Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2022/03/29 11:2 a.m.15 views

A Detailed Look at the Conti Ransomware Gang

Based on two years of leaked messages, 60,000 in all: The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers should process their code, and shares best...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/17 12:16 p.m.15 views

An Examination of the Bug Bounty Marketplace

Heres a fascinating report: "Bounty Everything: Hackers and the Making of the Global Bug Marketplace." From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs­ -- programs that hire hackers to discover an...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/13 3:35 p.m.15 views

Using Foreign Nationals to Bypass US Surveillance Restrictions

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/07 10:11 p.m.15 views

Friday Squid Blogging: Squid Prices Are Rising

The price of squid in Korea is rising due to limited supply. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/17 1:53 p.m.15 views

Is Microsoft Stealing People’s Bookmarks?

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but its too late. Has this happened to anyone else, or was this user error of some sort?...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/11 9:5 p.m.15 views

Friday Squid Blogging: Calamari vs. Squid

St. Louis Magazine answers the important question: "Is there a difference between calamari and squid?" Short answer: no. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 6:40 a.m.15 views

US Postal Service Files Blockchain Voting Patent

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/03 9:7 p.m.15 views

Friday Squid Blogging: Strawberry Squid

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/30 3:15 p.m.15 views

Android Apps Stealing Facebook Credentials

Google has removed 25 Android apps from its store because they steal Facebook credentials: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/01 11:32 a.m.15 views

IoT Inspector Tool from Princeton

Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post: Finding 3: Many IoT...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/13 12:26 p.m.15 views

Jumping Air Gaps

Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/22 12:25 p.m.15 views

Amazon's Door Lock Is Amazon's Bid to Control Your Home

Interesting essay about Amazon's smart lock: When you add Amazon Key to your door, something more sneaky also happens: Amazon takes over. You can leave your keys at home and unlock your door with the Amazon Key app -- but it's really built for Amazon deliveries. To share online access with family...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/20 12:10 p.m.15 views

Details on the Mirai Botnet Authors

Brian Krebs has a long article on the Mirai botnet authors, who pled guilty...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/27 11:14 a.m.15 views

Firing a Locked Smart Gun

The Armatix IP1 "smart gun" can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/23 9:23 p.m.15 views

Friday Squid Blogging: Injured Giant Squid Video

A paddleboarder had a run-in with an injured giant squid. Video. Here's the real story. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/23 7:19 p.m.15 views

ICE is Using Stingray to Track Illegal Immigrants

According to court documents, US Immigration and Customs Enforcement is using Stingray cell-site simulators to track illegal immigrants...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/01 10:53 a.m.14 views

Papa Johns Surveillance-Based Advertising

Papa Johns is spying on people's buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they're low on groceries--and thus more likely to be swayed by a mouth-watering...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/23 11:3 a.m.14 views

Anthropic’s Fable 5 Model Jailbroken Within Days

Fable 5 is the supposed safe version of Anthropic's Mythos Preview, with guardrails to ensure that it can't be used to create cyberattacks. Well, that restriction was bypassed within days...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/05 1:21 p.m.14 views

AI Worm

Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner's original 1975 conception of a computer worm that I've seen...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:6 a.m.14 views

The Intersection of Encryption and AI

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:0 a.m.14 views

Microsoft Threatening Security Researcher

An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows--including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/12 11:6 a.m.14 views

Copy.Fail Linux Vulnerability

This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API AFALG sockets plus splice to write four bytes at a time straigh...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/23 11:5 a.m.14 views

FBI Extracts Deleted Signal Messages from iPhone Notification Database

404 Media reports alternate site: The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database…. The news shows how forensic...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/25 12:0 p.m.14 views

Four Ways AI Is Being Used to Strengthen Democracies Worldwide

Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from A...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/03 11:7 a.m.14 views

New Linux Vulnerabilities

They're interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux...

4.7CVSS4.8AI score0.00668EPSS
Exploits3
Schneier on Security
Schneier on Security
added 2025/05/14 11:3 a.m.14 views

Google’s Advanced Protection Now on Android

Google has extended its Advanced Protection features to Android devices. It's not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/23 4:2 p.m.14 views

Regulating AI Behavior with a Hypervisor

Interesting research: "Guillotine: Hypervisors for Isolating Malicious AIs." Abstract :As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/18 9:2 p.m.14 views

Friday Squid Blogging: Live Colossal Squid Filmed

A live colossal squid was filmed for the first time in the ocean. It's only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/02 11:4 a.m.14 views

Rational Astrologies and Security

John Kelsey and I wrote a short paper for the Rossfest Festschrift: "Rational Astrologies and Security": There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/28 11:1 a.m.14 views

AIs as Trusted Third Parties

This is a truly fascinating paper: "Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography." The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit t...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/21 6:26 p.m.14 views

My Writings Are in the LibGen AI Training Corpus

The Atlantic has a search tool that allows you to search for specific works in the "LibGen" database of copyrighted works that Meta used to train its AI models. The rest of the article is behind a paywall, but not the search tool. It’s impossible to know exactly which parts of LibGen Meta used to...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/28 10:0 p.m.14 views

Friday Squid Blogging: Eating Bioluminescent Squid

Firefly squid is now a delicacy in New York. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/24 12:8 p.m.14 views

More Research Showing AI Breaking the Rules

These researchers had LLMs play chess against better opponents. When they couldn't win, they sometimes resorted to cheating. Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than an...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/08 3:56 p.m.14 views

UK Is Ordering Apple to Break Its Own Encryption

The Washington Post is reporting that the UK government has served Apple with a "technical capability notice" as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/10 4:27 p.m.14 views

Apps That Are Spying on Your Location

404 Media and Wired are reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating ap...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/13 4:33 p.m.14 views

Ultralytics Supply-Chain Attack

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­--which has almost 60 million downloads--was published to the Python Package Index PyPI package repository. The...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/13 6:2 p.m.14 views

My TedXBillings Talk

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is live. Please share. Im hoping for more than 200 views…...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/03 4:3 p.m.14 views

List of Old NSA Training Videos

The NSAs "National Cryptographic School Television Catalogue" from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/26 4:21 p.m.14 views

Compromising the Secure Boot Process

This isnt good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised ...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/17 4:3 p.m.14 views

Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious

6.8%, to be precise. From ZDNet: However, Distributed Denial of Service DDoS attacks continue to be cybercriminals weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDo...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/02 6:11 p.m.14 views

Upcoming Book on AI and Democracy

If youve been reading my blog, youve noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders. I am pleased to announce that were writing a book on the topic. This isnt a book about deep fakes, or misinformation. This is a book about what happens when AI...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 11:4 a.m.14 views

The Justice Department Took Down the 911 S5 Botnet

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/04 11:8 a.m.14 views

Breaking a Password Manager

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/03 11:6 a.m.14 views

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/24 11:7 a.m.14 views

On the Zero-Day Market

New paper: "Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market": Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike an...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/01 11:9 a.m.14 views

AI Voice Scam

Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/22 3:26 p.m.14 views

Using Legitimate GitHub URLs for Malware

Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/18 11:3 a.m.14 views

Drones and the US Air Force

Fascinating analysis of the use of drones on a modern battlefield--that is, Ukraine--and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/13 11:7 a.m.14 views

Burglars Using Wi-Fi Jammers to Disable Security Cameras

The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/04 12:1 p.m.14 views

LLM Prompt Injection Worm

Researchers have demonstrated a worm that spreads through prompt injection. Details: In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which "poisons" the database of an email assistant using retrieval-augmented generation RAG, a way for...

7.2AI score
Exploits0
Total number of security vulnerabilities2979