Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2021/10/27 2:1 p.m.9 views

How the FBI Gets Location Information

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked I think 2019 139-page presentation...

3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/10/18 11:20 a.m.9 views

Missouri Governor Doesn’t Understand Responsible Disclosure

The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a states website, and then reported it to the state. The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers arou...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/05 8:1 p.m.9 views

Schneier.com is Moving

Im switching my website software from Movable Type to WordPress, and moving to a new host. The migration is expected to last from approximately 3 AM EST Monday until 4 PM EST Tuesday. The site will still be visible during that time, but comments will be disabled. This is to prevent any new commen...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.9 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/01 6:17 a.m.9 views

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/28 4:10 p.m.9 views

Friday Squid Blogging: How Squid Survive Freezing, Oxygen-Deprived Waters

Lots of interesting genetic details. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/28 7:4 p.m.9 views

I'm Leaving IBM

Today is my last day at IBM. If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak,...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 11:12 a.m.9 views

Third Annual Cybercrime Conference

Ross Anderson liveblogged the Third Annual Cybercrime Conference...

2.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/11 9:17 p.m.10 views

Friday Squid Blogging: How the Squid Lost Its Shell

Squids used to have shells. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

0.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/04 11:19 a.m.9 views

Detecting Laptop Tampering

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/05 9:46 p.m.9 views

Sensitive Super Bowl Security Documents Left on an Airplane

A CNN reporter found some sensitive -- but, technically, not classified -- documents about Super Bowl security in the front pocket of an airplane seat...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/21 12:49 p.m.9 views

Security Vulnerability in Apple's HomeKit

The story of the recent vulnerability in Apple's HomeKit...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/24 11:44 a.m.9 views

Hacking Fingerprint Readers with Master Prints

There's interesting research on using a set of "master" digital fingerprints to fool biometric readers. The work is theoretical at the moment, but they might be able to open about two-thirds of iPhones with these master prints. Definitely something to keep watching. Research paper behind a paywal...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/21 11:22 a.m.9 views

Tracing Spam from E-mail Headers

Interesting article from Brian Krebs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/14 4:1 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026. I'm speaking at the Greater...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/13 4:52 p.m.8 views

On Anthropic’s Mythos Preview and Project Glasswing

The cybersecurity industry is obsessing over Anthropic's new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whol...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/09 10:51 a.m.8 views

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/08 10:25 a.m.8 views

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file litellminit.pth, 34,628 bytes which is automatically executed by the Python interpreter on every startup, without...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 5:7 p.m.8 views

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/06 10:52 a.m.8 views

Google Wants to Transition to Post-Quantum Cryptography by 2029

Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing. Slashdot thread...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/20 11:2 a.m.8 views

Proton Mail Shared User Information with the Police

404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It's metadata--payment information related to a particular account--but still important knowledge. This sort of thing happens, even to privacy-centric companies like Prot...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/17 10:1 a.m.8 views

South Korean Police Accidentally Post Cryptocurrency Wallet Password

An expensive mistake: Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea's National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in law enforcement raids at...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/11 11:4 a.m.8 views

Canada Needs Nationalized, Public AI

Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by "sovereign AI" be captured in Canada, making a difference in the lives of Canadians, or is this...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/06 10:3 p.m.8 views

Friday Squid Blogging: Squid in Byzantine Monk Cooking

This is a very weird story about how squid stayed on the menu of Byzantine monks by falling between the cracks of dietary rules. At Constantinople's Monastery of Stoudios, the kitchen didn't answer to appetite. It answered to the "typikon": a manual for ensuring that nothing unexpected happened a...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/06 11:53 a.m.8 views

Claude Used to Hack Mexican Government

An unknown hacker used Anthropic's LLM to hack the Mexican government: The unknown Claude user wrote Spanish-language prompts for the chatbot to act as an elite hacker, finding vulnerabilities in government networks, writing computer scripts to exploit them and determining ways to automate data...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/27 12:4 p.m.8 views

Phishing Attacks Against People Seeking Programming Jobs

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/25 12:1 p.m.8 views

Poisoning AI Training Data

All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs." Every word is a lie. I claimed without evidence that competitive hot-dog-eating is a popular hobby among tech reporte...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/24 12:6 p.m.8 views

Is AI Good for Democracy?

Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we might see advancements in AI tip the scales in a...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/20 12:8 p.m.8 views

Ring Cancels Its Partnership with Flock

It's a demonstration of how toxic the surveillance-tech company Flock has become when Amazon's Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/14 5:4 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Ontario Tech University in Oshawa, Ontario, Canada, at 2 PM ET on Thursday, February 26, 2026. I’m speaking at the Personal AI Summit in Los Angeles, California, USA, on Thursday, March 5, 2026. I’m speaking at Tech...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/13 10:8 p.m.8 views

Friday Squid Blogging: Do Squid Dream?

An exploration of the interesting question...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/10 12:3 p.m.8 views

AI-Generated Text and the Detection Arms Race

In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. Near as the editors could tell, many submitters pasted the magazine’s detailed story guidelines into an AI and sent in the results. And they...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/06 12:0 p.m.8 views

iPhone Lockdown Mode Protects Washington Post Reporter

404Media is reporting that the FBI could not access a reporter's iPhone because it had Lockdown Mode enabled: The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson, in January as...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/30 3:35 p.m.8 views

AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

From an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates h...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/23 12:1 p.m.8 views

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. Th...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/22 12:35 p.m.8 views

Why AI Keeps Falling for Prompt Injection Attacks

Imagine you work at a drive-through restaurant. Someone drives up and says: "I'll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer." Would you hand over the money? Of course not. Yet this is what large language models LLMs do...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/15 12:5 p.m.8 views

New Vulnerability in n8n

This isn't good: We discovered a critical vulnerability CVE-2026-21858, CVSS 10.0 in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version...

10CVSS7.1AI score0.71647EPSS
Exploits18
Schneier on Security
Schneier on Security
added 2026/01/05 12:1 p.m.8 views

Telegram Hosting World’s Largest Darknet Market

Wired is reporting on Chinese darknet markets on Telegram. The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto tracing firm Elliptic. Despite a brief...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/02 12:3 p.m.8 views

Like Social Media, AI Requires Difficult Choices

In his 2020 book, "Future Politics , " British barrister Jamie Susskind wrote that the dominant question of the 20th century was "How much of our collective life should be determined by the state, and what should be left to the market and civil society?" But in the early decades of this century,...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/18 12:1 p.m.8 views

AI and Voter Engagement

Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integrating social...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/11 12:8 p.m.8 views

Prompt Injection in AI Browsers

This is why AIs are not ready to be personal assistants: A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/20 11:0 a.m.8 views

Agentic AI’s OODA Loop Problem

The OODA loop --for observe, orient, decide, act--is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make their decisions with untrustworthy observations and orientation. To solve this problem, we need...

7.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/17 11:3 a.m.8 views

A Surprising Amount of Satellite Traffic Is Unencrypted

Here's the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructur...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/10 9:2 p.m.8 views

Friday Squid Blogging: Sperm Whale Eating a Giant Squid

Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/10 11:6 a.m.8 views

Autonomous AI Hacking and the Future of Cybersecurity

AI agents are now hacking computers. They're getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/29 11:7 a.m.8 views

Abusing Notion’s AI Agent for Data Theft

Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson's lethal trifecta, it's vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private data --one of the most common purposes...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/18 11:6 a.m.8 views

Time-of-Check Time-of-Use Attacks Against LLMs

This is a nice piece of research: "Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents".: Abstract: Large Language Model LLM-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/15 9:7 p.m.8 views

Friday Squid Blogging: Squid-Shaped UFO Spotted Over Texas

Here's the story. The commenters on X formerly Twitter are unimpressed. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/22 11:5 a.m.8 views

“Encryption Backdoors and the Fourth Amendment”

Law journal article that looks at the DualECPRNG backdoor from a US constitutional perspective: Abstract : The National Security Agency NSA reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/18 11:7 a.m.8 views

New Mobile Phone Forensics Tool

The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, "MFSocket", reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gai...

7.4AI score
Exploits0
Total number of security vulnerabilities2981