Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2024/03/26 11:8 a.m.11 views

On Secure Voting Systems

Andrew Appel shepherded a public comment--signed by twenty election cybersecurity experts, including myself--on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but its general in nature. From the executive summary: We believe that no...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/23 4:14 p.m.11 views

AIs Hacking Websites

New research: LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models LLMs have become increasingly capable and can now interact with tools i.e., call functions, read documents, and recursively call themselves. As a result, these LLMs can now function autonomous...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/14 5:1 p.m.11 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference MSC 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/18 12:2 p.m.11 views

Canadian Citizen Gets Phone Back from Police

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspects phone. Judge Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. "This strikes me as a...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/18 3:37 p.m.11 views

Police Get Medical Records without a Warrant

More unconstrained surveillance: Lawmakers noted the pharmacies policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services HHS Secretary Xavier Becerra. The letter--signed by Sen. Ron Wyden D-Ore., Rep. Pramila Jayapal D-Wash., and Rep. Sara...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/08 10:3 p.m.11 views

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story: The woman--who has only been identified by her surname, Wang--was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/07 12:2 p.m.11 views

Spying through Push Notifications

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them--either for their own reasons or in response to government demands. Sen. Wyden is trying to get to the bottom of this: In a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/12 11:20 a.m.11 views

Cars Have Terrible Data Privacy

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our Privacy Not Included warning label--making cars the official worst category of products for privacy that we have ever reviewed. Theres a lot of details in the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/31 11:6 a.m.11 views

Own Your Own Government Surveillance Van

A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, lets start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/12 2:50 p.m.11 views

Google Is Using Its Vast Data Stores to Train AI

No surprise, but Google just changed its privacy policy to reflect broader uses of all the surveillance data it has captured over the years: Research and development: Google uses information to improve our services and to develop new products, features and technologies that benefit our users and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/07 9:8 p.m.11 views

Friday Squid Blogging: Giant Squid Nebula

Pretty: A mysterious squid-like cosmic cloud, this nebula is very faint, but also very large in planet Earths sky. In the image, composed with 30 hours of narrowband image data, it spans nearly three full moons toward the royal constellation Cepheus. Discovered in 2011 by French astro-imager...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/03 11:4 a.m.11 views

Self-Driving Cars Are Surveillance Cameras on Wheels

Police are already using self-driving car footage as video evidence: While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement ­ and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/16 9:13 p.m.11 views

Friday Squid Blogging: Squid Can Edit Their RNA

This is just crazy: Scientists dont yet know for sure why octopuses, and other shell-less cephalopods including squid and cuttlefish, are such prolific editors. Researchers are debating whether this form of genetic editing gave cephalopods an evolutionary leg or tentacle up or whether the editing...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/09 9:5 p.m.11 views

Friday Squid Blogging: Light-Emitting Squid

Its a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid, they are adorned with light organs called photophores. They have some on the underside of their mantle. There are more facing upward, near one of their eyes. But it’s the photophore...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/30 11:16 a.m.11 views

Brute-Forcing a Fingerprint Reader

Its neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and whats stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/28 9:7 p.m.11 views

Friday Squid Blogging: More Squid Camouflage Research

Heres a research group trying to replicate squid cell transparency in mammalian cells. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/21 12:14 p.m.11 views

The Insecurity of Photo Cropping

The Intercept has a long article on the insecurity of photo cropping: One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the files creators or editors. Official instruction manuals, help pages...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/21 12:9 p.m.11 views

Ukraine Intercepting Russian Soldiers’ Cell Phone Calls

Theyre using commercial phones, which go through the Ukrainian telecom network: "You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/05 12:10 p.m.11 views

CAPTCHA

This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? Seems not. Is it a Magritte-like existential question? Its not a bicycle. Its a drawing of a bicycle. Actually, its a photograph of a drawing of a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/29 12:19 p.m.11 views

Charles V of Spain Secret Code Cracked

Diplomatic code cracked after 500 years: In painstaking work backed by computers, Pierrot found "distinct families" of about 120 symbols used by Charles V. "Whole words are encrypted with a single symbol" and the emperor replaced vowels coming after consonants with marks, she said, an inspiration...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/14 12:38 p.m.11 views

A Digital Red Cross

The International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network. The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/10 3:18 p.m.11 views

An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Googles Chrome, Apples Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as whats known as a root certificate authority, a powerful spot in the internets...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/07 12:17 p.m.11 views

The Conviction of Uber’s Chief Security Officer

I have been meaning to write about Joe Sullivan, Ubers former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. Its a complicated case, and Im not convinced that he deserved a guilty ruling or that its a good thing for the industry. I may still...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/16 9:1 p.m.11 views

Friday Squid Blogging: Mayfly Squid

This is surprisingly funny. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/16 2:7 p.m.11 views

Massive Data Breach at Uber

Its big: The breach appeared to have compromised many of Ubers internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times. "They pretty much have full access to Uber," said Sam...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/16 11:2 a.m.11 views

Attacking the Performance of Machine Learning Systems

Interesting research: "Sponge Examples: Energy-Latency Attacks on Neural Networks": Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/19 11:23 a.m.11 views

Websites that Collect Your Data as You Type

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/06 11:1 a.m.11 views

Corporate Involvement in International Cybersecurity Treaties

The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President Emmanuel Macron during the 2018 UNESCO’s Internet Governance Forum. It’s an attempt by the worlds governments to come together and create a set of international norms and standards for a reliable,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/22 2:57 p.m.11 views

White House Warns of Possible Russian Cyberattacks

News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. … Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/02 3:58 p.m.11 views

Finding Vulnerabilities in Open Source Projects

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The "Alpha" side will emphasize vulnerability testing by hand in the most popular...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/20 12:13 p.m.11 views

San Francisco Police Illegally Spying on Protesters

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/14 3:55 p.m.11 views

On the Log4j Vulnerability

Its serious: The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. Fr...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/13 12:16 p.m.11 views

NSO Group’s Pegasus Spyware Used Against US State Department Officials

NSO Groups descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We dont know which NSO Group customer trained the spyware on the US. But the company does: NSO Group said in a statement on Thursday that it did not have any indicati...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/09 3:36 p.m.11 views

Google Shuts Down Glupteba Botnet, Sues Operators

Google took steps to shut down the Glupteba botnet, at least for now. The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently. So Google is also suing the botnets operators. Its an interesting strategy. Lets see if its successf...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/12 3:4 p.m.11 views

Airline Passenger Mistakes Vintage Camera for a Bomb

I feel sorry for the accused: The "security incident" that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding -- after an airline passenger mistook another travelers camera for a bomb, sources said Sunday. American...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/11 12:49 p.m.11 views

The European Parliament Voted to Ban Remote Biometric Surveillance

Its not actually banned in the EU yet -- the legislative process is much more complicated than that -- but its a step: a total ban on biometric mass surveillance. To respect "privacy and human dignity," MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/06 11:11 a.m.11 views

Tracking People by their MAC Addresses

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 9:5 p.m.11 views

Friday Squid Blogging: Squid Communication

Interesting article on squid communication. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/30 11:24 a.m.11 views

Excellent Write-up of the SolarWinds Security Breach

Robert Chesney wrote up the Solar Winds story as a case study, and its a really good summary...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 5:45 a.m.11 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 6:40 a.m.11 views

US Postal Service Files Blockchain Voting Patent

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/19 9:27 p.m.11 views

Friday Squid Blogging: New Squid Species off the New Zealand Coast

There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/26 11:4 a.m.11 views

DARPA Wants Research into Resilient Anonymous Communications

DARPA is funding research into resilient anonymous communications systems...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/09 1:59 p.m.11 views

Living in a Smart Home

In "The House that Spied on Me," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/06 12:33 p.m.11 views

Poor Security at the UK National Health Service

The Guardian is reporting that "every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required." This is the same NHS that was debilitated by WannaCry. EDITED TO ADD 2/13: More news. And don't think that US hospitals are much better...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/09/28 7:21 p.m.11 views

New Internet Explorer Bug

There's a newly discovered bug in Internet Explorer that allows any currently visited website to learn the contents of the address bar when the user hits enter. This feels important; the site I am at now has no business knowing where I go next...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 7:11 p.m.11 views

NSA Links WannaCry to North Korea

There's evidence: Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/02 11:11 a.m.10 views

Cybersecurity Mission Creep in the US

Interesting paper: "Cybersecurity Mission Creep." Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/30 12:5 p.m.10 views

The Realities of AI Video Surveillance

The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass surveillance. Th...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/25 11:23 a.m.10 views

Interesting Paper Exploring Prompt Injection

This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and t...

5.9AI score
Exploits0
Total number of security vulnerabilities2979