Lucene search
K
SchneierMost viewed

2978 matches found

Schneier on Security
Schneier on Security
added 2023/09/22 9:9 p.m.15 views

Friday Squid Blogging: New Squid Species

An ancient squid: New research on fossils has revealed that a vampire-like ancient squid haunted Earths oceans 165 million years ago. The study, published in June edition of the journal Papers in Palaeontology, says the creature had a bullet-shaped body with luminous organs, eight arms and sucker...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/19 11:8 a.m.15 views

Detecting AI-Generated Text

There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes: Do AI detectors work? In short, no. While some including OpenAI have released tools that purport to detect AI-generated content, none of these have proven to reliably...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/15 9:8 p.m.15 views

Friday Squid Blogging: Cleaning Squid

Two links on how to properly clean squid. I learned a few years ago, in Spain, and got pretty good at it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/14 11:2 a.m.15 views

China Hacked Japan’s Military Networks

The NSA discovered the intrusion in 2020--we dont know how--and alerted the Japanese. The Washington Post has the story: The hackers had deep, persistent access and appeared to be after anything they could get their hands on--plans, capabilities, assessments of military shortcomings, according to...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/25 11:5 a.m.15 views

New York Using AI to Detect Subway Fare Evasion

The details are scant--the article is based on a "heavily redacted" contract--but the New York subway authority is using an "AI system" to detect people who dont pay the subway fare. Joana Flores, an MTA spokesperson, said the AI system doesnt flag fare evaders to New York police, but she decline...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/20 11:12 a.m.15 views

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

The Atlantic Council released a detailed commentary on the White Houses new "Implementation Plan for the 2023 US National Cybersecurity Strategy." Lots of interesting bits. So far, at least three trends emerge: First, the plan contains a somewhat more concrete list of actions than its parent...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/14 9:0 p.m.15 views

Friday Squid Blogging: Balloon Squid

Masayoshi Matsumoto is a "master balloon artist," and he made a squid and other animals. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/04 11:12 a.m.15 views

The Password Game

Amusing parody of password rules. BoingBoing: For example, at a certain level, your password must include todays Wordle answer. And then theres rule 27: "At least 50% of your password must be in the Wingdings font." EDITED TO ADD 7/13: Here are all the rules...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/16 7:7 p.m.15 views

Security and Human Behavior (SHB) 2023

Im just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/07 11:6 a.m.15 views

How Attorneys Are Harming Cybersecurity Incident Response

New paper: "Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys": Abstract: Incident Response IR allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/31 2:53 p.m.15 views

Chinese Hacking of US Critical Infrastructure

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/19 9:6 p.m.15 views

Friday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away

A Peruvian oversight law has the opposite effect: Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing its activities to be tracked in real time 24 hours a day. The equipment, which tracks a vessels geographic position and fishing...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/11 11:17 a.m.15 views

Building Trustworthy AI

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine youre using an AI chatbot to plan a vacation. Did it suggest a particular resort because i...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/10 3:25 p.m.15 views

FBI Disables Russian Malware

Reuters is reporting that the FBI "had identified and disabled malware wielded by Russias FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russias leading cyber spying programs." The headline says that the FBI "sabotaged...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/04 10:45 a.m.15 views

Large Language Models and Elections

Earlier this week, the Republican National Committee released a video that it claims was "built entirely with AI imagery." The content of the ad isnt especially novel--a dystopian vision of America under a second term with President Joe Biden--but the deliberate emphasis on the technology used to...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/21 9:4 p.m.15 views

Friday Squid Blogging: More on Squid Fishing

The squid you eat most likely comes from unregulated waters. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/21 6:11 p.m.15 views

Hacking Pickleball

My latest book, A Hackers Mind, has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesnt explicitly break the rules. Heres an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 11:23 a.m.15 views

NetWire Remote Access Trojan Maker Arrested

From Brian Krebs: A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan RAT marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/10 10:5 p.m.15 views

Friday Squid Blogging: Chinese Squid Fishing in the Southeast Pacific

Chinese squid fishing boats are overwhelming Ecuador and Peru. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/20 12:9 p.m.15 views

Fines as a Security System

Tile has an interesting security solution to make its tracking tags harder to use for stalking: The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the companys in-app feature that lets you know if any nearby Tiles are following you. But to activate the new Anti-Theft...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/24 12:14 p.m.15 views

Bulk Surveillance of Money Transfers

Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney generals office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/23 12:2 p.m.15 views

No-Fly List Exposed

I cant remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we cant arrest them. Back when I thought about it a lot, I realized that the TSAs practice of giving it to every airline meant...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/04 12:17 p.m.15 views

Decarbonizing Cryptocurrencies through Taxation

Maintaining bitcoin and other cryptocurrencies causes about 0.3 percent of global CO2 emissions. That may not sound like a lot, but its more than the emissions of Switzerland, Croatia, and Norway combined. As many cryptocurrencies crash and the FTX bankruptcy moves into the litigation stage,...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/30 12:18 p.m.15 views

Recovering Smartphone Voice from the Accelerometer

Yet another smartphone side-channel attack: "EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers": Abstract: Eavesdropping from the users smartphone is a well-known threat to the users safety and privacy. Existing studies show that loudspeaker reverberatio...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/15 2:30 a.m.15 views

Reimagining Democracy

Last week, I hosted a two-day workshop on reimagining democracy. The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a "what we need to do today" perspective and more from a blue-sky future perspective. My remit ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/06 12:4 p.m.15 views

CryWiper Data Wiper Targeting Russian Sites

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data thats not vital for the functioning of the operating system. It doesnt affect files with extensions .exe, .dll, .lnk, .sys or .msi, and ignores sever...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/17 3:7 p.m.15 views

Hacking Automobile Keyless Entry Systems

Suspected members of a European car-theft ring have been arrested: The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/03 11:25 a.m.15 views

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

This is interesting research: In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/12 2:41 p.m.15 views

New Linux Cryptomining Malware

Its pretty nasty: The malware was dubbed "Shikitega" for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to "mutate" its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/01 12:18 p.m.15 views

Clever Phishing Scam Uses Legitimate PayPal Messages

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email. The email lists a phone number to dispute the charge, which is not PayPal and quickly turns into a request to download and...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/24 11:40 a.m.15 views

Mudge Files Whistleblower Complaint against Twitter

Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitters chief security officer until he was fired in January. The Washington Post has the...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/12 11:38 a.m.15 views

A Taxonomy of Access Control

My personal definition of a brilliant idea is one that is immediately obvious once its explained, but no one has thought of it before. I cant believe that no one has described this taxonomy of access control before Ittay Eyal laid it out in this paper. The paper is about cryptocurrency wallet...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/26 12:57 p.m.15 views

Apple’s Lockdown Mode

I havent written about Apples Lockdown Mode yet, mostly because I havent delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/18 2:49 p.m.15 views

Facebook Is Now Encrypting Links to Prevent URL Stripping

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102, which it...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/15 9:4 p.m.15 views

Friday Squid Blogging: Squid Inks Fisherman

Short video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/13 11:0 a.m.15 views

Post-Roe Privacy

This is an excellent essay outlining the post-Roe privacy threat model. Summary: period tracking apps are largely a red herring. Taken together, this means the primary digital threat for people who take abortion pills is the actual evidence of intention stored on your phone, in the form of texts,...

Exploits0
Schneier on Security
Schneier on Security
added 2022/07/01 2:33 p.m.15 views

Analyzing the Swiss E-Voting System

Andrew Appel has a long analysis of the Swiss online voting system. Its a really good analysis of both the system and the official analyses...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/27 11:42 a.m.15 views

2022 Workshop on Economics and Information Security (WEIS)

I did not attend WEIS this year, but Ross Anderson was there and liveblogged all the talks...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/24 9:4 p.m.15 views

Friday Squid Blogging: Squid Cubes

Researchers thaw squid frozen into a cube and often make interesting discoveries. Okay, this is a weird story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 11:22 a.m.15 views

Smartphones and Civilians in Wartime

Interesting article about civilians using smartphones to assist their militaries in wartime, and how that blurs the important legal distinction between combatants and non-combatants: The principle of distinction between the two roles is a critical cornerstone of international humanitarian law­--t...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/29 2:18 p.m.15 views

Video Conferencing Apps Sometimes Ignore the Mute Button

New research: "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps": Abstract: In the post-pandemic era, video conferencing apps VCAs have converted previously private spaces -- bedrooms, living rooms, and kitchens -- into semi-public extensions of the office. And...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/21 12:16 p.m.15 views

Long Article on NSO Group

Ronan Farrow has a long article in the New Yorker on NSO Group, which includes the news that someone -- probably Spain -- used the software to spy on domestic Catalonian separatists...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/19 8:12 p.m.15 views

Undetectable Backdoors in Machine-Learning Models

New paper: "Planting Undetectable Backdoors in Machine Learning Models": Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectab...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/14 3:46 p.m.15 views

Industrial Control System Malware Discovered

The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream thats designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. Theres also no indicati...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/06 2:38 p.m.15 views

Cyberweapons Arms Manufacturer FinFisher Shuts Down

FinFisher has shut down operations. This is the spyware company whose products were used, among other things, to spy on Turkish and Bahraini political opposition...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/29 11:2 a.m.15 views

A Detailed Look at the Conti Ransomware Gang

Based on two years of leaked messages, 60,000 in all: The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers should process their code, and shares best...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/16 1:0 p.m.15 views

Vendors are Fixing Security Flaws Faster

Googles Project Zero is reporting that software vendors are patching their code faster. tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/17 12:16 p.m.15 views

An Examination of the Bug Bounty Marketplace

Heres a fascinating report: "Bounty Everything: Hackers and the Making of the Global Bug Marketplace." From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ -- programs that hire hackers to discover an...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/13 3:35 p.m.15 views

Using Foreign Nationals to Bypass US Surveillance Restrictions

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/07 10:11 p.m.15 views

Friday Squid Blogging: Squid Prices Are Rising

The price of squid in Korea is rising due to limited supply. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Total number of security vulnerabilities2978