Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 2024/12/06 12:9 p.m.9 views

Detecting Pegasus Infections

This tool seems to do a pretty good job. The company's Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/22 10:1 p.m.9 views

Friday Squid Blogging: Transcriptome Analysis of the Indian Squid

Lots of details that are beyond me. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/20 4:22 p.m.9 views

Steve Bellovin’s Retirement Talk

Steve Bellovin is retiring. Here's his retirement talk, reflecting on his career and what the cybersecurity field needs next...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/15 10:7 p.m.9 views

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/01 9:4 p.m.9 views

Friday Squid Blogging: Squid Sculpture in Massachusetts Building

Great blow-up sculpture. Blog moderation policy. The post Friday Squid Blogging: Squid Sculpture in Massachusetts Building appeared first on Schneier on Security...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/30 2:48 p.m.9 views

Simson Garfinkel on Spooky Cryptographic Action at a Distance

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/29 11:2 a.m.9 views

Law Enforcement Deanonymizes Tor Users

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/18 9:8 p.m.9 views

Friday Squid Blogging: Squid Scarf

Cute squid scarf. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/14 4:49 p.m.9 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/26 11:3 a.m.9 views

An Analysis of the EU’s Cyber Resilience Act

A good--long, complex--analysis of the EU's new Cyber Resilience Act...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/23 3:46 p.m.9 views

Hacking the “Bike Angels” System for Moving Bikeshares

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/19 3:40 p.m.9 views

FBI Shuts Down Chinese Botnet

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/06 9:9 p.m.9 views

Friday Squid Blogging: Live Video of Promachoteuthis Squid

The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/06 3:16 p.m.9 views

YubiKey Side-Channel Attack

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. Its a complicated attack, requiring the victims username and password, and physical access to their YubiKey--as well as some technical expertise and equipment. Still, nice piece of security analysi...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/27 11:8 a.m.9 views

The Present and Future of TV Surveillance

Ars Technica has a good article on whats happening in the world of television surveillance. More than even I realized...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/09 1:24 p.m.9 views

People-Search Site Removal Services Largely Ineffective

Consumer Reports has a new study of people-search site removal services, concluding that they dont really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/02 11:1 a.m.9 views

Leaked GitHub Python Token

Heres a disaster that didnt happen: Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/01 11:3 a.m.9 views

Education in Secure Software Development

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/14 4:5 p.m.9 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking--along with John Bruce, the CEO and Co-founder of Inrupt--at the 18th Annual CDOIQ Symposium in Cambridge, Massachusetts, USA. The symposium runs from July 16 through 18, 2024, and my session is on Tuesday, July 16 at...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/09 4:27 p.m.9 views

Reverse-Engineering Ticketmaster’s Barcode System

Interesting: By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removin...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/21 9:6 p.m.9 views

Friday Squid Blogging: Squid Nebula

Beautiful astronomical photo...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/03/12 11:12 a.m.9 views

Jailbreaking LLMs with ASCII Art

Researchers have demonstrated that putting words in ASCII art can cause LLMs--GPT-3.5, GPT-4, Gemini, Claude, and Llama2--to ignore their safety instructions. Research paper...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/16 10:4 p.m.9 views

Friday Squid Blogging: Vegan Squid-Ink Pasta

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/13 12:7 p.m.9 views

Molly White Reviews Blockchain Book

Molly White--of "Web3 is Going Just Great" fame--reviews Chris Dixons blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/30 8:8 p.m.9 views

New Images of Colossus Released

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machines eightieth anniversary birthday?. News article...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/24 12:6 p.m.9 views

Poisoning AI Models

New research into poisoning AI models: The researchers first trained the AI models using supervised learning and then used additional "safety training" methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidde...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/20 12:5 p.m.9 views

GCHQ Christmas Codebreaking Challenge

Looks like fun. Details here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/14 4:23 p.m.9 views

Surveillance Cameras Disguised as Clothes Hooks

This seems like a bad idea. And there are ongoing lawsuits against Amazon for selling them...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/11 12:10 p.m.9 views

Facebook Enables Messenger End-to-End Encryption by Default

Its happened. Details here, and tech details here for messages in transit and here for messages in storage Rollout to everyone will take months, but its a good day for both privacy and security. Slashdot thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/04 12:5 p.m.9 views

AI and Trust

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/01 12:3 p.m.9 views

AI Decides to Engage in Insider Trading

A stock-trading AI a simulated experiment engaged in insider trading, even though it "knew" it was wrong. The agent is put under pressure in three ways. First, it receives a email from its "manager" that the company is not doing well and needs better performance in the next quarter. Second, the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/10 11:24 a.m.9 views

Wisconsin Governor Hacks the Veto Process

In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/14 4:5 p.m.9 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/16 11:3 a.m.9 views

Russian Software Company Pretending to Be American

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian to...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/19 11:16 a.m.9 views

Museum Security

Interesting interview: Banks dont take millions of dollars and put them in plastic bags and hang them on the wall so everybody can walk right up to them. But we do basically the same thing in museums and hang the assets right out on the wall. So its our job, then, to either use technology or...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/06 9:15 p.m.9 views

Friday Squid Blogging: Squid Filmed Changing Color for Camouflage Purposes

Video of oval squid Sepioteuthis lessoniana changing color in reaction to their background. The research paper claims this is the first time this has been documented. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/01 8:26 p.m.9 views

Me on App Store Monopolies and Security

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and its making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/28 10:4 p.m.9 views

Friday Squid Blogging: Cephalopods Thirty Million Years Older Than Previously Thought

New fossils from Newfoundland push the origins of cephalopods to 522 million years ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/19 12:10 p.m.9 views

Are Fake COVID Testing Sites Harvesting Data?

Over the past few weeks, Ive seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didnt make sense because it was far too labor intensive...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/10 12:21 p.m.9 views

Fake QR Codes on Parking Meters

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/08 12:3 p.m.9 views

Drones Carrying Explosives

Weve now had an unsuccessful assassination attempt by explosive-laden drones...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/27 2:1 p.m.9 views

How the FBI Gets Location Information

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked I think 2019 139-page presentation...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/05 8:1 p.m.9 views

Schneier.com is Moving

Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.9 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 6:17 a.m.9 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 4:10 p.m.9 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 11:12 a.m.9 views

Third Annual Cybercrime Conference

Ross Anderson liveblogged the Third Annual Cybercrime Conference...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/19 12:6 p.m.9 views

GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability

Now this is good news. The UK's National Cyber Security Centre NCSC -- part of GCHQ -- found a serious vulnerability in Windows Defender their anti-virus component. Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/18 12:8 p.m.9 views

Lessons Learned from the Estonian National ID Security Flaw

Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/24 11:44 a.m.9 views

Hacking Fingerprint Readers with Master Prints

There's interesting research on using a set of "master" digital fingerprints to fool biometric readers. The work is theoretical at the moment, but they might be able to open about two-thirds of iPhones with these master prints. Definitely something to keep watching. Research paper behind a paywal...

6.9AI score
Exploits0
Total number of security vulnerabilities2979