Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2026/04/21 11:4 a.m.11 views

Mexican Surveillance Company

Grupo Seguritech is a Mexican surveillance company that is expanding into the US...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/05 12:0 p.m.11 views

Backdoor in Notepad++

Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/27 11:8 a.m.11 views

First Wap: A Surveillance Computer You’ve Never Heard Of

Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap's European founders and executives have quiet...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/19 11:1 a.m.11 views

Surveying the Global Spyware Market

The Atlantic Council has published its second annual report: "Mythical Beasts: Diving into the depths of the global spyware market." Too much good detail to summarize, but here are two items: First, the authors found that the number of US-based investors in spyware has notably increased in the pa...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/24 11:4 a.m.11 views

How the Solid Protocol Restores Digital Agency

The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you've never heard of. These entities collect, store, and trade your...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/17 11:8 a.m.11 views

Where AI Provides Value

If you've worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you're safe for another day. But the fact remains that AI...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/13 10:17 a.m.11 views

Paragon Spyware Used to Spy on European Journalists

Paragon is an Israeli spyware company, increasingly in the news now that NSO Group seems to be waning. "Graphite" is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified b...

4.8CVSS6.2AI score0.01009EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/27 11:7 a.m.11 views

Chinese-Owned VPNs

One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are often surreptitiously owned by Chinese companies. It would be hard for...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/20 11:5 a.m.11 views

DoorDash Hack

A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the othe...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/15 11:0 a.m.11 views

AI-Generated Law

On April 14, Dubai's ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to "regularly suggest updates" to the law and "accelerate the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/13 11:7 a.m.11 views

Court Rules Against NSO Group

The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I'm sure it'll be appealed. Everything always is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/09 9:5 p.m.11 views

Friday Squid Blogging: Japanese Divers Video Giant Squid

The video is really amazing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/06 11:3 a.m.11 views

Fake Student Fraud in Community Colleges

Reporting on the rise of fake students enrolling in community college courses: The bots' goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generate...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/29 11:3 a.m.11 views

Applying Security Engineering to Prompt Injection Security

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL CApabilities for MachinE Learning, a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/15 4:2 p.m.11 views

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names--laced with malware, of course. EDITED TO ADD 1/22: Research paper. Slashdot thread...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/11 11:4 a.m.11 views

AI Vulnerability Finding

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer...

8.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/07 11:3 a.m.11 views

DIRNSA Fired

In "Secrets and Lies" 2000, I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It's something a bunch of us were saying at the time, in reference to the vast NSA's surveillance capabilities. I have been thinking of that quote a lot as I read ne...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/01 11:1 a.m.11 views

Cell Phone OPSEC for Border Crossings

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data--files, photos, etc.--on phones so it can't be recovered? Does resetting a phone to...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/21 11:47 a.m.11 views

NCSC Releases Post-Quantum Cryptography Timeline

The UK's National Computer Security Center part of GCHQ released a timeline--also see their blog post--for migration to quantum-computer-resistant cryptography. It even made The Guardian...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/21 3:33 p.m.11 views

Implementing Cryptography in AI Systems

Interesting research: "How to Securely Implement Cryptography in Deep Neural Networks." Abstract: The wide adoption of deep neural networks DNNs raises the question of how can we equip them with a desired cryptographic functionality e.g, to decrypt an encrypted input, to verify that this input is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/10 12:0 p.m.11 views

Pairwise Authentication of Humans

Here's an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode TOTP between any pair of persons. This i...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/07 3:26 p.m.11 views

Screenshot-Reading Malware

Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition OCR to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/05 12:3 p.m.11 views

On Generative AI Security

Microsoft's AI Red Team just published "Lessons from Red Teaming 100 Generative AI Products." Their blog post lists "three takeaways," but the eight lessons in the report itself are more useful: 1. Understand what the system can do and where it is applied. 2. You don't have to compute gradients t...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/06 12:6 p.m.11 views

Privacy of Photos.app’s Enhanced Visual Search

Initial speculation about a new Apple feature...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/26 4:9 p.m.11 views

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/24 12:4 p.m.11 views

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/07 12:7 p.m.11 views

Subverting LLM Coders

Really interesting research: "An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection": Abstract : Large Language Models LLMs have transformed code completion tasks, providing context-based suggestions to boost...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/31 3:43 p.m.11 views

Roger Grimes on Prioritizing Cybersecurity Advice

This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guidelin...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/22 11:3 a.m.11 views

No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

The headline is pretty scary: "China's Quantum Computer Scientists Crack Military-Grade Encryption." No, it's not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn't bad but was taken widely out of proportion. Cryptography is...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/16 11:3 a.m.11 views

Cheating at Conkers

The men's world conkers champion is accused of cheating with a steel chestnut...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/11 7:0 p.m.11 views

More on My AI and Democracy Book

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: 1. Rewiring the Republic: How AI Wi...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/11 11:8 a.m.11 views

IronNet Has Shut Down

After retiring in 2014 from an uncharacteristically long tenure running the NSA and US CyberCommand, Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/21 1:59 a.m.11 views

Friday Squid Blogging: Squid Game Season Two Teaser

The teaser for Squid Game Season Two dropped. Blog moderation policy...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/20 3:32 p.m.11 views

Clever Social Engineering Attack Using Captchas

This is really interesting. Its a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/04 11:3 a.m.11 views

Security Researcher Sued for Disproving Government Statements

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher. Lets hope the judge throws the case out...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/23 11:5 a.m.11 views

Take a Selfie Using a NY Surveillance Camera

This site will let you take a selfie with a New York City traffic surveillance camera. EDITED TO ADD: BoingBoing post...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/06 11:1 a.m.11 views

On the Cyber Safety Review Board

When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrikes faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to t...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/31 3:55 p.m.11 views

Nearly 7% of Internet Traffic Is Malicious

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/19 4:2 p.m.11 views

Brett Solomon on Digital Rights

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. Hes written a blog post about what hes learned and what comes next...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/01 11:5 a.m.11 views

Model Extraction from Neural Networks

A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but its a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/28 11:4 a.m.11 views

James Bamford on Section 702 Extension

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act FISA...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/26 11:6 a.m.11 views

The US Is Banning Kaspersky

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban--­th...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/21 11:4 a.m.11 views

Ross Anderson’s Memorial Service

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. The passcode is "L3954FrrEF"...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 9:5 p.m.11 views

Friday Squid Blogging: Squid Catch Quotas in Peru

Peru has set a lower squid quota for 2024. The article says "giant squid," but that seems wrong. We dont eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/22 11:3 a.m.11 views

Unredacting Pixelated Text

Experiments in unredacting text that has been pixelated...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/17 9:4 p.m.11 views

Friday Squid Blogging: Emotional Support Squid

When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: Theyre emotional support squid because theyre large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows and you can fidget with the arms and tentacles for...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/09 4:5 p.m.11 views

How Criminals Are Using Generative AI

Theres a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attemp...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 9:5 p.m.11 views

Friday Squid Blogging: Squid Purses

Squid-shaped purses for sale. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/16 11:0 a.m.11 views

X.com Automatically Changing Link Text but Not URLs

Brian Krebs reported that X formerly known as Twitter started automatically changing twitter.com links to x.com links. The problem is: 1 it changed any domain name that ended with "twitter.com," and 2 it only changed the links appearance anchortext, not the underlying URL. So if you were a clever...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/12 9:8 p.m.11 views

Friday Squid Blogging: The Awfulness of Squid Fishing Boats

Its a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Total number of security vulnerabilities2979