Lucene search
+L
SchneierMost viewed

2988 matches found

Schneier on Security
Schneier on Security
added 2019/10/29 11:9 a.m.11 views

ICT Supply-Chain Security

The Carnegie Endowment for Peace published a comprehensive report on ICT information and communication technologies supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/19 9:27 p.m.11 views

Friday Squid Blogging: New Squid Species off the New Zealand Coast

There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/18 12:8 p.m.11 views

Lessons Learned from the Estonian National ID Security Flaw

Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/15 10:21 p.m.11 views

Friday Squid Blogging: Baby Sea Otters Prefer Shrimp to Squid

At least, this one does. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/16 7:11 p.m.11 views

NSA Links WannaCry to North Korea

There's evidence: Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 5 days ago10 views

AI Data Centers and the Concentration of Wealth

This essay was written with Nathan E. Sanders, and originally appeared inThe Guardian. Opposition to AI data centers has emerged as a primary theme in US politics, one that--surprisingly--doesn't fall along party lines. We applaud people coming together for constructive debate on any issue, and...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/07 10:43 a.m.10 views

Google Is Suing Chinese Scammers Who Are Using Gemini

Not sure this will have any effect, but I support the effort: According to Google's legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/25 11:23 a.m.10 views

Interesting Paper Exploring Prompt Injection

This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and t...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/22 9:4 p.m.10 views

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

The South Pacific Regional Fisheries Management Organization SPRFMO needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/01 11:18 a.m.10 views

A Ransomware Negotiator Was Working for a Ransomware Gang

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/13 10:10 a.m.10 views

AI Chatbots and Trust

All the leading AI chatbots are sycophantic, and that's a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically ­ they couldn't tell the difference betwe...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/10 10:41 a.m.10 views

Sen. Sanders Talks to Claude About AI and Privacy

Claude is actually pretty good on the issues...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/09 10:51 a.m.10 views

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/26 11:6 a.m.10 views

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/05 5:31 p.m.10 views

Israel Hacked Traffic Cameras in Iran

Multiple news outlets are reporting on Israel's hacking of Iranian traffic cameras and how they assisted with the killing of that country's leadership. The New York Times has an article on the intelligence operation more generally...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/02 12:5 p.m.10 views

LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/27 12:5 p.m.10 views

Why Tehran’s Two-Tiered Internet Is So Dangerous

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January's government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/17 12:1 p.m.10 views

Side-Channel Attacks Against LLMs

Here are three papers describing different side-channel attacks against LLMs. "Remote Timing Attacks on Efficient Language Model Inference": Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/17 9:2 p.m.10 views

Friday Squid Blogging: Squid Inks Philippines Fisherman

Good video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/18 11:6 a.m.10 views

Time-of-Check Time-of-Use Attacks Against LLMs

This is a nice piece of research: "Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents".: Abstract: Large Language Model LLM-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/26 11:0 a.m.10 views

White House Bans WhatsApp

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risk...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/06 9:0 p.m.10 views

Friday Squid Blogging: Squid Run in Southern New England

Southern New England is having the best squid run in years. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/21 11:3 a.m.10 views

More AIs Are Taking Polls and Surveys

I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people actually want to...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/25 11:7 a.m.10 views

Cryptocurrency Thefts Get Physical

Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/22 4:3 p.m.10 views

Android Improves Its Security

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it's nice to see Google add it to their phones...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/04 11:2 a.m.10 views

Troy Hunt Gets Phished

In case you need proof that anyone , even someone who does cybersecurity for a living, can fall for a phishing attack, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading. EDITED TO ADD 4/14: Commentary from Adam Shostack and Cory Doctorow...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/26 11:7 a.m.10 views

AI Data Poisoning

Cloudflare has a new feature--available to free users as well--that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare's new system lures them into a "maze" of realistic-looking but irrelevant pages, wasting the crawler's computing resources...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/25 5:4 p.m.10 views

North Korean Hackers Steal $1.5B in Cryptocurrency

It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a "Multisig Cold Wallet" when,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/12 12:9 p.m.10 views

Delivering Malware Through Abandoned Amazon S3 Buckets

Here's a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don't realize that they have been abandoned, and still...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/07 10:2 p.m.10 views

Friday Squid Blogging: The Colossal Squid

Long article on the colossal squid. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/17 10:2 p.m.10 views

Friday Squid Blogging: Opioid Alternatives from Squid Research

Is there nothing that squid research can't solve? "If you're working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain," he said. … Researchers hope to...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/03 10:4 p.m.10 views

Friday Squid Blogging: Anniversary Post

I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week with maybe only a few exceptions. There is a lot out there about squid, even more if you count the other meanings of the word. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/03 2:46 p.m.10 views

ShredOS

ShredOS is a stripped-down operating system designed to destroy data. GitHub page here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/23 5:4 p.m.10 views

Criminal Complaint against LockBit Ransomware Writer

The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/14 5:1 p.m.10 views

Upcoming Speaking Events

This is a current list of where and when I am scheduled to speak: I'm speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM, in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/13 10:5 p.m.10 views

Friday Squid Blogging: Biology and Ecology of the Colossal Squid

Good survey paper. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/06 12:9 p.m.10 views

Detecting Pegasus Infections

This tool seems to do a pretty good job. The company's Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/02 12:8 p.m.10 views

Details about the iOS Inactivity Reboot Feature

I recently wrote about the new iOS feature that forces an iPhone to reboot after it's been inactive for a longish period of time. Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/22 10:1 p.m.10 views

Friday Squid Blogging: Transcriptome Analysis of the Indian Squid

Lots of details that are beyond me. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/19 12:5 p.m.10 views

Why Italy Sells So Much Spyware

Interesting analysis: Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/15 10:7 p.m.10 views

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/07 4:13 p.m.10 views

Prompt Injection Defenses Against LLM Cyberattacks

Interesting research: "Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks": Large language models LLMs are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defens...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/01 9:4 p.m.10 views

Friday Squid Blogging: Squid Sculpture in Massachusetts Building

Great blow-up sculpture. Blog moderation policy. The post Friday Squid Blogging: Squid Sculpture in Massachusetts Building appeared first on Schneier on Security...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/30 2:48 p.m.10 views

Simson Garfinkel on Spooky Cryptographic Action at a Distance

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/29 11:2 a.m.10 views

Law Enforcement Deanonymizes Tor Users

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/21 11:9 a.m.10 views

AI and the SEC Whistleblower Program

Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/18 9:8 p.m.10 views

Friday Squid Blogging: Squid Scarf

Cute squid scarf. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/09 11:5 a.m.10 views

Auto-Identification Smart Glasses

Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious--something similar was done in 2011--but the sort of creepy demo that gets attention. News article...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/07 11:2 a.m.10 views

Largest Recorded DDoS Attack is 3.8 Tbps

Cloudflare just blocked the current record DDoS attack: 3.8 terabits per second. Lots of good information on the attack, and DDoS in general, at the link. News article...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/03 11:4 a.m.10 views

Weird Zimbra Vulnerability

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It's critical, but difficult to exploit reliably. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren't likely to lead to...

7.5AI score
Exploits0
Total number of security vulnerabilities2988