Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2022/06/30 8:4 p.m.13 views

ZuoRAT Malware Is Targeting Routers

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets: So far, researchers from Lumen Technologies Black Lotus Labs say theyve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/15 11:5 a.m.13 views

M1 Chip Vulnerability

This is a new vulnerability against Apples M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/03 9:3 p.m.13 views

Friday Squid Blogging: More on the “Mind Boggling” Squid Genome

Octopus and squid genes are weird. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/27 8:57 p.m.13 views

Friday Squid Blogging: Squid Bites Diver

I agree; the diver deserved it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/12 6:7 p.m.13 views

Surveillance by Driverless Car

San Francisco police are using autonomous vehicles as mobile surveillance cameras. Privacy advocates say the revelation that police are actively using AV footage is cause for alarm. “This is very concerning,” Electronic Frontier Foundation EFF senior staff attorney Adam Schwartz told Motherboard...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/09 2:39 p.m.13 views

Apple Mail Now Blocks Email Trackers

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible "image," typically a single white pixel, with a unique file name. The server keeps track of every time this "image" is opened and by which IP address. This quirk of internet history means that...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/04 11:15 a.m.13 views

New Sophisticated Malware

Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where thin...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/14 4:41 p.m.13 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn,...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/07 2:31 p.m.13 views

US Disrupts Russian Botnet

The Justice Department announced the disruption of a Russian GRU-controlled botnet: The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/25 9:7 p.m.13 views

Friday Squid Blogging: Unexpectedly Low Squid Population in the Arctic

Research: Abstract: The retreating ice cover of the Central Arctic Ocean CAO fuels speculations on future fisheries. However, very little is known about the existence of harvestable fish stocks in this 3.3 million­–square kilometer ecosystem around the North Pole. Crossing the Eurasian Basin, we...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/23 11:16 a.m.13 views

NASA’s Insider Threat Program

The Office of Inspector General has audited NASAs insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agencys information technology IT systems -- including many containing high-value assets or critical...

0.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/14 11:9 a.m.13 views

Leak of Russian Censorship Data

The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization. Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan. The Republic of...

3.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/28 12:26 p.m.13 views

Insurance Coverage for NotPetya Losses

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Mercks insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge "did the right thing for the wrong...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/25 3:35 p.m.13 views

Merck Wins Insurance Lawsuit re NotPetya Attack

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment attached in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/21 10:11 p.m.13 views

Friday Squid Blogging: Piglet Squid

Nice article on the piglet squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/18 12:5 p.m.13 views

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably theyll lean heavily on the "think of the children!" rhetoric were seeing in this current wave of the crypto wars. The technical eavesdroppin...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/12 12:15 p.m.13 views

Faking an iPhone Reboot

Researchers have figured how how to intercept and fake an iPhone reboot: Well dissect the iOS system and show how its possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, its still running. The "NoReboot" approach...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/08 7:19 p.m.13 views

New German Government is Pro-Encryption and Anti-Backdoors

I hope this is true: According to Jens Zimmermann, the German coalition negotiations had made it "quite clear" that the incoming government of the Social Democrats SPD, the Greens and the business-friendly liberal FDP would reject "the weakening of encryption, which is being attempted under the...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/28 11:12 a.m.13 views

More Russian SVR Supply-Chain Attacks

Microsoft is reporting that the same attacker that was behind the SolarWinds breach -- the Russian SVR, which Microsoft is calling Nobelium -- is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/08 6:12 a.m.13 views

More on NIST’s Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/05 8:1 p.m.13 views

Schneier.com is Moving

Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 4:53 p.m.13 views

Friday Squid Blogging: Morning Squid

Asa ika means "morning squid" in Japanese. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/08/07 11:40 a.m.13 views

Measuring the Rationality of Security Decisions

Interesting research: "Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions": Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/26 5:18 p.m.13 views

Google Employees Use a Physical Token as Their Second Authentication Factor

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account access at Google. "We have had no reported or confirmed account takeovers since implementing security key...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/02 10:36 p.m.13 views

Friday Squid Blogging: Kraken Pie

Pretty, but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/22 10:5 p.m.13 views

Friday Squid Blogging: Gonatus Squid Eating a Dragonfish

There's a video: Last July, Choy was on a ship off the shore of Monterey Bay, looking at the video footage transmitted by an ROV many feet below. A Gonatus squid was spotted sucking off the face of a "really huge dragonfish," she says. "It took a little while to figure out what's going on here,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/08/08 2:35 p.m.13 views

Uber Drivers Hacking the System to Cause Surge Pricing

Interesting story about Uber drivers who have figured out how to game the company's algorithms to cause surge pricing: According to the study. drivers manipulate Uber's algorithm by logging out of the app at the same time, making it think that there is a shortage of cars. ... The study said drive...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/22 10:52 a.m.13 views

NSA Insider Security Post-Snowden

According to a recently declassified report obtained under FOIA, the NSA's attempts to protect itself against insider attacks aren't going very well: The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/25 5:7 p.m.13 views

Advances in Ad Blocking

Ad blockers represent the largest consumer boycott in human history. They're also an arms race between the blockers and the blocker blockers. This article discusses a new ad-blocking technology that represents another advance in this arms race. I don't think it will "put an end to the ad-blocking...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/25 5:3 p.m.12 views

AI and Liability

Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like "users can check for themselves," and that they generally know "that information generated with AI should not be blindly trusted," the court held that the AI's summaries are...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/19 9:3 p.m.12 views

Friday Squid Blogging: Victims of Unregulated Squid Fishing

Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/11 11:1 a.m.12 views

Enhanced License Plate Tracking

The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers ALPRs that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/08 11:1 a.m.12 views

Anthropic’s Project Glasswing Update

In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic's claims that it's now common wisdom that Mythos is...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/03 11:4 a.m.12 views

AI Used to Decrypt Medieval Ciphers

Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/15 11:6 a.m.12 views

Bypassing On-Camera Age-Verification Checks

Some AI-based video age-verification checks can be fooled with a fake mustache...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/05 10:42 a.m.12 views

DarkSword Malware

DarkSword is a sophisticated piece of malware--probably government designed--that targets iOS. Google Threat Intelligence Group GTIG has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/04 9:46 a.m.12 views

Hacking Polymarket

Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside for one, it facilitates assassination, one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/29 10:12 a.m.12 views

Claude Mythos Has Found 271 Zero-Days in Firefox

That's a lot. No, it's an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, whi...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/01 4:57 p.m.12 views

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/19 9:47 a.m.12 views

Hacking a Robot Vacuum

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/18 12:3 p.m.12 views

AI Found Twelve New Vulnerabilities in OpenSSL

The title of the post is"What AI Security Research Looks Like When It Works," and I agree: In the latest OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities meaning unknown to the maintainers at time of disclosure were announced. Our AI system is responsible for the...

9.8CVSS5.8AI score0.47621EPSS
Exploits7
Schneier on Security
Schneier on Security
added 2025/10/27 11:8 a.m.12 views

First Wap: A Surveillance Computer You’ve Never Heard Of

Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap's European founders and executives have quiet...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/28 11:9 a.m.12 views

Microsoft SharePoint Zero-Day

Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet...

9.8CVSS9.3AI score0.99982EPSS
Exploits41
Schneier on Security
Schneier on Security
added 2025/05/23 11:2 a.m.12 views

Signal Blocks Windows Recall

This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/16 9:5 p.m.12 views

Friday Squid Blogging: Pet Squid Simulation

From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state hunger, sleepiness, etc.. Implements a vision cone for food detection, simulating realistic foraging behavior. Neural network can...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/12 11:1 a.m.12 views

Florida Backdoor Bill Fails

A Florida bill requiring encryption backdoors failed to pass...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/24 7:35 p.m.12 views

New Linux Rootkit

Interesting: The company has released a working rootkit called "Curing" that uses iouring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/04 9:3 p.m.12 views

Friday Squid Blogging: Two-Man Giant Squid

The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/03 11:5 a.m.12 views

Web 3.0 Requires Data Integrity

If you've ever taken a computer security class, you've probably learned about the three legs of computer security--confidentiality, integrity, and availability--known as the CIA triad. When we talk about a system being secure, that's what we're referring to. All are important, but to different...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/31 11:4 a.m.12 views

The Signal Chat Leak and the NSA

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. "I didn't see this loser in the group," Waltz...

7.5AI score
Exploits0
Total number of security vulnerabilities2980