Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2023/10/25 11:7 a.m.16 views

Microsoft is Soft-Launching Security Copilot

Microsoft has announced an early access program for its LLM-based security chatbot assistant: Security Copilot. I am curious whether this thing is actually useful...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/15 7:12 p.m.16 views

LLM Summary of My Book Beyond Fear

Claude Anthropics LLM was given this prompt: Please summarize the themes and arguments of Bruce Schneiers book Beyond Fear. Im particularly interested in a taxonomy of his ethical arguments--please expand on that. Then lay out the most salient criticisms of the book. Claudes reply: Heres a brief...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/14 4:1 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT. The list is maintained on this page...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/06 11:5 a.m.16 views

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet--and the recovery key--and therefore $38.9 million. It is now in bankruptcy. I cant understand why anyone thinks these technologies are a good idea...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/18 9:2 p.m.16 views

Friday Squid Blogging: Squid Brand Fish Sauce

Squid Brand is a Thai company that makes fish sauce: It is part of Squid Brands range of "personalized healthy fish sauces" that cater to different consumer groups, which include the Mild Fish Sauce for Kids and Mild Fish Sauce for Silver Ages. It also has a Vegan Fish Sauce. As usual, you can al...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/19 5:3 p.m.16 views

Practice Your Security Prompting Skills

Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. Its a great teaching tool. I am stuck on Level 7. Feel free to give hints and...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/11 11:57 a.m.16 views

Privacy of Printing Services

The Washington Post has an article about popular printing services, and whether or not they read your documents and mine the data when you use them for printing: Ideally, printing services should avoid storing the content of your files, or at least delete daily. Print services should also...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/26 3:36 p.m.16 views

Excel Data Forensics

In this detailed article about academic plagiarism are some interesting details about how to do data forensics on Excel files. It really needs the graphics to understand, so see the description at the link. And, yes, an author of a paper on dishonesty is being accused of dishonesty. Theres more...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/22 3:43 p.m.16 views

AI as Sensemaking for Public Comments

Its become fashionable to think of artificial intelligence as an inherently dehumanizing technology, a ruthless force of automation that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/22 11:15 a.m.16 views

Google Is Not Deleting Old YouTube Videos

Google has backtracked on its plan to delete inactive YouTube videos--at least for now. Of course, it could change its mind anytime it wants. It would be nice if this would get people to think about the vulnerabilities inherent in letting a for-profit monopoly decide what of human creativity is...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/12 2:0 p.m.16 views

Ted Chiang on the Risks of AI

Ted Chiang has an excellent essay in the New Yorker: "Will A.I. Become the New McKinsey?" The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meaning...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/02 2:10 p.m.16 views

NIST Draft Document on Post-Quantum Cryptography Guidance

NIST has released a draft of Special Publication1800-38A: "Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." Its only four pages long, and it doesnt have a lot of detail--more "volumes" are coming, with more...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/26 10:51 a.m.16 views

AI to Aid Democracy

Theres good reason to fear that AI systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated argument. People might fall down political rabbit holes, taken in by superficially convincing bullshit, or obsessed by folies à deux...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 11:2 a.m.16 views

Gaining an Advantage in Roulette

You can beat the game without a computer: On a perfect roulette wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel thats even marginally tilted could develop what Barnett called a drop zone. When the tilt forces the ball to...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/05 3:55 p.m.16 views

FBI (and Others) Shut Down Genesis Market

Genesis Market is shut down: Active since 2018, Genesis Markets slogan was, "Our store sells bots with logs, cookies, and their real fingerprints." Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stol...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/04 2:10 p.m.16 views

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

News: Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack thats unfolded over the past week. Kaspersky declined to name any of those victim...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/31 9:8 p.m.16 views

Friday Squid Blogging: Giant Squid vs. Blue Marlin

Epic matchup. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/28 11:13 a.m.16 views

Security Vulnerabilities in Snipping Tools

Both Googles Pixels Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/10 8:5 p.m.16 views

Elephant Hackers

An elephant uses its right-of-way privileges to stop sugar-cane trucks and grab food...

3.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/03 3:58 p.m.16 views

Nick Weaver on Regulating Cryptocurrency

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space--with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/10 11:24 a.m.16 views

Hacking the Tax Code

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input--financial information for the year--and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and speci...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/26 12:8 p.m.16 views

On Alec Baldwin’s Shooting

We recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I dont know the details of the case, nor the intricacies of the law, but I have a question about movie props. Why was an actual gun used on the set? And why were actual...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/20 12:25 p.m.16 views

Real-World Steganography

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice DOJ indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/14 4:29 p.m.16 views

Booklist Review of A Hacker’s Mind

Booklist reviews A Hackers Mind: Author and public-interest security technologist Schneier Data and Goliath, 2015 defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system … at the expense of someone else affected by the system.” In accessing the security...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/13 10:8 p.m.16 views

Friday Squid Blogging: How to Buy Fresh or Frozen Squid

Good advice on buying squid. I like to buy whole fresh squid and clean it myself. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/16 12:4 p.m.16 views

Apple Patches iPhone Zero-Day

The most recent iPhone update--to version 16.1.2--patches a zero-day vulnerability that "may have been actively exploited against versions of iOS released before iOS 15.1." News: Apple said security researchers at Googles Threat Analysis Group, which investigates nation state-backed spyware,...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/22 3:28 p.m.16 views

Apple’s Device Analytics Can Identify iCloud Users

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apples device analytics data includes an iCloud account and can be linked directly to a specific user, including their name,...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/18 6:8 p.m.16 views

First Review of A Hacker’s Mind

Kirkus reviews A Hackers Mind: A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody, regularly...

Exploits0
Schneier on Security
Schneier on Security
added 2022/11/11 8:11 p.m.16 views

New Book: A Hacker’s Mind

I have a new book coming out in February. Its about hacking. A Hackers Mind: How the Powerful Bend Societys Rules, and How to Bend them Back isnt about hacking computer systems; its about hacking more general economic, political, and social systems. It generalizes the term hack as a means of...

Exploits0
Schneier on Security
Schneier on Security
added 2022/10/28 1:12 p.m.16 views

Critical Vulnerability in Open SSL

There are no details yet, but its really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. Its likely to be abused to disclose...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/24 11:37 a.m.16 views

On the Randomness of Automatic Card Shufflers

Many years ago, Matt Blaze and I talked about getting our hands on a casino-grade automatic shuffler and looking for vulnerabilities. We never did it--I remember that we didnt even try very hard--but this article shows that we probably would have found non-random properties: …the executives had...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/23 11:43 a.m.16 views

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Okay, its an obscure threat. But people are researching it: Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam." That corresponds to 2...

Exploits0
Schneier on Security
Schneier on Security
added 2022/09/22 11:45 a.m.16 views

Prompt Injection/Extraction Attacks against AI Systems

This is an interesting attack I had not previously considered. The variants are interesting, and I think were just starting to understand their implications...

4.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/02 1:18 p.m.16 views

Montenegro Is the Victim of a Cyberattack

Details are few, but Montenegro has suffered a cyberattack: A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. … But the attack against Montenegro’s...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/29 9:19 p.m.16 views

Friday Squid Blogging: Evolution of the Vampire Squid

Short article on the evolution of the vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/21 1:36 p.m.16 views

Critical Vulnerabilities in GPS Trackers

This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/14 2:31 p.m.16 views

New Browser De-anonymization Technique

Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/11 11:35 a.m.16 views

Nigerian Prison Break

There was a massive prison break in Abuja, Nigeria: Armed with bombs, Rocket Propelled Grenade RPGs and General Purpose Machine Guns GPMG, the attackers, who arrived at about 10:05 p.m. local time, gained access through the back of the prison, using dynamites to destroy the heavily fortified...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/08 11:17 a.m.16 views

Leaking Military Secrets on Gaming Discussion Boards

People are leaking classified military information on discussion boards for the video game War Thunder to win arguments--repeatedly...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/26 11:55 a.m.16 views

Malware-Infested Smart Card Reader

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them. But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/24 11:11 a.m.16 views

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute "good faith" security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solel...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/23 11:9 a.m.16 views

Forging Australian Driver’s Licenses

The New South Wales digital drivers license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN which gets set during the initial onboarding when a user first instals the...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/20 9:7 p.m.16 views

Friday Squid Blogging: Squid Street Art

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/14 5:5 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S N...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/29 9:8 p.m.16 views

Friday Squid Blogging: Ten-Foot Long Squid Washed onto Japanese Shore — ALIVE

This is rare: An about 3-meter-long giant squid was found stranded on a beach here on April 20, in what local authorities said was a rare occurrence. At around 10 a.m., a nearby resident spotted the squid at Ugu beach in Obama, Fukui Prefecture, on the Sea of Japan coast. According to the Obama...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/22 9:4 p.m.16 views

Friday Squid Blogging: Squid Skin–Inspired Insulating Material

Interesting: Drawing inspiration from cephalopod skin, engineers at the University of California, Irvine invented an adaptive composite material that can insulate beverage cups, restaurant to-go bags, parcel boxes and even shipping containers. … "The metal islands in our composite material are ne...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/13 11:32 a.m.16 views

Russian Cyberattack against Ukrainian Power Grid Prevented

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artifacts suggest...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/08 9:12 p.m.16 views

Friday Squid Blogging: Do Squid Have Emotions?

Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we dont know, but cant rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates dont feel pain and other emotions. "If they can no longer be...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/24 11:38 a.m.16 views

Linux Improves Its Random Number Generator

In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new -- identical -- algorithm based on the BLAKE2 hash function, which is an excellent security improvement...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/18 9:15 p.m.16 views

Friday Squid Blogging: The Costs of Unregulated Squid Fishing

Greenpeace has published a report, "Squids in the Spotlight," on the extent and externalities of global squid fishing. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.3AI score
Exploits0
Total number of security vulnerabilities2979