Lucene search
K
SchneierMost viewed

2982 matches found

Schneier on Security
Schneier on Security
added 2024/01/24 12:6 p.m.10 views

Poisoning AI Models

New research into poisoning AI models: The researchers first trained the AI models using supervised learning and then used additional "safety training" methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidde...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/22 10:8 p.m.10 views

Friday Squid Blogging: Squid Parts into Fertilizer

Its squid parts from college dissections, so its not a volume operation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/13 12:4 p.m.10 views

Surveillance by the US Postal Service

This is not about mass surveillance of mail, this is about the sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves: To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/10 11:9 a.m.10 views

Model Extraction Attack on Neural Networks

Adi Shamir et al. have a new model extraction attack on neural networks: Polynomial Time Cryptanalytic Extraction of Neural Network Models Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks DNNs for a variety of tasks. Thus, it is essential ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/08/30 1:39 p.m.10 views

When Apps Go Rogue

Interesting story of an Apple Macintosh app that went rogue. Basically, it was a good app until one particular update…when it went bad. With more official macOS features added in 2021 that enabled the "Night Shift" dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/21 9:10 p.m.10 views

Friday Squid Blogging: Chromatophores

Neat: Chromatophores are tiny color-changing cells in cephalopods. Watch them blink back and forth from purple to white on this squids skin in an Instagram video taken by Drew Chicone… Its completely hypnotic to watch these tiny cells flash with color. Its as if the squid has a little sky full of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/14 11:9 a.m.10 views

Buying Campaign Contributions as a Hack

The first Republican primary debate has a popularity threshold to determine who gets to appear: 40,000 individual contributors. Now there are a lot of conventional ways a candidate can get that many contributors. Doug Burgum came up with a novel idea: buy them: A long-shot contender at the bottom...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/30 8:58 p.m.10 views

Friday Squid Blogging: See-Through Squid

Doryteuthis opalescens is known as the market squid, and was critical in the recent squid RNA research. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/12 11:18 a.m.10 views

AI-Generated Steganography

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. While this problem has...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/05 11:14 a.m.10 views

The Software-Defined Car

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/02 9:13 p.m.10 views

Friday Squid Blogging: Squid Chromolithographs

Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 6/4: Slashdot thread...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/12 9:4 p.m.10 views

Friday Squid Blogging: Giant Squid Video

A video--authentic, not a deep fake--of a giant squid close to the surface. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/24 9:6 p.m.10 views

Friday Squid Blogging: Creating Batteries Out of Squid Cells

This is fascinating: "When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey," he explains. This was intriguing news ­ and it sparked an idea in Hopkins lab where he’d been...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/03/14 7:8 p.m.10 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM CET. I’ll be discussing my new book A Hacker’s Mind: How the Powerful Bend Society’s Rules at...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/30 12:13 p.m.10 views

NIST Is Updating Its Cybersecurity Framework

NIST is planning a significant update of its Cybersecurity Framework. At this point, its asking for feedback and comments to its concept paper. 1. Do the proposed changes reflect the current cybersecurity landscape standards, risks, and technologies? 2. Are the proposed changes sufficient and...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/06 8:4 p.m.10 views

Schneier on Security Audiobook Sale

Im not sure why, but Audiobooks.com is offering the audiobook version of Schneier on Security at 50% off until January 17. EDITED TO ADD: The audiobook of We Have Root is 50% off until January 27 if you use this link...

2.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/20 12:30 p.m.10 views

Trojaned Windows Installer Targets Ukraine

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/19 12:9 p.m.10 views

How to Surrender to a Drone

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone: "Seeing the drone in the field of view, make eye contact with it," the video instructs. Soldiers should then raise their arms and signal theyre ready to follow. After that the drone...

2.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/16 10:13 p.m.10 views

Friday Squid Blogging: Squid in Concert

Squid is performing a concert in London in February. If you dont know what their music is like, try this or this or this. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/15 12:10 p.m.10 views

A Security Vulnerability in the KmsdBot Botnet

Security researchers found a software bug in the KmsdBot cryptomining botnet: With no error-checking built in, sending KmsdBot a malformed command­--like its controllers did one day while Akamai was watching­--created a panic crash with an "index out of range" error. Because theres no persistence...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/07 12:4 p.m.10 views

The Decoupling Principle

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they ne...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/08 12:15 p.m.10 views

Using Wi-FI to See through Walls

This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/01 11:24 a.m.10 views

Iran’s Digital Surveillance Tools Leaked

Its Irans turn to have its digital surveillance tools leaked: According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/14 5:3 p.m.10 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum, online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/05 7:7 p.m.10 views

October Is Cybersecurity Awareness Month

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I dont think Ive ever mentioned it before. But the memes can be funny. Heres a decent...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/29 11:14 a.m.10 views

Differences in App Security/Privacy Based on Country

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/20 11:23 a.m.10 views

Hertzbleed: A New Side-Channel Attack

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but its not generally viable because measuring power consumption is often hard. This new attack measures power consumption ...

0.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/09 7:33 p.m.10 views

Friday Squid Blogging: Squid Changes Color from Black to Transparent

Neat video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/27 6:40 p.m.10 views

Zero-Day Vulnerabilities Are on the Rise

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/22 12:9 p.m.10 views

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Interesting implementation mistake: The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authentica...

0.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/20 1:57 p.m.10 views

Clever Cryptocurrency Theft

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportional votes based on the amount of currency they own. A clever hacker used a "flash loan" feature of another decentralized finance project to borrow enough of the currency ...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/04 11:13 a.m.10 views

Wyze Camera Vulnerability

Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case youre wondering, no, that is not normal in the security community. While experts tell me that the concept of a "responsible disclosur...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/30 11:29 a.m.10 views

Stalking with an Apple Watch

The malicious uses of these technologies are scary: Police reportedly arrived on the scene last week and found the man crouched beside the womans passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the womans passenger side front...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/08 12:1 p.m.10 views

Using Radar to Read Body Language

Yet another method of surveillance: Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exist...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/03 12:1 p.m.10 views

Interview with the Head of the NSA’s Research Directorate

MIT Technology Review published an interview with Gil Herrera, the new head of the NSAs Research Directorate. Theres a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/30 7:28 a.m.10 views

Intel Is Maintaining Legacy Technology for Security Research

Interesting: Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old product...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/04 11:52 a.m.10 views

US Blacklists NSO Group

The Israeli cyberweapons arms manufacturer -- and human rights violator, and probably war criminal -- NSO Group has been added to the US Department of Commerces trade blacklist. US companies and individuals cannot sell to them. Aside from the obvious difficulties this causes, itll make it harder...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/03 11:10 a.m.10 views

Using Fake Student Accounts to Shill Brands

It turns out that its surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands: Basically, it appears that anyone with $300 to spare can ­- or could, depending on whether Harvard successfully shuts down...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/09/21 11:5 a.m.10 views

Alaska’s Department of Health and Social Services Hack

Apparently, a nation-state hacked Alaskas Department of Health and Social Services. Not sure why Alaskas Department of Health and Social Services is of any interest to a nation-state, but thats probably just my failure of imagination...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/10/16 9:3 p.m.10 views

Friday Squid Blogging: Chinese Squid Fishing Near the Galapagos

The Chinese have been illegally squid fishing near the Galapagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/08 6:12 a.m.10 views

More on NIST’s Post-Quantum Cryptography

Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard. Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff. NOTE: Were in the process of moving this blog to WordPress. Comments will be disabled until the move is...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/05/04 11:42 a.m.10 views

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name...

2.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 5:10 p.m.10 views

New Report on Police Digital Forensics Techniques

According to a new CSIS report, "going dark" is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/04 11:19 a.m.10 views

Detecting Laptop Tampering

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/19 12:6 p.m.10 views

GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability

Now this is good news. The UK's National Cyber Security Centre NCSC -- part of GCHQ -- found a serious vulnerability in Windows Defender their anti-virus component. Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/23 10:55 a.m.10 views

The Future of Ransomware

Ransomware isn't new, but it's increasingly popular and profitable. The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step-by-step instructions on how to pay,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/03 11:15 a.m.9 views

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks--along with temporary and unique state tags. Flock calls it a "Vehicle Fingerprint" and it's touted as a way for law enforcement officials to get more information...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/29 10:55 a.m.9 views

Robot Police Officers

We've taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/08 5:6 p.m.9 views

Critical Zcash Vulnerability Found and Fixed

If you're a user--owner?--of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enou...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/30 10:22 a.m.9 views

Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It's almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: "…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malwar...

5.3AI score
Exploits0
Total number of security vulnerabilities2982