Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2024/02/21 12:8 p.m.9 views

Details of a Phone Scam

First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And this is not a naive or stupid person. The details are fascinating. And if you think it couldnt happen to you, think again. Given the right set...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/16 10:4 p.m.9 views

Friday Squid Blogging: Vegan Squid-Ink Pasta

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/02/13 12:7 p.m.9 views

Molly White Reviews Blockchain Book

Molly White--of "Web3 is Going Just Great" fame--reviews Chris Dixons blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has successfully provided a non-speculative service at any kind of scale. The closest he...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/22 10:8 p.m.9 views

Friday Squid Blogging: Squid Parts into Fertilizer

Its squid parts from college dissections, so its not a volume operation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/20 12:5 p.m.9 views

GCHQ Christmas Codebreaking Challenge

Looks like fun. Details here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/14 4:23 p.m.9 views

Surveillance Cameras Disguised as Clothes Hooks

This seems like a bad idea. And there are ongoing lawsuits against Amazon for selling them...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/13 12:4 p.m.9 views

Surveillance by the US Postal Service

This is not about mass surveillance of mail, this is about the sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves: To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/11 12:10 p.m.9 views

Facebook Enables Messenger End-to-End Encryption by Default

Its happened. Details here, and tech details here for messages in transit and here for messages in storage Rollout to everyone will take months, but its a good day for both privacy and security. Slashdot thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/04 12:5 p.m.9 views

AI and Trust

I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers a...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/01 12:3 p.m.9 views

AI Decides to Engage in Insider Trading

A stock-trading AI a simulated experiment engaged in insider trading, even though it "knew" it was wrong. The agent is put under pressure in three ways. First, it receives a email from its "manager" that the company is not doing well and needs better performance in the next quarter. Second, the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/24 8:0 p.m.9 views

Chocolate Swiss Army Knife

Its realistic looking. If I drop it in a bin with my keys and wallet, will the TSA confiscate it?...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/10 11:24 a.m.9 views

Wisconsin Governor Hacks the Veto Process

In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/30 11:2 a.m.9 views

The US Is Spying on the UN Secretary General

The Washington Post is reporting that the US is spying on the UN Secretary General. The reports on Guterres appear to contain the secretary generals personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/19 10:52 a.m.9 views

Power LED Side-Channel Attack

This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader­--or of an attached peripheral device--­during cryptographic operations. This technique allowed the researchers to pull a...

10AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/02 9:13 p.m.9 views

Friday Squid Blogging: Squid Chromolithographs

Beautiful illustrations. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 6/4: Slashdot thread...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/05/14 4:5 p.m.9 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/02/15 12:13 p.m.9 views

Camera the Size of a Grain of Salt

Cameras are getting smaller and smaller, changing the scale and scope of surveillance...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/20 12:30 p.m.9 views

Trojaned Windows Installer Targets Ukraine

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian...

2.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/16 11:3 a.m.9 views

Russian Software Company Pretending to Be American

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian to...

1.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/19 11:16 a.m.9 views

Museum Security

Interesting interview: Banks dont take millions of dollars and put them in plastic bags and hang them on the wall so everybody can walk right up to them. But we do basically the same thing in museums and hang the assets right out on the wall. So its our job, then, to either use technology or...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/12 11:30 a.m.9 views

Recovering Passwords by Measuring Residual Heat

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting...

1.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/06 9:15 p.m.9 views

Friday Squid Blogging: Squid Filmed Changing Color for Camouflage Purposes

Video of oval squid Sepioteuthis lessoniana changing color in reaction to their background. The research paper claims this is the first time this has been documented. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog...

2.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/03/14 2:57 p.m.9 views

Upcoming Speaking Events

This is a current list of where and when I am scheduled to speak: I’m participating in an online panel discussion on “Ukraine and Russia: The Online War,” hosted by UMass Amherst, at 5:00 PM Eastern on March 31, 2022. I’m speaking at Future Summits in Antwerp, Belgium on May 18, 2022. I’m speakin...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/02/01 8:26 p.m.9 views

Me on App Store Monopolies and Security

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and its making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to...

0.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/28 10:4 p.m.9 views

Friday Squid Blogging: Cephalopods Thirty Million Years Older Than Previously Thought

New fossils from Newfoundland push the origins of cephalopods to 522 million years ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/19 12:10 p.m.9 views

Are Fake COVID Testing Sites Harvesting Data?

Over the past few weeks, Ive seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didnt make sense because it was far too labor intensive...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/01/10 12:21 p.m.9 views

Fake QR Codes on Parking Meters

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites...

3.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/08 12:3 p.m.9 views

Drones Carrying Explosives

Weve now had an unsuccessful assassination attempt by explosive-laden drones...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/03 11:10 a.m.9 views

Using Fake Student Accounts to Shill Brands

It turns out that its surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands: Basically, it appears that anyone with $300 to spare can ­- or could, depending on whether Harvard successfully shuts down...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/02 11:28 a.m.9 views

On Cell Phone Metadata

Interesting Twitter thread on how cell phone metadata can be used to identify and track people who dont want to be identified and tracked...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/27 2:1 p.m.9 views

How the FBI Gets Location Information

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked I think 2019 139-page presentation...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/18 11:20 a.m.9 views

Missouri Governor Doesn’t Understand Responsible Disclosure

The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a states website, and then reported it to the state. The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers arou...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/05 8:1 p.m.9 views

Schneier.com is Moving

Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.9 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 6:17 a.m.9 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 4:10 p.m.9 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/28 7:4 p.m.9 views

I'm Leaving IBM

Today is my last day at IBM. If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak,...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 5:10 p.m.9 views

New Report on Police Digital Forensics Techniques

According to a new CSIS report, "going dark" is not the most pressing problem facing law enforcement in the age of digital data: Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 11:12 a.m.9 views

Third Annual Cybercrime Conference

Ross Anderson liveblogged the Third Annual Cybercrime Conference...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/11 9:17 p.m.10 views

Friday Squid Blogging: How the Squid Lost Its Shell

Squids used to have shells. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/04 11:19 a.m.9 views

Detecting Laptop Tampering

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/05 9:46 p.m.9 views

Sensitive Super Bowl Security Documents Left on an Airplane

A CNN reporter found some sensitive -- but, technically, not classified -- documents about Super Bowl security in the front pocket of an airplane seat...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/21 12:49 p.m.9 views

Security Vulnerability in Apple's HomeKit

The story of the recent vulnerability in Apple's HomeKit...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/24 11:44 a.m.9 views

Hacking Fingerprint Readers with Master Prints

There's interesting research on using a set of "master" digital fingerprints to fool biometric readers. The work is theoretical at the moment, but they might be able to open about two-thirds of iPhones with these master prints. Definitely something to keep watching. Research paper behind a paywal...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/21 11:22 a.m.9 views

Tracing Spam from E-mail Headers

Interesting article from Brian Krebs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 3 days ago8 views

Cybersecurity and the Gap Between Skill and Ability

Last week, national security agencies from the Five Eyes--that's the rich, English-language-speaking countries club--jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 4 days ago8 views

Google Is Suing Chinese Scammers Who Are Using Gemini

Not sure this will have any effect, but I support the effort: According to Google's legal filing, Outsider Enterprise operates through Telegram. The group offers phishing-as-a-service to individuals who may not be technically savvy enough to set up fraudulent websites and text campaigns on their...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/03 11:15 a.m.8 views

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks--along with temporary and unique state tags. Flock calls it a "Vehicle Fingerprint" and it's touted as a way for law enforcement officials to get more information...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/14 4:1 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026. I'm speaking at the Greater...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/13 4:52 p.m.8 views

On Anthropic’s Mythos Preview and Project Glasswing

The cybersecurity industry is obsessing over Anthropic's new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whol...

5.8AI score
Exploits0
Total number of security vulnerabilities2981