Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2022/04/08 9:12 p.m.16 views

Friday Squid Blogging: Do Squid Have Emotions?

Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we dont know, but cant rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates dont feel pain and other emotions. "If they can no longer be...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/24 11:38 a.m.16 views

Linux Improves Its Random Number Generator

In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new -- identical -- algorithm based on the BLAKE2 hash function, which is an excellent security improvement...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/18 9:15 p.m.16 views

Friday Squid Blogging: The Costs of Unregulated Squid Fishing

Greenpeace has published a report, "Squids in the Spotlight," on the extent and externalities of global squid fishing. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/10 12:6 p.m.16 views

Where’s the Russia-Ukraine Cyberwar?

It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of regional KA-SAT SATC...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/03 12:32 p.m.16 views

Details of an NSA Hacking Operation

Pangu Lab in China just published a report of a hacking operation by the Equation Group aka the NSA. It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers aka some Russian group. …the scope of victims exceeded 287 targets in 45 countries,...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/25 12:15 p.m.16 views

Privacy Violating COVID Tests

A good lesson in reading the fine print: Cignpost Diagnostics, which trades as ExpressTest and offers £35 tests for holidaymakers, said it holds the right to analyse samples from seals to "learn more about human health" -- and sell information on to third parties. Individuals are required to give...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/17 4:40 p.m.16 views

Possible Government Surveillance of the Otter.ai Transcription App

A reporter interviews a Uyghur human-rights advocate, and uses the Otter.ai transcription app. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. It read: “Hey Phelim, to help us improve your Otter’s experience, what was th...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/16 1:0 p.m.16 views

Vendors are Fixing Security Flaws Faster

Googles Project Zero is reporting that software vendors are patching their code faster. tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/15 3:56 p.m.16 views

Secret CIA Data Collection Program

Two US senators claim that the CIA has been running an unregulated -- and almost certainly illegal -- mass surveillance program on Americans. The senators statement. Some declassified information from the CIA. No real details yet...

4.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/11 10:7 p.m.16 views

Friday Squid Blogging: Climate Change Causing “Squid Bloom” along Pacific Coast

The oceans are warmer, which means more squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/10 10:5 p.m.16 views

Friday Squid Blogging: The Far Side Squid Comic

The Far Side is always good for a squid reference. Heres a recent one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/12 10:16 p.m.16 views

Friday Squid Blogging: Giant Squid Art

Images of giant squid and octopi attacking. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/12 3:7 p.m.16 views

MacOS Zero-Day Used against Hong Kong Activists

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a "watering hole" attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Googles researchers were able to trigger the...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/14 4:45 p.m.16 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/10 9:13 p.m.16 views

Friday Squid Blogging: Possible Evidence of Squid Paternal Care

Researchers have found possible evidence of paternal care among bigfin reef squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/08 11:2 a.m.16 views

Security Risks of Relying on a Single Smartphone

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the phone and replaced the SIM card, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 6:2 a.m.16 views

Hacking AI-Graded Tests

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/13 2:28 p.m.16 views

UAE Hack and Leak Operations

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates UAE, Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" ­-- deliberate...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/31 7:4 p.m.16 views

Data and Goliath Book Placement

Notice the copy of Data and Goliath just behind the head of Maine Senator Angus King. This demonstrates the importance of a vibrant color and a large font...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/28 9:11 p.m.16 views

Friday Squid Blogging: Fantastic Video of a Juvenile Giant Squid

It's amazing: Then, about 20 hours into the recording from the Medusa's fifth deployment, Dr. Robinson saw the sharp points of tentacles sneaking into the camera's view. "My heart felt like exploding," he said on Thursday, over a shaky phone connection from the ship's bridge. At first, the animal...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/27 12:25 p.m.16 views

Stealing Nativity Displays

The New York Times is reporting on the security measures people are using to protect nativity displays...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/29 1:10 p.m.16 views

CIA Network Exposed through Insecure Communications System

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/01 11:32 a.m.16 views

IoT Inspector Tool from Princeton

Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post: Finding 3: Many IoT...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/13 12:26 p.m.16 views

Jumping Air Gaps

Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/22 12:25 p.m.16 views

Amazon's Door Lock Is Amazon's Bid to Control Your Home

Interesting essay about Amazon's smart lock: When you add Amazon Key to your door, something more sneaky also happens: Amazon takes over. You can leave your keys at home and unlock your door with the Amazon Key app -- but it's really built for Amazon deliveries. To share online access with family...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/20 12:10 p.m.16 views

Details on the Mirai Botnet Authors

Brian Krebs has a long article on the Mirai botnet authors, who pled guilty...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/27 11:14 a.m.16 views

Firing a Locked Smart Gun

The Armatix IP1 "smart gun" can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/23 11:26 a.m.16 views

Amazon Patents Measures to Prevent In-Store Comparison Shopping

Amazon has been issued a patent on security measures that prevents people from comparison shopping while in the store. It's not a particularly sophisticated patent -- it basically detects when you're using the in-store Wi-Fi to visit a competitor's site and then blocks access -- but it is an...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/07 11:19 a.m.16 views

Surveillance Intermediaries

Interesting law-journal article: "Surveillance Intermediaries," by Alan Z. Rozenshtein. Abstract:Apple's 2016 fight against a court order commanding it to help the FBI unlock the iPhone of one of the San Bernardino terrorists exemplifies how central the question of regulating government...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/18 11:4 a.m.15 views

Embedding Forbidden Text in Spyware to Discourage AI Analysis

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/05 1:21 p.m.15 views

AI Worm

Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner's original 1975 conception of a computer worm that I've seen...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:6 a.m.15 views

The Intersection of Encryption and AI

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:0 a.m.15 views

Microsoft Threatening Security Researcher

An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows--including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/12 11:6 a.m.15 views

Copy.Fail Linux Vulnerability

This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API AFALG sockets plus splice to write four bytes at a time straigh...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/07 11:7 a.m.15 views

Smart Glasses for the Authorities

ICE is developing its own version of smart glasses, with facial recognition tied to various databases...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/23 11:5 a.m.15 views

FBI Extracts Deleted Signal Messages from iPhone Notification Database

404 Media reports alternate site: The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database…. The news shows how forensic...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/04 11:6 a.m.15 views

Generative AI as a Cybercrime Assistant

Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/27 11:7 a.m.15 views

We Are Still Unable to Secure LLMs from Malicious Inputs

Nice indirect prompt injection attack: Bargury's attack starts with a poisoned document, which is shared to a potential victim's Google Drive. Bargury says a victim could have also uploaded a compromised file to their own account. It looks like an official document on company meeting policies. Bu...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/16 1:55 p.m.15 views

Communications Backdoor in Chinese Power Inverters

This is a weird story: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. … Over the past nine...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/07 11:3 a.m.15 views

Chinese AI Submersible

A Chinese company has developed an AI-piloted submersible that can reach speeds "similar to a destroyer or a US Navy torpedo," dive "up to 60 metres underwater," and "remain static for more than a month, like the stealth capabilities of a nuclear submarine." In case you're worried about the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/09 11:2 a.m.15 views

How to Leak to a Journalist

Neiman Lab has some good advice on how to leak a story to a journalist...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/24 10:38 a.m.15 views

More Countries are Demanding Backdoors to Encrypted Apps

Last month, I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating mandating backdoors. Both initiatives are attempting to scare people into supporting backdoors, which are--of course--are terrible ide...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/28 10:0 p.m.15 views

Friday Squid Blogging: Eating Bioluminescent Squid

Firefly squid is now a delicacy in New York. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/27 12:2 p.m.15 views

New VPN Backdoor

A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/23 1:15 a.m.15 views

Surveillance Watch

This is a fantastic project mapping the global surveillance industry...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/19 11:5 a.m.15 views

The State of Ransomware

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/27 11:6 a.m.15 views

Security Analysis of the EU’s Digital Wallet

A group of cryptographers have analyzed the eiDAS 2.0 regulation electronic identification and trust services that defines the new EU Digital Identity Wallet...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/20 11:10 a.m.15 views

Recovering Public Keys from Signatures

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/14 11:5 a.m.15 views

Demo of AES GCM Misuse Problems

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/16 11:3 a.m.15 views

Zero-Trust DNS

Microsoft is working on a promising-looking protocol to lock down DNS. ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform--the core component of the Windows Firewall--directly into client devices. Jake Williams, VP of research an...

7.2AI score
Exploits0
Total number of security vulnerabilities2981