Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2018/05/04 11:19 a.m.9 views

Detecting Laptop Tampering

Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/02/05 9:46 p.m.9 views

Sensitive Super Bowl Security Documents Left on an Airplane

A CNN reporter found some sensitive -- but, technically, not classified -- documents about Super Bowl security in the front pocket of an airplane seat...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/12/21 12:49 p.m.9 views

Security Vulnerability in Apple's HomeKit

The story of the recent vulnerability in Apple's HomeKit...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/05/24 11:44 a.m.9 views

Hacking Fingerprint Readers with Master Prints

There's interesting research on using a set of "master" digital fingerprints to fool biometric readers. The work is theoretical at the moment, but they might be able to open about two-thirds of iPhones with these master prints. Definitely something to keep watching. Research paper behind a paywal...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/21 11:22 a.m.9 views

Tracing Spam from E-mail Headers

Interesting article from Brian Krebs...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/07/03 11:15 a.m.8 views

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation: Officers can also tap into data showing a car's decals, bumper stickers, back and top racks--along with temporary and unique state tags. Flock calls it a "Vehicle Fingerprint" and it's touted as a way for law enforcement officials to get more information...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/14 4:1 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026. I'm speaking at the Greater...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/13 4:52 p.m.8 views

On Anthropic’s Mythos Preview and Project Glasswing

The cybersecurity industry is obsessing over Anthropic's new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whol...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/09 10:51 a.m.8 views

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/08 10:25 a.m.8 views

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file litellminit.pth, 34,628 bytes which is automatically executed by the Python interpreter on every startup, without...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 5:7 p.m.8 views

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/06 10:52 a.m.8 views

Google Wants to Transition to Post-Quantum Cryptography by 2029

Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing. Slashdot thread...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/26 11:6 a.m.8 views

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

In December, the Trump administration signed an executive order that neutered states' ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequenc...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/20 11:2 a.m.8 views

Proton Mail Shared User Information with the Police

404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It's metadata--payment information related to a particular account--but still important knowledge. This sort of thing happens, even to privacy-centric companies like Prot...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/17 10:1 a.m.8 views

South Korean Police Accidentally Post Cryptocurrency Wallet Password

An expensive mistake: Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea's National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in law enforcement raids at...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/12 7:59 p.m.8 views

iPhones and iPads Approved for NATO Classified Data

Apple announcement: …iPhone and iPad are the first and only consumer devices in compliance with the information assurance requirements of NATO nations. This enables iPhone and iPad to be used with classified information up to the NATO restricted level without requiring special software or...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/11 11:4 a.m.8 views

Canada Needs Nationalized, Public AI

Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by "sovereign AI" be captured in Canada, making a difference in the lives of Canadians, or is this...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/06 10:3 p.m.8 views

Friday Squid Blogging: Squid in Byzantine Monk Cooking

This is a very weird story about how squid stayed on the menu of Byzantine monks by falling between the cracks of dietary rules. At Constantinople's Monastery of Stoudios, the kitchen didn't answer to appetite. It answered to the "typikon": a manual for ensuring that nothing unexpected happened a...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/06 11:53 a.m.8 views

Claude Used to Hack Mexican Government

An unknown hacker used Anthropic's LLM to hack the Mexican government: The unknown Claude user wrote Spanish-language prompts for the chatbot to act as an elite hacker, finding vulnerabilities in government networks, writing computer scripts to exploit them and determining ways to automate data...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/27 12:5 p.m.8 views

Why Tehran’s Two-Tiered Internet Is So Dangerous

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January's government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/27 12:4 p.m.8 views

Phishing Attacks Against People Seeking Programming Jobs

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/25 12:1 p.m.8 views

Poisoning AI Training Data

All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs." Every word is a lie. I claimed without evidence that competitive hot-dog-eating is a popular hobby among tech reporte...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/14 5:4 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Ontario Tech University in Oshawa, Ontario, Canada, at 2 PM ET on Thursday, February 26, 2026. I’m speaking at the Personal AI Summit in Los Angeles, California, USA, on Thursday, March 5, 2026. I’m speaking at Tech...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/13 10:8 p.m.8 views

Friday Squid Blogging: Do Squid Dream?

An exploration of the interesting question...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/10 12:3 p.m.8 views

AI-Generated Text and the Detection Arms Race

In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. Near as the editors could tell, many submitters pasted the magazine’s detailed story guidelines into an AI and sent in the results. And they...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/06 12:0 p.m.8 views

iPhone Lockdown Mode Protects Washington Post Reporter

404Media is reporting that the FBI could not access a reporter's iPhone because it had Lockdown Mode enabled: The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson, in January as...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/30 3:35 p.m.8 views

AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

From an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates h...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/22 12:35 p.m.8 views

Why AI Keeps Falling for Prompt Injection Attacks

Imagine you work at a drive-through restaurant. Someone drives up and says: "I'll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer." Would you hand over the money? Of course not. Yet this is what large language models LLMs do...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/15 12:5 p.m.8 views

New Vulnerability in n8n

This isn't good: We discovered a critical vulnerability CVE-2026-21858, CVSS 10.0 in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version...

10CVSS7.1AI score0.71647EPSS
Exploits18
Schneier on Security
Schneier on Security
added 2025/12/02 12:3 p.m.8 views

Like Social Media, AI Requires Difficult Choices

In his 2020 book, "Future Politics , " British barrister Jamie Susskind wrote that the dominant question of the 20th century was "How much of our collective life should be determined by the state, and what should be left to the market and civil society?" But in the early decades of this century,...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/11 12:8 p.m.8 views

Prompt Injection in AI Browsers

This is why AIs are not ready to be personal assistants: A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/20 11:0 a.m.8 views

Agentic AI’s OODA Loop Problem

The OODA loop --for observe, orient, decide, act--is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make their decisions with untrustworthy observations and orientation. To solve this problem, we need...

7.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/17 11:3 a.m.8 views

A Surprising Amount of Satellite Traffic Is Unencrypted

Here's the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructur...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/10 9:2 p.m.8 views

Friday Squid Blogging: Sperm Whale Eating a Giant Squid

Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/10 11:6 a.m.8 views

Autonomous AI Hacking and the Future of Cybersecurity

AI agents are now hacking computers. They're getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer,...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/15 9:7 p.m.8 views

Friday Squid Blogging: Squid-Shaped UFO Spotted Over Texas

Here's the story. The commenters on X formerly Twitter are unimpressed. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/22 11:5 a.m.8 views

“Encryption Backdoors and the Fourth Amendment”

Law journal article that looks at the DualECPRNG backdoor from a US constitutional perspective: Abstract : The National Security Agency NSA reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/18 11:7 a.m.8 views

New Mobile Phone Forensics Tool

The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, "MFSocket", reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gai...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/25 11:4 a.m.8 views

What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/13 9:2 p.m.8 views

Friday Squid Blogging: Stubby Squid

Video of the stubby squid Rossia pacifica from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 11:3 a.m.8 views

NCSC Guidance on “Advanced Cryptography”

The UK's National Cyber Security Centre just released its white paper on "Advanced Cryptography," which it defines as "cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography." It includes things like...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/14 4:4 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST 8:00 AM ET. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/14 11:8 a.m.8 views

China Sort of Admits to Being Behind Volt Typhoon

The Wall Street Journal has the story: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers ar...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/07 10:4 p.m.8 views

Friday Squid Blogging: Squid Loyalty Cards

Squid is a loyalty card platform in Ireland. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/04 12:8 p.m.8 views

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/19 3:7 p.m.8 views

Device Code Phishing

This isn't new, but it's increasingly popular: The technique is known as device code phishing. It exploits "device code flow," a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar...

7.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/03 12:5 p.m.8 views

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the 90 users in...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/22 12:4 p.m.8 views

AI Will Write Complex Laws

Artificial intelligence AI is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies--all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is onl...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/13 12:1 p.m.8 views

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Not sure this will matter in the end, but it's a positive move: Microsoft is accusing three individuals of running a "hacking-as-a-service" scheme that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content. The foreign-based...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/07 12:0 p.m.8 views

US Treasury Department Sanctions Chinese Company Over Cyberattacks

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the...

7.5AI score
Exploits0
Total number of security vulnerabilities2981