Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2023/06/30 8:58 p.m.10 views

Friday Squid Blogging: See-Through Squid

Doryteuthis opalescens is known as the market squid, and was critical in the recent squid RNA research. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/12 11:18 a.m.10 views

AI-Generated Steganography

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/05 11:14 a.m.10 views

The Software-Defined Car

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/02 9:13 p.m.10 views

Friday Squid Blogging: Squid Chromolithographs

Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 6/4: Slashdot thread...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/12 9:4 p.m.10 views

Friday Squid Blogging: Giant Squid Video

A video--authentic, not a deep fake--of a giant squid close to the surface. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 9:6 p.m.10 views

Friday Squid Blogging: Creating Batteries Out of Squid Cells

This is fascinating: "When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey," he explains. This was intriguing news ­ and it sparked an idea in Hopkins lab where he’d been...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 7:8 p.m.10 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM CET. I’ll be discussing my new book A Hacker’s Mind: How the Powerful Bend Society’s Rules at...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/30 12:13 p.m.10 views

NIST Is Updating Its Cybersecurity Framework

NIST is planning a significant update of its Cybersecurity Framework. At this point, its asking for feedback and comments to its concept paper. 1. Do the proposed changes reflect the current cybersecurity landscape standards, risks, and technologies? 2. Are the proposed changes sufficient and...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/06 8:4 p.m.10 views

Schneier on Security Audiobook Sale

Im not sure why, but Audiobooks.com is offering the audiobook version of Schneier on Security at 50% off until January 17. EDITED TO ADD: The audiobook of We Have Root is 50% off until January 27 if you use this link...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/20 12:30 p.m.10 views

Trojaned Windows Installer Targets Ukraine

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/19 12:9 p.m.10 views

How to Surrender to a Drone

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: "Seeing the drone in the field of view, make eye contact with it," the video instructs. Soldiers should then raise their arms and signal theyre ready to follow. After that the drone...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/16 10:13 p.m.10 views

Friday Squid Blogging: Squid in Concert

Squid is performing a concert in London in February. If you dont know what their music is like, try this or this or this. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/15 12:10 p.m.10 views

A Security Vulnerability in the KmsdBot Botnet

Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command­--like its controllers did one day while Akamai was watching­--created a panic crash with an "index out of range" error. Because theres no persistence...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/07 12:4 p.m.10 views

The Decoupling Principle

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they ne...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/08 12:15 p.m.10 views

Using Wi-FI to See through Walls

This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/01 11:24 a.m.10 views

Iran’s Digital Surveillance Tools Leaked

Its Irans turn to have its digital surveillance tools leaked: According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/14 5:3 p.m.10 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum, online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/05 7:7 p.m.10 views

October Is Cybersecurity Awareness Month

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I dont think Ive ever mentioned it before. But the memes can be funny. Heres a decent...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/29 11:14 a.m.10 views

Differences in App Security/Privacy Based on Country

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/20 11:23 a.m.10 views

Hertzbleed: A New Side-Channel Attack

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but its not generally viable because measuring power consumption is often hard. This new attack measures power consumption ...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 7:33 p.m.10 views

Friday Squid Blogging: Squid Changes Color from Black to Transparent

Neat video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/27 6:40 p.m.10 views

Zero-Day Vulnerabilities Are on the Rise

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/22 12:9 p.m.10 views

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Interesting implementation mistake: The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authentica...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/20 1:57 p.m.10 views

Clever Cryptocurrency Theft

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportional votes based on the amount of currency they own. A clever hacker used a "flash loan" feature of another decentralized finance project to borrow enough of the currency ...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/04 11:13 a.m.10 views

Wyze Camera Vulnerability

Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case youre wondering, no, that is not normal in the security community. While experts tell me that the concept of a "responsible disclosur...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/30 11:29 a.m.10 views

Stalking with an Apple Watch

The malicious uses of these technologies are scary: Police reportedly arrived on the scene last week and found the man crouched beside the womans passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the womans passenger side front...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/08 12:1 p.m.10 views

Using Radar to Read Body Language

Yet another method of surveillance: Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exist...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/03 12:1 p.m.10 views

Interview with the Head of the NSA’s Research Directorate

MIT Technology Review published an interview with Gil Herrera, the new head of the NSAs Research Directorate. Theres a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/30 7:28 a.m.10 views

Intel Is Maintaining Legacy Technology for Security Research

Interesting: Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old product...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/04 11:52 a.m.10 views

US Blacklists NSO Group

The Israeli cyberweapons arms manufacturer -- and human rights violator, and probably war criminal -- NSO Group has been added to the US Department of Commerces trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, itll make it harder...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/21 11:5 a.m.10 views

Alaska’s Department of Health and Social Services Hack

Apparently, a nation-state hacked Alaskas Department of Health and Social Services. Not sure why Alaskas Department of Health and Social Services is of any interest to a nation-state, but thats probably just my failure of imagination...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/16 9:3 p.m.10 views

Friday Squid Blogging: Chinese Squid Fishing Near the Galapagos

The Chinese have been illegally squid fishing near the Galapagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/08 6:12 a.m.10 views

More on NIST’s Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/04 6:2 a.m.10 views

Hacking AI-Graded Tests

The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/04 11:42 a.m.10 views

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 5:10 p.m.10 views

New Report on Police Digital Forensics Techniques

According to a new CSIS report, "going dark" is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/19 12:6 p.m.10 views

GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability

Now this is good news. The UK's National Cyber Security Centre NCSC -- part of GCHQ -- found a serious vulnerability in Windows Defender their anti-virus component. Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/18 12:8 p.m.10 views

Lessons Learned from the Estonian National ID Security Flaw

Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/23 10:55 a.m.10 views

The Future of Ransomware

Ransomware isn't new, but it's increasingly popular and profitable. The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step-by-step instructions on how to pay,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 3 days ago9 views

The Language of AI Could Change How Humans Speak

Because of the way they are trained, large language models capture only a slice of human language. They're trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the unscripted conversations we...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/03 11:15 a.m.9 views

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks--along with temporary and unique state tags. Flock calls it a "Vehicle Fingerprint" and it's touted as a way for law enforcement officials to get more information...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/29 10:55 a.m.9 views

Robot Police Officers

We've taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/08 5:6 p.m.9 views

Critical Zcash Vulnerability Found and Fixed

If you're a user--owner?--of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enou...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/30 10:22 a.m.9 views

Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It's almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: "…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malwar...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/24 9:3 p.m.9 views

Friday Squid Blogging: How Squid Survived Extinction Events

Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago,...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/17 9:5 p.m.9 views

Friday Squid Blogging: New Giant Squid Video

Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/16 9:41 a.m.9 views

Human Trust of AI Agents

Interesting research: "Humans expect rationality and cooperation from LLM opponents in strategic games." Abstract: As Large Language Models LLMs integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/10 9:3 p.m.9 views

Friday Squid Blogging: Squid Overfishing in the South Pacific

Regulation is hard: The South Pacific Regional Fisheries Management Organization SPRFMO oversees fishing across roughly 59 million square kilometers 22 million square miles of the South Pacific high seas, trying to impose order on a region double the size of Africa, where distant-water fleets...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/26 11:6 a.m.9 views

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/23 11:1 a.m.9 views

Microsoft Xbox One Hacked

It's an impressive feat, over a decade after the box was released: Since reset glitching wasn't possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pins the hacker targeted the momentary collapse of the CPU voltage rail. This was...

5.9AI score
Exploits0
Total number of security vulnerabilities2981