Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2025/03/28 9:4 p.m.12 views

Friday Squid Blogging: Squid Werewolf Hacking Group

In another rare squid/cybersecurity intersection, APT37 is also known as "Squid Werewolf." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/25 11:5 a.m.12 views

Report on Paragon Spyware

Citizen Lab has a new report on Paragon's spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/21 8:30 p.m.12 views

Friday Squid Blogging: A New Explanation of Squid Camouflage

New research: An associate professor of chemistry and chemical biology at Northeastern University, Deravi’s recently published paper in the Journal of Materials Chemistry C sheds new light on how squid use organs that essentially function as organic solar cells to help power their camouflage...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/17 3:9 p.m.12 views

Improvements in Brute Force Attacks

New paper: "GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3." Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/31 10:3 p.m.12 views

Friday Squid Blogging: On Squid Brains

Interesting. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/09 5:16 p.m.12 views

Zero-Day Vulnerability in Ivanti VPN

It's being actively exploited...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/27 12:3 p.m.12 views

Casino Players Using Hidden Cameras for Cheating

The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/17 5:4 p.m.12 views

Hacking Digital License Plates

Not everything needs to be digital and "smart." License plates, for example: Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/11 12:2 p.m.12 views

Jailbreaking LLM-Controlled Robots

Surprising no one, it's easy to trick an LLM-controlled robot into ignoring its safety instructions...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/04 12:9 p.m.12 views

AI and the 2024 Elections

It's been the biggest year for elections in human history: 2024 is a "super-cycle" year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/17 3:54 p.m.12 views

Remotely Exploding Pagers

Wow. It seems they all exploded simultaneously, which means they were triggered. Were they each tampered with physically, or did someone figure out how to trigger a thermal runaway remotely? Supply chain attack? Malicious code update, or natural vulnerability? I have no idea, but I expect we will...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/28 11:0 a.m.12 views

Matthew Green on Telegram’s Encryption

Matthew Green wrote a really good blog post on what Telegrams encryption is and is not. EDITED TO ADD 8/28: Another good explainer from Kaspersky...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/14 4:48 p.m.12 views

Texas Sues GM for Collecting Driving Data without Consent

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN: In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to "collect, record, analyze, and transmit highly detailed driving data...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/25 6:37 p.m.12 views

The CrowdStrike Outage and Market-Driven Brittleness

Fridays massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/15 5:13 p.m.12 views

Hacking Scientific Citations

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors names, publication year, journal or conference name, and page numbers of the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/25 11:2 a.m.12 views

Breaking the M-209

Interesting paper about a German cryptanalysis machine that helped break the US M-209 mechanical ciphering machine. The paper contains a good description of how the M-209 works...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/10 11:8 a.m.12 views

Exploiting Mistyped URLs

Interesting research: "Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains": Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/06 3:51 p.m.12 views

Espionage with a Drone

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/24 9:3 p.m.12 views

Friday Squid Blogging: Dana Squid Attacking Camera

Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/20 11:4 a.m.12 views

IBM Sells Cybersecurity Group

IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed--but probably surprisingly small--sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBMs cybersecurity offerings, mostly and weirdly...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/26 9:7 p.m.12 views

Friday Squid Blogging: Searching for the Colossal Squid

A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/29 11:3 a.m.12 views

Lessons from a Ransomware Attack against the British Library

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/07 12:4 p.m.12 views

Teaching LLMs to Be Deceptive

Interesting research: "Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training": Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given th...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/14 5:1 p.m.12 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo IPE24 in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/15 12:1 p.m.12 views

A Robot the Size of the World

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and the...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/06 6:18 p.m.12 views

Security Analysis of a Thirteenth-Century Venetian Election Protocol

Interesting analysis: This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/30 4:48 p.m.12 views

Extracting GPT’s Training Data

This is clever: The actual attack is kind of silly. We prompt the model with the command "Repeat the word poem forever" and sit back and watch as the model responds complete transcript here. In the abridged example above, the model emits a real email address and phone number of some unsuspecting...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/28 8:19 p.m.12 views

Digital Car Keys Are Coming

Soon we will be able to unlock and start our cars from our phones. Lets hope people are thinking about security...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/16 6:46 p.m.12 views

FTC’s Voice Cloning Challenge

The Federal Trade Commission is running a competition "to foster breakthrough ideas on preventing, monitoring, and evaluating malicious voice cloning."...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/25 9:6 p.m.12 views

Friday Squid Blogging: China’s Squid Fishing Ban Ineffective

China imposed a "pilot program banning fishing in parts of the south-west Atlantic Ocean from July to October, and parts of the eastern Pacific Ocean from September to December." However, the conservation group Oceana analyzed the data and figured out that the Chinese werent fishing in those area...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/02 11:4 a.m.12 views

New SEC Rules around Cybersecurity Incident Disclosures

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: 1. Public companies must "disclose any cybersecurity incident they determine to be material" within four days, with potential delays if there is a national...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/28 9:1 p.m.12 views

Friday Squid Blogging: Zaqistan Flag

The fictional nation of Zaqistan in Utah has a squid on its flag. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/17 11:13 a.m.12 views

Tracking Down a Suspect through Cell Phone Records

Interesting forensics in connection with a serial killer arrest: Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island--two areas connected to a "burner phone" they had tied to the killings. In court, prosecutors later said the...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/28 11:17 a.m.12 views

Stalkerware Vendor Hacked

The stalkerware company LetMeSpy has been hacked: TechCrunch reviewed the leaked data, which included years of victims call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared litt...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/27 8:36 p.m.12 views

Typing Incriminating Evidence in the Memo Field

Dont do it: Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though: Over a three-ye...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/23 2:55 p.m.12 views

UPS Data Harvested for SMS Phishing Attacks

I get UPS phishing spam on my phone all the time. I never click on it, because its so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/13 11:3 a.m.12 views

Identifying the Idaho Killer

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students. Pay attention to the techniques: The case has shown the degree to which law enforcement investigators have come to rely on the digital...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/08 3:29 p.m.12 views

AI Hacking Village at DEF CON This Year

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants wi...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/05 9:12 p.m.12 views

Friday Squid Blogging: “Mediterranean Beef Squid” Hoax

The viral video of the "Mediterranean beef squid"is a hoax. Its not even a deep fake; its a plastic toy. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/17 11:15 a.m.12 views

Swatting as a Service

Motherboard is reporting on AI-generated voices being used for "swatting": In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/14 9:14 p.m.12 views

Friday Squid Blogging: Colossal Squid

Interesting article on the colossal squid, which is larger than the giant squid. The article answers a vexing question: So why do we always hear about the giant squid and not the colossal squid? Well, part of it has to do with the fact that the giant squid was discovered and studied long before t...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/06 10:59 a.m.12 views

Research on AI in Adversarial Settings

New research: “Achilles Heels for AGI/ASI via Decision Theoretic Adversaries": As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safe...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/30 10:0 p.m.12 views

Russian Cyberwarfare Documents Leaked

Now this is interesting: Thousands of pages of secret documents reveal how Vulkans engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/06 12:6 p.m.12 views

New National Cybersecurity Strategy

Last week, the Biden administration released a new National Cybersecurity Strategy summary here. There is lots of good commentary out there. Its basically a smart strategy, but the hard parts are always the implementation details. Its one thing to say that we need to secure our cloud...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/24 12:34 p.m.12 views

Putting Undetectable Backdoors in Machine Learning Models

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raise...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/03 10:2 p.m.12 views

Friday Squid Blogging: Studying the Colossal Squid

A survey of giant squid science. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/06 10:2 p.m.12 views

Friday Squid Blogging: Squid Fetish

Seems that about 1.5% of people have a squid fetish. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/06 3:46 p.m.12 views

Remote Vulnerabilities in Automobiles

This group has found a ton of remote vulnerabilities in all sorts of automobiles. Its enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/23 12:3 p.m.12 views

Hacking the JFK Airport Taxi Dispatch System

Two men have been convicted of hacking the taxi dispatch system at the JFK airport. This enabled them to reorder the taxis on the list; they charged taxi drivers $10 to cut the line...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/14 5:1 p.m.12 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page...

1.3AI score
Exploits0
Total number of security vulnerabilities2980