Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2022/12/14 12:1 p.m.14 views

Hacking Boston’s CharlieCard

Interesting discussion of vulnerabilities and exploits against Bostons CharlieCard...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/02 12:9 p.m.14 views

LastPass Security Breach

The company was hacked, and customer information accessed. No passwords were compromised...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/01 3:10 p.m.14 views

Sirius XM Software Vulnerability

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was i...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/30 12:0 p.m.14 views

Facebook Fined $276M under GDPR

Facebook--Meta--was just fined $276 million USD for a data leak that included full names, birth dates, phone numbers, and location. Metas total fine by the Data Protection Commission is over $700 million. Total GDPR fines are over €2 billion EUR since 2018...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/17 10:53 a.m.14 views

Failures in Twitter’s Two-Factor Authentication System

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/04 9:1 p.m.14 views

Friday Squid Blogging: Newfoundland Giant Squid Sculpture

In 1878, a 55-foot-long giant squid washed up on the shores of Glovers Harbour, Newfoundland. Its the largest giant squid ever recorded--although scientists now think that the size was an exaggeration or the result of postmortem stretching--and theres a full-sized statue of it near the beach wher...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/21 8:12 p.m.14 views

Friday Squid Blogging: The Reproductive Habits of Giant Squid

Interesting: A recent study on giant squid that have washed ashore along the Sea of Japan coast has raised the possibility that the animal has a different reproductive method than many other types of squid. Almost all squid and octopus species are polygamous, with multiple males passing sperm to ...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/21 11:53 a.m.14 views

Adversarial ML Attack that Secretly Gives a Language Model a Point of View

Machine learning security is extraordinarily difficult because the attacks are so varied--and it seems that each new one is weirder than the next. Heres the latest: a training-time attack that forces the model to exhibit a point of view: Spinning Language Models: Risks of Propaganda-As-A-Service...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/04 11:30 a.m.14 views

NSA Employee Charged with Espionage

An ex-NSA employee has been charged with trying to sell classified data to the Russians but instead actually talking to an undercover FBI agent. Its a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks--which is weird in...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/30 9:17 p.m.14 views

Friday Squid Blogging: Breeding the Oval Squid

Japanese scientists are trying to breed the oval squid in captivity. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/27 11:15 a.m.14 views

New Report on IoT Security

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries--the US, the UK, Australia, and Singapore--to secur...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/21 11:35 a.m.14 views

Automatic Cheating Detection in Human Racing

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen--a wide receiver for the Philadelphia Eagles--was disqualified from the 110-meter hurdles at the World Athletics...

Exploits0
Schneier on Security
Schneier on Security
added 2022/09/09 1:33 p.m.14 views

Responsible Disclosure for Cryptocurrency Security

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/23 11:30 a.m.14 views

Signal Phone Numbers Exposed in Twilio Hack

Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed: Heres what our users need to know: All users can rest assured that their message history, contact lists, profile information, whom theyd blocked, and other personal data remain private and secure and...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/17 11:11 a.m.14 views

Zoom Exploit on MacOS

This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter the...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/08/12 2:13 p.m.14 views

Twitter Exposes Personal Information for 5.4 Million Accounts

Twitter accidentally exposed the personal information--including phone numbers and email addresses--for 5.4 million accounts. And someone was trying to sell this information. In January 2022, we received a report through our bug bounty program of a vulnerability in Twitters systems. As a result o...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/23 11:5 a.m.14 views

On the Subversion of NIST by the NSA

Nadiya Kostyuk and Susan Landau wrote an interesting paper: "Dueling Over DUALECDRBG: The Consequences of Corrupting a Cryptographic Standardization Process": Abstract: In recent decades, the U.S. National Institute of Standards and Technology NIST, which develops cryptographic standards for...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/06 3:33 p.m.14 views

Long Story on the Accused CIA Vault 7 Leaker

Long article about Joshua Schulte, the accused leaker of the WikiLeaks Vault 7 and Vault 8 CIA data. Well worth reading...

2.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/09 2:39 p.m.14 views

Apple Mail Now Blocks Email Trackers

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible "image," typically a single white pixel, with a unique file name. The server keeps track of every time this "image" is opened and by which IP address. This quirk of internet history means that...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/01 9:6 p.m.14 views

Friday Squid Blogging: Squid Migration and Climate Change

New research on the changing migration of the Doryteuthis opalescens as a result of climate change. News article: Stanford researchers have solved a mystery about why a species of squid native to California has been found thriving in the Gulf of Alaska about 1,800 miles north of its expected rang...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/24 12:13 p.m.14 views

An Elaborate Employment Con in the Internet Age

The story is an old one, but the tech gives it a bunch of new twists: Gemma Brett, a 27-year-old designer from west London, had only been working at Madbird for two weeks when she spotted something strange. Curious about what her commute would be like when the pandemic was over, she searched for...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/08 4:52 p.m.14 views

Amy Zegart on Spycraft in the Internet Age

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt: In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ -- and not in a good way. Intelligence collectors are...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/14 6:5 p.m.14 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the RSA Conference 2022 in San Francisco on February 8, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn,...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/10 12:37 p.m.14 views

Law Enforcement Access to Chat Data and Metadata

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and its been written about elsewhere. I dont see a lot of surprises in the document. Lots of apps leak all sorts of metadata: iMessage and...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/15 2:18 p.m.14 views

Securing Your Smartphone

This is part 3 of Sean Gallaghers advice for "securing your digital life."...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/11 12:6 p.m.14 views

Advice for Personal Digital Security

ArsTechnicas Sean Gallagher has a two-part article on "securing your digital life." Its pretty good...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/10 12:17 p.m.14 views

Hacking the Sony Playstation 5

I just dont think its possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/29 9:9 p.m.14 views

Friday Squid Blogging: Squid Game Has a Cryptocurrency

In what maybe peak hype, Squid Game has its own cryptocurrency. Not in the fictional show, but in real life. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/21 11:25 a.m.14 views

Problems with Multifactor Authentication

Roger Grimes on why multifactor authentication isnt a panacea: The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted ...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/13 2:47 p.m.14 views

Suing Infrastructure Companies for Copyright Violations

Its a matter of going after those with deep pockets. From Wired: Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didnt terminate...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/05 8:1 p.m.14 views

Schneier.com is Moving

Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 4:53 p.m.14 views

Friday Squid Blogging: Morning Squid

Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 6:18 a.m.14 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/22 2:12 p.m.14 views

Fawkes: Digital Image Cloaking

Fawkes is a system for manipulating digital images so that they aren't recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then u...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/06/26 8:57 p.m.14 views

Friday Squid Blogging: Fishing for Jumbo Squid

Interesting article on the rise of the jumbo squid industry as a result of climate change. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/12/10 12:16 p.m.14 views

Reforming CDA 230

There's a serious debate on reforming Section 230 of the Communications Decency Act. I am in the process of figuring out what I believe, and this is more a place to put resources and listen to people's comments. The EFF has written extensively on why it is so important and dismantling it will be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/26 5:18 p.m.14 views

Google Employees Use a Physical Token as Their Second Authentication Factor

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account access at Google. "We have had no reported or confirmed account takeovers since implementing security key...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/02 10:36 p.m.14 views

Friday Squid Blogging: Kraken Pie

Pretty, but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/22 10:5 p.m.14 views

Friday Squid Blogging: Gonatus Squid Eating a Dragonfish

There's a video: Last July, Choy was on a ship off the shore of Monterey Bay, looking at the video footage transmitted by an ROV many feet below. A Gonatus squid was spotted sucking off the face of a "really huge dragonfish," she says. "It took a little while to figure out what's going on here,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/08 2:35 p.m.14 views

Uber Drivers Hacking the System to Cause Surge Pricing

Interesting story about Uber drivers who have figured out how to game the company's algorithms to cause surge pricing: According to the study. drivers manipulate Uber's algorithm by logging out of the app at the same time, making it think that there is a shortage of cars. ... The study said drive...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/25 5:7 p.m.14 views

Advances in Ad Blocking

Ad blockers represent the largest consumer boycott in human history. They're also an arms race between the blockers and the blocker blockers. This article discusses a new ad-blocking technology that represents another advance in this arms race. I don't think it will "put an end to the ad-blocking...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/26 8:57 p.m.13 views

The Chinese Control the Majority of Argentina’s Squid Fleet

Chinese companies control nearly two-thirds of Argentina’s own squid fleet...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/19 9:3 p.m.13 views

Friday Squid Blogging: Victims of Unregulated Squid Fishing

Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/12 9:5 p.m.13 views

Friday Squid Blogging: Squid-Inspired Fluid Pump

This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/11 11:1 a.m.13 views

Enhanced License Plate Tracking

The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers ALPRs that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/08 11:1 a.m.13 views

Anthropic’s Project Glasswing Update

In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic's claims that it's now common wisdom that Mythos is...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/03 11:4 a.m.13 views

AI Used to Decrypt Medieval Ciphers

Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/15 11:6 a.m.13 views

Bypassing On-Camera Age-Verification Checks

Some AI-based video age-verification checks can be fooled with a fake mustache...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/05 10:42 a.m.13 views

DarkSword Malware

DarkSword is a sophisticated piece of malware--probably government designed--that targets iOS. Google Threat Intelligence Group GTIG has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/04 9:46 a.m.13 views

Hacking Polymarket

Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside for one, it facilitates assassination, one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have...

5.8AI score
Exploits0
Total number of security vulnerabilities2981