Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2022/01/06 12:29 p.m.12 views

People Are Increasingly Choosing Private Web Search

DuckDuckGo has had a banner year: And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020 23.6 billion. Thats big. Even so, the company, which bills itself as the "Internet privacy company," offering a search engine and...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/22 4:20 p.m.12 views

Stolen Bitcoins Returned

The US has returned $154 million in bitcoins stolen by a Sony employee. However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishiis wallet after obtaining the private key, which made it possible to...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/03 8:18 p.m.12 views

Friday Squid Blogging: Squeeze the Squid

Squeeze the Squid is a band. It just released its second album. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/19 10:12 p.m.12 views

Friday Squid Blogging: Bigfin Squid Captured on Video

"Eerie video captures elusive, alien-like squid gliding in the Gulf of Mexico." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/05 9:11 p.m.12 views

Friday Squid Blogging: Squid Game Cryptocurrency Was a Scam

The Squid Game cryptocurrency was a complete scam: The SQUID cryptocurrency peaked at a price of $2,861 before plummeting to $0 around 5:40 a.m. ET., according to the website CoinMarketCap. This kind of theft, commonly called a "rug pull" by crypto investors, happens when the creators of the cryp...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/27 11:25 a.m.12 views

Tracking Stolen Cryptocurrencies

Good article about the current state of cryptocurrency forensics...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/27 1:37 p.m.12 views

Details of the Recent T-Mobile Breach

Seems that 47 million customers were affected. Surprising no one, T-Mobile had awful security. Ive lost count of how many times T-Mobile has been hacked...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/02 8:1 p.m.12 views

New Windows Zero-Day

Googles Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. The exploit doesnt affect the cryptography, but allows attackers to escalate system privileges: Attackers were combining an exploit for it with a separate one targeting a...

3.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 6:17 a.m.12 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 4:10 p.m.12 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/26 11:31 a.m.12 views

Amazon Supplier Fraud

Interesting story of an Amazon supplier fraud: According to the indictment, the brothers swapped ASINs for items Amazon ordered to send large quantities of different goods instead. In one instance, Amazon ordered 12 canisters of disinfectant spray costing $94.03. The defendants allegedly shipped...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/10 4:48 p.m.12 views

EFF's 30th Anniversary Livestream

It's the EFF's 30th birthday, and the organization is having a celebratory livestream today from 3:00 to 10:00 pm PDT. There are a lot of interesting discussions and things. I am having a fireside chat at 4:10 pm PDT to talk about the Crypto Wars and more. Stop by. And thank you for supporting EF...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 9:12 p.m.12 views

Friday Squid Blogging: Squid Deception

This is a fantastic video of a squid attracting prey with a tentacle that looks like a smaller squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/26 11:4 a.m.12 views

DARPA Wants Research into Resilient Anonymous Communications

DARPA is funding research into resilient anonymous communications systems...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/09 1:59 p.m.12 views

Living in a Smart Home

In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/28 7:21 p.m.12 views

New Internet Explorer Bug

There's a newly discovered bug in Internet Explorer that allows any currently visited website to learn the contents of the address bar when the user hits enter. This feels important; the site I am at now has no business knowing where I go next...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/27 11:20 a.m.12 views

Reading Analytics and Privacy

Interesting paper: "The rise of reading analytics and the emerging calculus of reading privacy in the digital world," by Clifford Lynch: Abstract: This paper studies emerging technologies for tracking reading behaviors "reading analytics" and their implications for reader privacy, attempting to...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/30 12:5 p.m.11 views

The Realities of AI Video Surveillance

The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. Th...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/16 11:3 a.m.11 views

Flock Cameras Are Being Used for Stalking

There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/21 4:3 p.m.11 views

macOS Kernel Memory Corruption Exploit

A group used Anthropic's Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple's M5. News article...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/27 11:4 a.m.11 views

Medieval Encrypted Letter Decoded

Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/20 11:7 a.m.11 views

Is “Satoshi Nakamoto” Really Adam Back?

The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don't know. The article is convincing, but it's written to be convincing. I can't remember if I ever met Adam. I was a member ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/14 10:49 a.m.11 views

How Hackers Are Thinking About AI

Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/10 9:50 a.m.11 views

Jailbreaking the F-35 Fighter Jet

Countries around the world are becoming increasingly concerned about their dependencies on the US. If you've purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance. The Dutch Defense Secretary recently said that he could jailbreak the planes to accept third-party...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/11 2:48 p.m.11 views

Rewiring Democracy Ebook is on Sale

I just noticed that the ebook version of Rewiring Democracy is on sale for $5 on Amazon, Apple Books, Barnes & Noble, Books A Million, Google Play, Kobo, and presumably everywhere else in the US. I have no idea how long this will last. Also, Amazon has a coupon that brings the hardcover price dow...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/19 11:1 a.m.11 views

Surveying the Global Spyware Market

The Atlantic Council has published its second annual report: "Mythical Beasts: Diving into the depths of the global spyware market." Too much good detail to summarize, but here are two items: First, the authors found that the number of US-based investors in spyware has notably increased in the pa...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/24 11:4 a.m.11 views

How the Solid Protocol Restores Digital Agency

The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you've never heard of. These entities collect, store, and trade your...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/27 11:2 a.m.11 views

The Age of Integrity

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical record...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/17 11:8 a.m.11 views

Where AI Provides Value

If you've worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you're safe for another day. But the fact remains that AI...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/27 11:7 a.m.11 views

Chinese-Owned VPNs

One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are often surreptitiously owned by Chinese companies. It would be hard for...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/23 9:2 p.m.11 views

Friday Squid Blogging: US Naval Ship Attacked by Squid in 1978

Interesting story: USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome's rubber "NOFOUL" coating. In some areas, the coating was described as being...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/20 11:5 a.m.11 views

DoorDash Hack

A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the othe...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/15 11:0 a.m.11 views

AI-Generated Law

On April 14, Dubai's ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to "regularly suggest updates" to the law and "accelerate the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/13 11:7 a.m.11 views

Court Rules Against NSO Group

The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I'm sure it'll be appealed. Everything always is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/09 9:5 p.m.11 views

Friday Squid Blogging: Japanese Divers Video Giant Squid

The video is really amazing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/29 11:3 a.m.11 views

Applying Security Engineering to Prompt Injection Security

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL CApabilities for MachinE Learning, a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/15 4:2 p.m.11 views

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names--laced with malware, of course. EDITED TO ADD 1/22: Research paper. Slashdot thread...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/11 11:4 a.m.11 views

AI Vulnerability Finding

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer...

8.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/07 11:3 a.m.11 views

DIRNSA Fired

In "Secrets and Lies" 2000, I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It's something a bunch of us were saying at the time, in reference to the vast NSA's surveillance capabilities. I have been thinking of that quote a lot as I read ne...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/01 11:1 a.m.11 views

Cell Phone OPSEC for Border Crossings

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data--files, photos, etc.--on phones so it can't be recovered? Does resetting a phone to...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/21 11:47 a.m.11 views

NCSC Releases Post-Quantum Cryptography Timeline

The UK's National Computer Security Center part of GCHQ released a timeline--also see their blog post--for migration to quantum-computer-resistant cryptography. It even made The Guardian...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/12 11:9 a.m.11 views

China, Russia, Iran, and North Korea Intelligence Sharing

Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/27 6:5 p.m.11 views

“Emergent Misalignment” in LLMs

Interesting research: "Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs": Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model act...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/10 12:0 p.m.11 views

Pairwise Authentication of Humans

Here's an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode TOTP between any pair of persons. This i...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/07 3:26 p.m.11 views

Screenshot-Reading Malware

Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition OCR to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/05 12:3 p.m.11 views

On Generative AI Security

Microsoft's AI Red Team just published "Lessons from Red Teaming 100 Generative AI Products." Their blog post lists "three takeaways," but the eight lessons in the report itself are more useful: 1. Understand what the system can do and where it is applied. 2. You don't have to compute gradients t...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/29 12:4 p.m.11 views

ExxonMobil Lobbyist Caught Hacking Climate Activists

The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists: The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/06 12:6 p.m.11 views

Privacy of Photos.app’s Enhanced Visual Search

Initial speculation about a new Apple feature...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/26 4:9 p.m.11 views

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/24 12:4 p.m.11 views

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case...

7.2AI score
Exploits0
Total number of security vulnerabilities2981