Lucene search
K
SchneierMost viewed

2979 matches found

Schneier on Security
Schneier on Security
added 6 days ago8 views

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks--along with temporary and unique state tags. Flock calls it a "Vehicle Fingerprint" and it's touted as a way for law enforcement officials to get more information...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/08 5:6 p.m.8 views

Critical Zcash Vulnerability Found and Fixed

If you're a user--owner?--of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enou...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/30 10:22 a.m.8 views

Fast16 Malware

Researchers have reverse-engineered a piece of malware named Fast16. It's almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: "…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malwar...

5.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/24 9:3 p.m.8 views

Friday Squid Blogging: How Squid Survived Extinction Events

Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago,...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/17 9:5 p.m.8 views

Friday Squid Blogging: New Giant Squid Video

Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/16 9:41 a.m.8 views

Human Trust of AI Agents

Interesting research: "Humans expect rationality and cooperation from LLM opponents in strategic games." Abstract: As Large Language Models LLMs integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs opponents in strategic settings. ...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/13 10:10 a.m.8 views

AI Chatbots and Trust

All the leading AI chatbots are sycophantic, and that's a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically ­ they couldn't tell the difference betwe...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/09 10:51 a.m.8 views

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/08 10:25 a.m.8 views

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file litellminit.pth, 34,628 bytes which is automatically executed by the Python interpreter on every startup, without...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 5:7 p.m.8 views

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/06 10:52 a.m.8 views

Google Wants to Transition to Post-Quantum Cryptography by 2029

Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing. Slashdot thread...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/26 11:6 a.m.8 views

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/23 11:1 a.m.8 views

Microsoft Xbox One Hacked

It's an impressive feat, over a decade after the box was released: Since reset glitching wasn't possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pins the hacker targeted the momentary collapse of the CPU voltage rail. This was...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/12 7:59 p.m.8 views

iPhones and iPads Approved for NATO Classified Data

Apple announcement: …iPhone and iPad are the first and only consumer devices in compliance with the information assurance requirements of NATO nations. This enables iPhone and iPad to be used with classified information up to the NATO restricted level without requiring special software or...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/06 10:3 p.m.8 views

Friday Squid Blogging: Squid in Byzantine Monk Cooking

This is a very weird story about how squid stayed on the menu of Byzantine monks by falling between the cracks of dietary rules. At Constantinople's Monastery of Stoudios, the kitchen didn't answer to appetite. It answered to the "typikon": a manual for ensuring that nothing unexpected happened a...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/06 11:53 a.m.8 views

Claude Used to Hack Mexican Government

An unknown hacker used Anthropic's LLM to hack the Mexican government: The unknown Claude user wrote Spanish-language prompts for the chatbot to act as an elite hacker, finding vulnerabilities in government networks, writing computer scripts to exploit them and determining ways to automate data...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/27 12:5 p.m.8 views

Why Tehran’s Two-Tiered Internet Is So Dangerous

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January's government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/27 12:4 p.m.8 views

Phishing Attacks Against People Seeking Programming Jobs

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/25 12:1 p.m.8 views

Poisoning AI Training Data

All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs." Every word is a lie. I claimed without evidence that competitive hot-dog-eating is a popular hobby among tech reporte...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/06 12:0 p.m.8 views

iPhone Lockdown Mode Protects Washington Post Reporter

404Media is reporting that the FBI could not access a reporter's iPhone because it had Lockdown Mode enabled: The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson, in January as...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/19 12:4 p.m.8 views

Legal Restrictions on Vulnerability Disclosure

Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities--exactly the opposite of what the responsible disclosure movement of the early...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/11 12:8 p.m.8 views

Prompt Injection in AI Browsers

This is why AIs are not ready to be personal assistants: A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/17 11:3 a.m.8 views

A Surprising Amount of Satellite Traffic Is Unencrypted

Here's the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructur...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/10 11:6 a.m.8 views

Autonomous AI Hacking and the Future of Cybersecurity

AI agents are now hacking computers. They're getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/02 11:8 a.m.8 views

1965 Cryptanalysis Training Workbook Released by the NSA

In the early 1960s, National Security Agency cryptanalyst and cryptanalysis instructor Lambros D. Callimahos coined the term "Stethoscope" to describe a diagnostic computer program used to unravel the internal structure of pre-computer ciphertexts. The term appears in the newly declassified...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/21 11:2 a.m.8 views

Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture

Well, this is interesting: The auction, which will include other items related to cryptology, will be held Nov. 20. RR Auction, the company arranging the sale, estimates a winning bid between $300,000 and $500,000. Along with the original handwritten plain text of K4 and other papers related to t...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/22 11:5 a.m.8 views

“Encryption Backdoors and the Fourth Amendment”

Law journal article that looks at the DualECPRNG backdoor from a US constitutional perspective: Abstract : The National Security Agency NSA reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/26 11:0 a.m.8 views

White House Bans WhatsApp

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risk...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/25 11:4 a.m.8 views

What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/13 9:2 p.m.8 views

Friday Squid Blogging: Stubby Squid

Video of the stubby squid Rossia pacifica from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 11:3 a.m.8 views

NCSC Guidance on “Advanced Cryptography”

The UK's National Cyber Security Centre just released its white paper on "Advanced Cryptography," which it defines as "cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography." It includes things like...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/14 4:4 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST 8:00 AM ET. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/14 11:8 a.m.8 views

China Sort of Admits to Being Behind Volt Typhoon

The Wall Street Journal has the story: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers ar...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/07 10:4 p.m.8 views

Friday Squid Blogging: Squid Loyalty Cards

Squid is a loyalty card platform in Ireland. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/04 12:8 p.m.8 views

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/19 3:7 p.m.8 views

Device Code Phishing

This isn't new, but it's increasingly popular: The technique is known as device code phishing. It exploits "device code flow," a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar...

7.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/03 12:5 p.m.8 views

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the 90 users in...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/22 12:4 p.m.8 views

AI Will Write Complex Laws

Artificial intelligence AI is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies--all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is onl...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/15 12:0 p.m.8 views

Phishing False Alarm

A very security-conscious company was hit with a presumed massive state-actor phishing attack with gift cards, and everyone rallied to combat it--until it turned out it was company management sending the gift cards...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/13 12:1 p.m.8 views

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Not sure this will matter in the end, but it's a positive move: Microsoft is accusing three individuals of running a "hacking-as-a-service" scheme that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content. The foreign-based...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/31 12:2 p.m.8 views

Gift Card Fraud

It's becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/30 12:5 p.m.8 views

Salt Typhoon’s Reach Continues to Grow

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/20 10:0 p.m.8 views

Friday Squid Blogging: Squid Sticker

A sticker for your water bottle. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/18 4:40 p.m.8 views

New Advances in the Understanding of Prime Numbers

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/19 12:5 p.m.8 views

Why Italy Sells So Much Spyware

Interesting analysis: Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/18 3:49 p.m.8 views

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/14 12:5 p.m.8 views

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn't been used for a few days, it automatically goes into its "Before First Unlock" state and has to be rebooted. This is a really good security feature. But various police departments don't like it,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/08 12:3 p.m.8 views

AI Industry is Trying to Subvert the Definition of “Open Source AI”

The Open Source Initiative has published news article here its definition of "open source AI," and it's terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code--it's how the model...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/05 12:8 p.m.8 views

AIs Discovering Vulnerabilities

I've been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren't very good at it yet, but they're...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/04 12:2 p.m.8 views

Sophos Versus the Chinese Hackers

Really interesting story of Sophos's five-year war against Chinese hackers...

7.3AI score
Exploits0
Total number of security vulnerabilities2979