Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2022/01/20 12:13 p.m.11 views

San Francisco Police Illegally Spying on Protesters

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/14 3:55 p.m.11 views

On the Log4j Vulnerability

Its serious: The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. Fr...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/13 12:16 p.m.11 views

NSO Group’s Pegasus Spyware Used Against US State Department Officials

NSO Groups descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We dont know which NSO Group customer trained the spyware on the US. But the company does: NSO Group said in a statement on Thursday that it did not have any indicati...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/12/09 3:36 p.m.11 views

Google Shuts Down Glupteba Botnet, Sues Operators

Google took steps to shut down the Glupteba botnet, at least for now. The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently. So Google is also suing the botnets operators. Its an interesting strategy. Lets see if its successf...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/12 3:4 p.m.11 views

Airline Passenger Mistakes Vintage Camera for a Bomb

I feel sorry for the accused: The "security incident" that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding -- after an airline passenger mistook another travelers camera for a bomb, sources said Sunday. American...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/11 12:49 p.m.11 views

The European Parliament Voted to Ban Remote Biometric Surveillance

Its not actually banned in the EU yet -- the legislative process is much more complicated than that -- but its a step: a total ban on biometric mass surveillance. To respect "privacy and human dignity," MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/06 11:11 a.m.11 views

Tracking People by their MAC Addresses

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/03 9:5 p.m.11 views

Friday Squid Blogging: Squid Communication

Interesting article on squid communication. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/08/30 11:24 a.m.11 views

Excellent Write-up of the SolarWinds Security Breach

Robert Chesney wrote up the Solar Winds story as a case study, and its a really good summary...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 5:45 a.m.11 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 6:40 a.m.11 views

US Postal Service Files Blockchain Voting Patent

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot...

1.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/19 9:27 p.m.11 views

Friday Squid Blogging: New Squid Species off the New Zealand Coast

There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/25 9:18 p.m.11 views

Friday Squid Blogging: Squid Comic

It's not very good, but it has a squid in it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/15 10:21 p.m.11 views

Friday Squid Blogging: Baby Sea Otters Prefer Shrimp to Squid

At least, this one does. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/15 12:18 p.m.11 views

Tracking People Without GPS

Interesting research: The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 7:11 p.m.11 views

NSA Links WannaCry to North Korea

There's evidence: Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/28 9:37 p.m.11 views

Friday Squid Blogging: Live Squid Washes up on North Carolina Beach

A "mysterious squid" -- big and red -- washed up on a beach in Carteret County, North Carolina. Someone found it, still alive, and set it back in the water after taking some photos of it. Squid scientists later decided it was a diamondback squid. So, you think that O'Shea might know the identity ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/27 11:20 a.m.11 views

Reading Analytics and Privacy

Interesting paper: "The rise of reading analytics and the emerging calculus of reading privacy in the digital world," by Clifford Lynch: Abstract: This paper studies emerging technologies for tracking reading behaviors "reading analytics" and their implications for reader privacy, attempting to...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/25 10:25 a.m.11 views

Faking Domain Names with Unicode Characters

It's things like this that make phishing attacks easier. News article...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 5 days ago10 views

France to Stop Certifying Non-Quantum-Safe Encryption

France is accelerating its transition to post-quantum encryption: France's cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/25 11:23 a.m.10 views

Interesting Paper Exploring Prompt Injection

This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and t...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/17 11:4 a.m.10 views

AI Use by the US Government

On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget OMB disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/22 9:4 p.m.10 views

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

The South Pacific Regional Fisheries Management Organization SPRFMO needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/01 11:18 a.m.10 views

A Ransomware Negotiator Was Working for a Ransomware Gang

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/15 10:47 a.m.10 views

Defense in Depth, Medieval Style

This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 15­-20 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, enabling defenders...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/14 10:49 a.m.10 views

How Hackers Are Thinking About AI

Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/10 10:41 a.m.10 views

Sen. Sanders Talks to Claude About AI and Privacy

Claude is actually pretty good on the issues...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/05 5:31 p.m.10 views

Israel Hacked Traffic Cameras in Iran

Multiple news outlets are reporting on Israel's hacking of Iranian traffic cameras and how they assisted with the killing of that country's leadership. The New York Times has an article on the intelligence operation more generally...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/02 12:5 p.m.10 views

LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/15 11:7 a.m.10 views

Trojans Embedded in .svg Files

Porn sites are hiding code in .svg files: Unpacking the attack took work because much of the JavaScript in the .svg images was heavily obscured using a custom version of "JSFuck," a technique that uses only a handful of character types to encode JavaScript into a camouflaged wall of text. Once...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/06 9:0 p.m.10 views

Friday Squid Blogging: Squid Run in Southern New England

Southern New England is having the best squid run in years. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/29 11:6 a.m.10 views

Surveillance Via Smart Toothbrush

The only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/28 11:9 a.m.10 views

Location Tracking App for Foreigners in Moscow

Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones. Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location Fingerprint Face photograph...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/25 9:8 p.m.10 views

Friday Squid Blogging: Squid Facts on Your Phone

Text "SQUID" to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/25 11:7 a.m.10 views

Cryptocurrency Thefts Get Physical

Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/22 4:3 p.m.10 views

Android Improves Its Security

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it's nice to see Google add it to their phones...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/17 4:38 p.m.10 views

Age Verification Using Facial Scans

Discord is testing the feature: "We're currently running tests in select regions to age-gate access to certain spaces or user settings," a spokesperson for Discord said in a statement. "The information shared to power the age verification method is only used for the one-time age verification...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/25 5:4 p.m.10 views

North Korean Hackers Steal $1.5B in Cryptocurrency

It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a "Multisig Cold Wallet" when,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/12 12:9 p.m.10 views

Delivering Malware Through Abandoned Amazon S3 Buckets

Here's a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don't realize that they have been abandoned, and still...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/07 10:2 p.m.10 views

Friday Squid Blogging: The Colossal Squid

Long article on the colossal squid. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/17 10:2 p.m.10 views

Friday Squid Blogging: Opioid Alternatives from Squid Research

Is there nothing that squid research can't solve? "If you're working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain," he said. … Researchers hope to...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/16 12:3 p.m.10 views

FBI Deletes PlugX Malware from Thousands of Computers

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from "approximately 4,258 U.S.-based computers and networks." Details: To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/10 10:6 p.m.10 views

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

News: A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests. … The study tested the material in an irrigation ditch, a...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/03 10:4 p.m.10 views

Friday Squid Blogging: Anniversary Post

I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week with maybe only a few exceptions. There is a lot out there about squid, even more if you count the other meanings of the word. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/03 2:46 p.m.10 views

ShredOS

ShredOS is a stripped-down operating system designed to destroy data. GitHub page here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/06 10:5 p.m.10 views

Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device

Fifteen years ago I blogged about a different SQUID. Here's an update: Fleeing drivers are a common problem for law enforcement. They just won’t stop unless persuaded­--persuaded by bullets, barriers, spikes, or snares. Each option is risky business. Shooting up a fugitive’s car is one possibilit...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/02 12:8 p.m.10 views

Details about the iOS Inactivity Reboot Feature

I recently wrote about the new iOS feature that forces an iPhone to reboot after it's been inactive for a longish period of time. Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/26 12:1 p.m.10 views

What Graykey Can and Can’t Unlock

This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple's mobile operating system,...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/15 12:5 p.m.10 views

Good Essay on the History of Bad Password Policies

Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson's work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistak...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/07 4:13 p.m.10 views

Prompt Injection Defenses Against LLM Cyberattacks

Interesting research: "Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks": Large language models LLMs are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defens...

7.6AI score
Exploits0
Total number of security vulnerabilities2981