Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2024/02/12 4:49 p.m.14 views

On Passkey Usability

Matt Burgess tries to only use passkeys. The results are mixed...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/09 6:10 p.m.14 views

No, Toothbrushes Were Not Used in a Massive DDoS Attack

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong, and then everyone else ran with it without reading the German text. It was a hypothetical, whi...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/02 12:1 p.m.14 views

A Self-Enforcing Protocol to Solve Gerrymandering

In 2009, I wrote: There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. Another way is for one person to divide the piece, and the other person to complain to the police, a judge, o...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/30 12:12 p.m.14 views

NSA Buying Bulk Surveillance Data on Americans without a Warrant

It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until its told otherwise. Some news articles...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/29 12:3 p.m.14 views

Microsoft Executives Hacked

Microsoft is reporting that a Russian intelligence agency--the same one responsible for SolarWinds--accessed the email system of the companys executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and ga...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/12 12:3 p.m.14 views

On IoT Devices and Software Liability

New law journal article: Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/11 12:9 p.m.14 views

Pharmacies Giving Patient Records to Police without Warrants

Add pharmacies to the list of industries that are giving private data to the police without a warrant...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/19 12:9 p.m.14 views

OpenAI Is Not Training on Your Dropbox Documents—Today

Theres a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Heres CNBC. Heres Boing Boing. Some articles are more nuanced, but theres still a lot of confusion. It seems not to be true. Dropbox isnt sharing all of your documents with OpenAI. But...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/22 12:8 p.m.14 views

Apple to Add Manual Authentication to iMessage

Signal has had the ability to manually authenticate another account for years. iMessage is getting it: The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is wh...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/14 5:1 p.m.14 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/03 9:5 p.m.14 views

Friday Squid Blogging: Eating Dancing Squid

Its not actually alive, but it twitches in response to soy sauce. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/03 11:1 a.m.14 views

New York Increases Cybersecurity Rules for Financial Companies

Another example of a large and influential state doing things the federal government wont: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/20 11:6 a.m.14 views

On the Cybersecurity Jobs Shortage

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/18 11:2 a.m.14 views

Using Hacked LastPass Keys to Steal Cryptocurrency

Remember last November, when hackers broke into the network for LastPass--a password database--and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, theyre now using that data break into crypto wallets and drain them: $35 million and counting, all going...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/14 11:5 a.m.14 views

Fake Signal and Telegram Apps in the Google Play Store

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/01 11:7 a.m.14 views

Spyware Vendor Hacked

A Brazilian spyware app vendor was hacked by activists: In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/11 11:8 a.m.14 views

The Inability to Simultaneously Verify Sentience, Location, and Identity

Really interesting "systematization of knowledge" paper: "SoK: The Ghost Trilemma" Abstract: Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/28 11:6 a.m.14 views

Indirect Instruction Injection in Multi-Modal LLMs

Interesting research: "Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs": Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding t...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/01 11:17 a.m.14 views

On the Catastrophic Risk of AI

Earlier this week, I signed on to a short group statement, coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising t...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/26 9:5 p.m.14 views

Friday Squid Blogging: Online Cephalopod Course

Atlas Obscura has a five-part online course on cephalopods, taught by squid biologist Dr. Sarah McAnulty. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/26 11:12 a.m.14 views

Expeditionary Cyberspace Operations

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/25 11:5 a.m.14 views

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs--ChatGPT in particular: Given that weve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, its entirely possible that bad actors have been poisoning ChatGPT for months. We dont know...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/23 11:15 a.m.14 views

Credible Handwriting Machine

In case you dont have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve one of the biggest problems with other homework machines, such as this one that I covered a few months ago after it blew up on social...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 7:7 p.m.14 views

A Hacker’s Mind News

My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. Its been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you in...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/17 9:19 p.m.14 views

Friday Squid Blogging: New Species of Vampire Squid Lives 3,000 Feet below Sea Level

At least, it seems to be a new species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/03 10:23 p.m.14 views

Friday Squid Blogging: We’re Almost at Flying Squid Drones

Researchers are prototyping multi-segment shapeshifter drones, which are "the precursors to flying squid-bots." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/27 12:1 p.m.14 views

Arresting IT Administrators

This is one way of ensuring that IT keeps up with patches: Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/23 10:5 p.m.14 views

Friday Squid Blogging: Injured Giant Squid and Paddleboarder

Heres a video--I dont know where its from--of an injured juvenile male giant squid grabbing on to a paddleboard. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/14 12:1 p.m.14 views

Hacking Boston’s CharlieCard

Interesting discussion of vulnerabilities and exploits against Bostons CharlieCard...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 12:9 p.m.14 views

LastPass Security Breach

The company was hacked, and customer information accessed. No passwords were compromised...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/01 3:10 p.m.14 views

Sirius XM Software Vulnerability

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was i...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/30 12:0 p.m.14 views

Facebook Fined $276M under GDPR

Facebook--Meta--was just fined $276 million USD for a data leak that included full names, birth dates, phone numbers, and location. Metas total fine by the Data Protection Commission is over $700 million. Total GDPR fines are over €2 billion EUR since 2018...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/17 10:53 a.m.14 views

Failures in Twitter’s Two-Factor Authentication System

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/04 9:1 p.m.14 views

Friday Squid Blogging: Newfoundland Giant Squid Sculpture

In 1878, a 55-foot-long giant squid washed up on the shores of Glovers Harbour, Newfoundland. Its the largest giant squid ever recorded--although scientists now think that the size was an exaggeration or the result of postmortem stretching--and theres a full-sized statue of it near the beach wher...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/21 8:12 p.m.14 views

Friday Squid Blogging: The Reproductive Habits of Giant Squid

Interesting: A recent study on giant squid that have washed ashore along the Sea of Japan coast has raised the possibility that the animal has a different reproductive method than many other types of squid. Almost all squid and octopus species are polygamous, with multiple males passing sperm to ...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/21 11:53 a.m.14 views

Adversarial ML Attack that Secretly Gives a Language Model a Point of View

Machine learning security is extraordinarily difficult because the attacks are so varied--and it seems that each new one is weirder than the next. Heres the latest: a training-time attack that forces the model to exhibit a point of view: Spinning Language Models: Risks of Propaganda-As-A-Service...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/11 12:18 p.m.14 views

Inserting a Backdoor into a Machine-Learning System

Interesting research: "ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks, by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/04 11:30 a.m.14 views

NSA Employee Charged with Espionage

An ex-NSA employee has been charged with trying to sell classified data to the Russians but instead actually talking to an undercover FBI agent. Its a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks--which is weird in...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/30 9:17 p.m.14 views

Friday Squid Blogging: Breeding the Oval Squid

Japanese scientists are trying to breed the oval squid in captivity. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/27 11:15 a.m.14 views

New Report on IoT Security

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries--the US, the UK, Australia, and Singapore--to secur...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/21 11:35 a.m.14 views

Automatic Cheating Detection in Human Racing

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen--a wide receiver for the Philadelphia Eagles--was disqualified from the 110-meter hurdles at the World Athletics...

Exploits0
Schneier on Security
Schneier on Security
added 2022/09/09 1:33 p.m.14 views

Responsible Disclosure for Cryptocurrency Security

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/23 11:30 a.m.14 views

Signal Phone Numbers Exposed in Twilio Hack

Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed: Heres what our users need to know: All users can rest assured that their message history, contact lists, profile information, whom theyd blocked, and other personal data remain private and secure and...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/17 11:11 a.m.14 views

Zoom Exploit on MacOS

This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/12 2:13 p.m.14 views

Twitter Exposes Personal Information for 5.4 Million Accounts

Twitter accidentally exposed the personal information--including phone numbers and email addresses--for 5.4 million accounts. And someone was trying to sell this information. In January 2022, we received a report through our bug bounty program of a vulnerability in Twitters systems. As a result o...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/23 11:5 a.m.14 views

On the Subversion of NIST by the NSA

Nadiya Kostyuk and Susan Landau wrote an interesting paper: "Dueling Over DUALECDRBG: The Consequences of Corrupting a Cryptographic Standardization Process": Abstract: In recent decades, the U.S. National Institute of Standards and Technology NIST, which develops cryptographic standards for...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/06 3:33 p.m.14 views

Long Story on the Accused CIA Vault 7 Leaker

Long article about Joshua Schulte, the accused leaker of the WikiLeaks Vault 7 and Vault 8 CIA data. Well worth reading...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/01 9:6 p.m.14 views

Friday Squid Blogging: Squid Migration and Climate Change

New research on the changing migration of the Doryteuthis opalescens as a result of climate change. News article: Stanford researchers have solved a mystery about why a species of squid native to California has been found thriving in the Gulf of Alaska about 1,800 miles north of its expected rang...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/24 12:13 p.m.14 views

An Elaborate Employment Con in the Internet Age

The story is an old one, but the tech gives it a bunch of new twists: Gemma Brett, a 27-year-old designer from west London, had only been working at Madbird for two weeks when she spotted something strange. Curious about what her commute would be like when the pandemic was over, she searched for...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/08 4:52 p.m.14 views

Amy Zegart on Spycraft in the Internet Age

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt: In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ -- and not in a good way. Intelligence collectors are...

0.6AI score
Exploits0
Total number of security vulnerabilities2979