Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2025/01/09 5:16 p.m.13 views

Zero-Day Vulnerability in Ivanti VPN

It's being actively exploited...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/19 3:24 p.m.13 views

Mailbox Insecurity

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier, but it's very fragile security...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/03 12:0 p.m.13 views

Algorithms Are Coming for Democracy—but It’s Not All Bad

In 2025, AI is poised to change every aspect of democratic politics--but it won't necessarily be for the worse. India's prime minister, Narendra Modi, has used AI to translate his speeches for his multilingual electorate in real time, demonstrating how AI can help diverse democracies to be more...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/29 12:1 p.m.13 views

Race Condition Attacks against LLMs

These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and mo...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/25 12:9 p.m.13 views

Security Analysis of the MERGE Voting Protocol

Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/10 11:0 a.m.13 views

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs's privacy policy--available elsewhere in the app--allows for blanket...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/12 3:42 p.m.13 views

Microsoft Is Adding New Cryptography Algorithms

Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsofts details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/13 11:4 a.m.13 views

On the Voynich Manuscript

Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript. No one has been able to understand the writing yet, but there are some new understandings: Davis presented her findings at the medieval-studies conference and published them ...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/09 7:4 p.m.13 views

Friday Squid Blogging: SQUID Is a New Computational Tool for Analyzing Genomic AI

Yet another SQUID acronym: SQUID, short for Surrogate Quantitative Interpretability for Deepnets, is a computational tool created by Cold Spring Harbor Laboratory CSHL scientists. Its designed to help interpret how AI models analyze the genome. Compared with other analysis tools, SQUID is more...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/12 9:1 p.m.13 views

Friday Squid Blogging: 1994 Lair of Squid Game

I didnt know: In 1994, Hewlett-Packard released a miracle machine: the HP 200LX pocket-size PC. In the depths of the device, among the MS-DOS productivity apps built into its fixed memory, there lurked a first-person maze game called Lair of Squid. … In Lair of Squid, youre trapped in an underwat...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/08 5:59 p.m.13 views

On the CSRB’s Non-Investigation of the SolarWinds Attack

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsofts culpability, even though they were directed by President Biden to do so...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/14 3:59 p.m.13 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. Im speaking on "Reimagining...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/12 11:2 a.m.13 views

Using AI for Political Polling

Public polling is a critical function of modern political campaigns and movements, but it isnt what it once was. Recent US election cycles have produced copious postmortems explaining both the successes and the flaws of public polling. There are two main reasons polling fails. First, nonresponse...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/03 11:4 a.m.13 views

AI Will Increase the Quantity—and Quality—of Phishing Scams

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review: Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligen...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/30 11:4 a.m.13 views

Supply Chain Attack against Courtroom Software

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode o...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 6:13 p.m.13 views

My TED Talks

I have spoken at several TED conferences over the years. TEDxPSU 2010: "Reconceptualizing Security" TEDxCambridge 2013: "The Battle for Power on the Internet" TEDMed 2016: "Who Controls Your Medical Data?" Im putting this here because I want all three links in one place...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/29 11:7 a.m.13 views

Whale Song Code

During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer--the Combo Signal Recognizer CSR--would detect the specif...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/17 11:8 a.m.13 views

Using AI-Generated Legislative Amendments as a Delaying Technique

Canadian legislators proposed 19,600 amendments--almost certainly AI-generated--to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hackers Mind, but this is a new one...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/15 9:8 p.m.13 views

Friday Squid Blogging: Operation Squid

Operation Squid found 1.3 tons of cocaine hidden in frozen fish. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/08 10:11 p.m.13 views

Friday Squid Blogging: New Plant Looks Like a Squid

Newly discovered plant looks like a squid. And its super weird: The plant, which grows to 3 centimetres tall and 2 centimetres wide, emerges to the surface for as little as a week each year. It belongs to a group of plants known as fairy lanterns and has been given the scientific name...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/05 12:5 p.m.13 views

The Insecurity of Video Doorbells

Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible. First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. … Anyone who can...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/22 5:8 p.m.13 views

New Image/Video Prompt Injection Attacks

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and its really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossibl...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/15 12:4 p.m.13 views

On the Insecurity of Software Bloat

Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of code itself,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/08 12:0 p.m.13 views

On Software Liabilities

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: "Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor." Section 1 of this paper sets the stage by briefly describing the problem to be solved. Section ...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/02 10:3 p.m.13 views

Friday Squid Blogging: Illex Squid in Argentina Waters

Argentina is reporting that there is a good population of illex squid in its waters ready for fishing, and is working to ensure that Chinese fishing boats dont take it all. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my bl...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/26 10:10 p.m.13 views

Friday Squid Blogging: Footage of Black-Eyed Squid Brooding Her Eggs

Amazing footage of a black-eyed squid Gonatus onyx carrying thousands of eggs. They tend to hang out about 6,200 feet below sea level. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/17 12:14 p.m.13 views

Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/15 12:9 p.m.13 views

Voice Cloning with Very Short Samples

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/05 10:5 p.m.13 views

Friday Squid Blogging—18th Anniversary Post: New Species of Pygmy Squid Discovered

Theyre Ryukyuan pygmy squid Idiosepius kijimuna and Hannans pygmy squid Kodama jujutsu. The second one represents an entire new genus. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. And, yes, this is the eighteenth anniversary of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/03 12:7 p.m.13 views

Facial Recognition Systems in the US

A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. This, of course, can all change without notice. Three years ago, I wrote that campaigns to ban facial recognition are too narrow. The problem here is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/20 9:3 p.m.13 views

Friday Squid Blogging: Why There Are No Giant Squid in Aquariums

Theyre too big and we cant recreate their habitat. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/16 11:6 a.m.13 views

Coin Flips Are Biased

Experimental result: Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Pers...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/26 11:15 a.m.13 views

Signal Will Leave the UK Rather Than Add a Backdoor

Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the countrys recently passed Online Safety Bill forced Signa...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/17 11:7 a.m.13 views

Detecting “Violations of Social Norms” in Text with AI

Researchers are trying to use AI to detect "social norms violations." Feels a little sketchy right now, but this is the sort of thing that AIs will get better at. Like all of these systems, anything but a very low false positive rate makes the detection useless in practice. News article...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/11 9:9 p.m.13 views

Friday Squid Blogging: NIWA Annual Squid Survey

Results from the National Institute of Water and Atmospheric Research Limited annual squid survey: This year, the team unearthed spectacular large hooked squids, weighing about 15kg and sitting at 2m long, a Taningia--­which has the largest known light organs in the animal kingdom­--and a few...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/09 11:8 a.m.13 views

Using Machine Learning to Detect Keystrokes

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. "A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards" Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices,...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/01 11:11 a.m.13 views

Hacking AI Resume Screening with Text in a White Font

The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily on simple pattern matching, and the trick is to copy a list of relevant keywords--or the published job description--into the resume in a...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/18 11:13 a.m.13 views

Disabling Self-Driving Cars with a Traffic Cone

You can disable a self-driving car by putting a traffic cone on its hood: The group got the idea for the conings by chance. The person claims a few of them walking together one night saw a cone on the hood of an AV, which appeared disabled. They werent sure at the time which came first; perhaps...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/23 9:6 p.m.13 views

Friday Squid Blogging: Giggling Squid

Giggling Squid is a Thai chain in the UK. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/14 11:2 a.m.13 views

On the Need for an AI Public Option

Artificial intelligence will bring great benefits to all of humanity. But do we really want to entrust this revolutionary technology solely to a small group of US tech companies? Silicon Valley has produced no small number of moral disappointments. Google retired its "dont be evil" pledge before...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/24 11:23 a.m.13 views

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

Its been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means its up to the states to enforce the laws...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/15 11:18 a.m.13 views

Micro-Star International Signing Key Stolen

Micro-Star International--aka MSI--had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computers most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesnt have an automated...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/07 9:4 p.m.13 views

Friday Squid Blogging: Squid Food Poisoning

University of Connecticut basketball player Jordan Hawkins claims to have suffered food poisoning from calamari the night before his NCAA finals game. The restaurant disagrees: On Sunday, a Mastros employee politely cast doubt on the idea that the restaurant might have caused the illness, citing...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/03 11:5 a.m.13 views

UK Runs Fake DDoS-for-Hire Sites

Brian Krebs is reporting that the UKs National Crime Agency is setting up fake DDoS-for-hire sites as part of a sting operation: The NCA says all of its fake so-called "booter" or "stresser" sites -­ which have so far been accessed by several thousand people--have been created to look like they...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/29 11:3 a.m.13 views

The Security Vulnerabilities of Message Interoperability

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/22 11:14 a.m.13 views

ChatGPT Privacy Flaw

OpenAI has disabled ChatGPTs privacy history, almost certainly because they had a security flaw where users were seeing each others histories...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/14 4:54 p.m.13 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Mobile World Congress 2023 in Barcelona, Spain, on March 1, 2023 at 1:00 PM CET. I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/13 7:54 p.m.13 views

On Pig Butchering Scams

"Pig butchering" is the colorful name given to online cons that trick the victim into giving money to the scammer, thinking it is an investment opportunity. Its a rapidly growing area of fraud, and getting more sophisticated...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/01 12:8 p.m.13 views

Passwords Are Terrible (Surprising No One)

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior--including Password1234, Password1234!, and ChangeItN0w!--were weak enough to be cracked using standard methods, a recently published security audit of the...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/21 12:18 p.m.13 views

Publisher’s Weekly Review of A Hacker’s Mind

Publishers Weekly reviewed A Hackers Mind--and its a starred review! "Hacking is something that the rich and powerful do, something that reinforces existing power structures," contends security technologist Schneier Click Here to Kill Everybody in this excellent survey of exploitation. Taking a...

1.4AI score
Exploits0
Total number of security vulnerabilities2981