Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2024/08/23 11:5 a.m.11 views

Take a Selfie Using a NY Surveillance Camera

This site will let you take a selfie with a New York City traffic surveillance camera. EDITED TO ADD: BoingBoing post...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/06 11:1 a.m.11 views

On the Cyber Safety Review Board

When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrikes faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to t...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/31 3:55 p.m.11 views

Nearly 7% of Internet Traffic Is Malicious

Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published. News articles...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/19 4:2 p.m.11 views

Brett Solomon on Digital Rights

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. Hes written a blog post about what hes learned and what comes next...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/01 11:5 a.m.11 views

Model Extraction from Neural Networks

A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but its a...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/28 11:4 a.m.11 views

James Bamford on Section 702 Extension

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act FISA...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/26 11:6 a.m.11 views

The US Is Banning Kaspersky

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban--­th...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/21 11:4 a.m.11 views

Ross Anderson’s Memorial Service

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. The passcode is "L3954FrrEF"...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/07 9:5 p.m.11 views

Friday Squid Blogging: Squid Catch Quotas in Peru

Peru has set a lower squid quota for 2024. The article says "giant squid," but that seems wrong. We dont eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/22 11:3 a.m.11 views

Unredacting Pixelated Text

Experiments in unredacting text that has been pixelated...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/17 9:4 p.m.11 views

Friday Squid Blogging: Emotional Support Squid

When asked what makes this an "emotional support squid" and not just another stuffed animal, its creator says: Theyre emotional support squid because theyre large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows and you can fidget with the arms and tentacles for...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/09 4:5 p.m.11 views

How Criminals Are Using Generative AI

Theres a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any attemp...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/03 9:5 p.m.11 views

Friday Squid Blogging: Squid Purses

Squid-shaped purses for sale. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/16 11:0 a.m.11 views

X.com Automatically Changing Link Text but Not URLs

Brian Krebs reported that X formerly known as Twitter started automatically changing twitter.com links to x.com links. The problem is: 1 it changed any domain name that ended with "twitter.com," and 2 it only changed the links appearance anchortext, not the underlying URL. So if you were a clever...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/12 9:8 p.m.11 views

Friday Squid Blogging: The Awfulness of Squid Fishing Boats

Its a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/10 11:8 a.m.11 views

In Memoriam: Ross Anderson, 1956–2024

Last week, I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Heres the longer version. EDITED TO ADD 4/11: Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/05 11:0 a.m.11 views

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers locations. The FCC...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/26 11:8 a.m.11 views

On Secure Voting Systems

Andrew Appel shepherded a public comment--signed by twenty election cybersecurity experts, including myself--on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but its general in nature. From the executive summary: We believe that no...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/23 4:14 p.m.11 views

AIs Hacking Websites

New research: LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models LLMs have become increasingly capable and can now interact with tools i.e., call functions, read documents, and recursively call themselves. As a result, these LLMs can now function autonomous...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/14 5:1 p.m.11 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference MSC 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/18 12:2 p.m.11 views

Canadian Citizen Gets Phone Back from Police

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspects phone. Judge Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. "This strikes me as a...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/18 3:37 p.m.11 views

Police Get Medical Records without a Warrant

More unconstrained surveillance: Lawmakers noted the pharmacies policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services HHS Secretary Xavier Becerra. The letter--signed by Sen. Ron Wyden D-Ore., Rep. Pramila Jayapal D-Wash., and Rep. Sara...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/08 10:3 p.m.11 views

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story: The woman--who has only been identified by her surname, Wang--was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/07 12:2 p.m.11 views

Spying through Push Notifications

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them--either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this: In a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/12 11:20 a.m.11 views

Cars Have Terrible Data Privacy

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our Privacy Not Included warning label--making cars the official worst category of products for privacy that we have ever reviewed. Theres a lot of details in the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/31 11:6 a.m.11 views

Own Your Own Government Surveillance Van

A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, lets start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/12 2:50 p.m.11 views

Google Is Using Its Vast Data Stores to Train AI

No surprise, but Google just changed its privacy policy to reflect broader uses of all the surveillance data it has captured over the years: Research and development: Google uses information to improve our services and to develop new products, features and technologies that benefit our users and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/07 9:8 p.m.11 views

Friday Squid Blogging: Giant Squid Nebula

Pretty: A mysterious squid-like cosmic cloud, this nebula is very faint, but also very large in planet Earths sky. In the image, composed with 30 hours of narrowband image data, it spans nearly three full moons toward the royal constellation Cepheus. Discovered in 2011 by French astro-imager...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/03 11:4 a.m.11 views

Self-Driving Cars Are Surveillance Cameras on Wheels

Police are already using self-driving car footage as video evidence: While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement ­ and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/16 9:13 p.m.11 views

Friday Squid Blogging: Squid Can Edit Their RNA

This is just crazy: Scientists dont yet know for sure why octopuses, and other shell-less cephalopods including squid and cuttlefish, are such prolific editors. Researchers are debating whether this form of genetic editing gave cephalopods an evolutionary leg or tentacle up or whether the editing...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/09 9:5 p.m.11 views

Friday Squid Blogging: Light-Emitting Squid

Its a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid, they are adorned with light organs called photophores. They have some on the underside of their mantle. There are more facing upward, near one of their eyes. But it’s the photophore...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/30 11:16 a.m.11 views

Brute-Forcing a Fingerprint Reader

Its neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and whats stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/28 9:7 p.m.11 views

Friday Squid Blogging: More Squid Camouflage Research

Heres a research group trying to replicate squid cell transparency in mammalian cells. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/21 12:14 p.m.11 views

The Insecurity of Photo Cropping

The Intercept has a long article on the insecurity of photo cropping: One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the files creators or editors. Official instruction manuals, help pages...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/21 12:9 p.m.11 views

Ukraine Intercepting Russian Soldiers’ Cell Phone Calls

Theyre using commercial phones, which go through the Ukrainian telecom network: "You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/05 12:10 p.m.11 views

CAPTCHA

This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? Seems not. Is it a Magritte-like existential question? Its not a bicycle. Its a drawing of a bicycle. Actually, its a photograph of a drawing of a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/29 12:19 p.m.11 views

Charles V of Spain Secret Code Cracked

Diplomatic code cracked after 500 years: In painstaking work backed by computers, Pierrot found "distinct families" of about 120 symbols used by Charles V. "Whole words are encrypted with a single symbol" and the emperor replaced vowels coming after consonants with marks, she said, an inspiration...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/14 12:38 p.m.11 views

A Digital Red Cross

The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network. The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/10 3:18 p.m.11 views

An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Googles Chrome, Apples Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as whats known as a root certificate authority, a powerful spot in the internets...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/07 12:17 p.m.11 views

The Conviction of Uber’s Chief Security Officer

I have been meaning to write about Joe Sullivan, Ubers former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. Its a complicated case, and Im not convinced that he deserved a guilty ruling or that its a good thing for the industry. I may still...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/16 9:1 p.m.11 views

Friday Squid Blogging: Mayfly Squid

This is surprisingly funny. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/16 2:7 p.m.11 views

Massive Data Breach at Uber

Its big: The breach appeared to have compromised many of Ubers internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. "They pretty much have full access to Uber," said Sam...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/16 11:2 a.m.11 views

Attacking the Performance of Machine Learning Systems

Interesting research: "Sponge Examples: Energy-Latency Attacks on Neural Networks": Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/19 11:23 a.m.11 views

Websites that Collect Your Data as You Type

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/06 11:1 a.m.11 views

Corporate Involvement in International Cybersecurity Treaties

The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President Emmanuel Macron during the 2018 UNESCO’s Internet Governance Forum. It’s an attempt by the worlds governments to come together and create a set of international norms and standards for a reliable,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/22 2:57 p.m.11 views

White House Warns of Possible Russian Cyberattacks

News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. … Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/02 3:58 p.m.11 views

Finding Vulnerabilities in Open Source Projects

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The "Alpha" side will emphasize vulnerability testing by hand in the most popular...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/20 12:13 p.m.11 views

San Francisco Police Illegally Spying on Protesters

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/14 3:55 p.m.11 views

On the Log4j Vulnerability

Its serious: The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. Fr...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/13 12:16 p.m.11 views

NSO Group’s Pegasus Spyware Used Against US State Department Officials

NSO Groups descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We dont know which NSO Group customer trained the spyware on the US. But the company does: NSO Group said in a statement on Thursday that it did not have any indicati...

1.6AI score
Exploits0
Total number of security vulnerabilities2981