08 11:8 a.m.16 views

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today's threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 8:55 p.m.16 views

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/14 4:4 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is "Should the USG Establish a Publicly Funded AI Option?" The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/12 11:1 a.m.16 views

Smuggling Gold by Disguising it as Machine Parts

Someone got caught trying to smuggle 322 pounds of gold thats about a quarter of a cubic foot out of Hong Kong. It was disguised as machine parts: On March 27, customs officials x-rayed two air compressors and discovered that they contained gold that had been "concealed in the integral parts" of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/09 1:56 p.m.16 views

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

The US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior US government officials. From the executive summary: The Board finds that this intrusion was preventable...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/05 9:2 p.m.16 views

Friday Squid Blogging: SqUID Bots

Theyre AI warehouse robots. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/14 11:1 a.m.16 views

Automakers Are Sharing Driver Data with Insurers without Consent

Kasmir Hill has the story: Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/19 4:15 p.m.16 views

EU Court of Human Rights Rejects Encryption Backdoors

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights: Seemingly most critically, the Russian government told the ECHR that any intrusion on private lives resulting from decrypting messages was "necessary" to combat terrorism in...

7.1AI score
Exploits0
Total number of security vulnerabilities2981