Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2024/11/18 3:49 p.m.8 views

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/14 12:5 p.m.8 views

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn't been used for a few days, it automatically goes into its "Before First Unlock" state and has to be rebooted. This is a really good security feature. But various police departments don't like it,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/08 12:3 p.m.8 views

AI Industry is Trying to Subvert the Definition of “Open Source AI”

The Open Source Initiative has published news article here its definition of "open source AI," and it's terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code--it's how the model...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/05 12:8 p.m.8 views

AIs Discovering Vulnerabilities

I've been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren't very good at it yet, but they're...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/04 12:2 p.m.8 views

Sophos Versus the Chinese Hackers

Really interesting story of Sophos's five-year war against Chinese hackers...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/25 9:1 p.m.8 views

Friday Squid Blogging: Giant Squid Found on Spanish Beach

A giant squid has washed up on a beach in Northern Spain. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/25 1:56 p.m.8 views

Watermark for LLM-Generated Text

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this hard is 1 how much text is required for the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/23 6:16 p.m.8 views

Are Automatic License Plate Scanners Constitutional?

An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. "The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/18 1:58 p.m.8 views

Justice Department Indicts Tech CEO for Falsifying Security Certifications

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/04 9:7 p.m.8 views

Friday Squid Blogging: Map of All Colossal Squid Sightings

Interesting map, from this paper. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/01 11:7 a.m.8 views

Hacking ChatGPT by Planting False Memories into Its Data

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant "false memories" into that context window that could...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/27 9:6 p.m.8 views

Squid Fishing in Japan

Fishermen are catching more squid as other fish are depleted. Blog moderation policy...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/17 11:2 a.m.8 views

Python Developers Targeted with Malware During Fake Job Interviews

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign agains...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/16 2:49 p.m.8 views

Legacy Ivanti Cloud Service Appliance Being Exploited

CISA wants everyone--and government agencies in particular--to remove or upgrade an Ivanti Cloud Service Appliance CSA that is no longer being supported. Welcome to the security nightmare that is the Internet of Things...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/07 11:10 a.m.8 views

Problems with Georgia’s Voter Registration Portal

Its possible to cancel other peoples voter registrations: On Friday, four days after Georgia Democrats began warning that bad actors could abuse the states new online portal for canceling voter registrations, the Secretary of States Office acknowledged to ProPublica that it had identified multipl...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/05 11:7 a.m.8 views

New Patent Application for Car-to-Car Surveillance

Ford has a new patent application for a system where cars monitor each others speeds, and then report then to some central authority. Slashdot thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/30 11:7 a.m.8 views

Providing Security Updates to Automobile Software

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servici...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/28 9:1 p.m.8 views

Friday Squid Blogging: New Squid Species

A new squid species--of the Gonatidae family--was discovered. The video shows her holding a brood of very large eggs. Research paper...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/01 10:5 p.m.8 views

Friday Squid Blogging: Strawberry Squid in the Galápagos

Scientists have found Strawberry Squid, "whose mismatched eyes help them simultaneously search for prey above and below them," among the coral reefs in the Galápagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/29 12:9 p.m.8 views

Breaking Laptop Fingerprint Sensors

Theyre not that good: Security researchers Jesse DAguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/13 11:20 a.m.8 views

French Police Will Be Able to Spy on People through Their Cell Phones

The French police are getting new surveillance powers: French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5. … Covering laptops, cars and other connected objects as well ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/24 10:39 a.m.8 views

UK Threatens End-to-End Encryption

In an open letter, seven secure messaging apps--including Signal and WhatsApp--point out that the UKs Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/09 12:18 p.m.8 views

Defeating Phishing-Resistant Multifactor Authentication

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that "phishing-resistant" is not "phishing proof," and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/10 11:9 a.m.8 views

Complex Impersonation Story

This is a story of one piece of what is probably a complex employment scam. Basically, real programmers are having their resumes copied and co-opted by scammers, who apply for jobs or, I suppose, get recruited from various job sites, then hire other people with Western looks and language skills a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/01 9:6 p.m.8 views

Friday Squid Blogging: Multiplexing SQUIDs for X-ray Telescopes

NASA is researching new techniques for multiplexing SQUIDs--thats superconducting quantum interference devices--for X-ray observatories. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/25 10:18 a.m.8 views

SMS Phishing Attacks are on the Rise

SMS phishing attacks -- annoyingly called "smishing" -- are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the "Fedex package delivered" messages the article talks about. Mine are usually of the form: "Thank you fo...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/12 2:25 p.m.8 views

John Oliver on Data Brokers

John Oliver has an excellent segment on data brokers and surveillance capitalism...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/19 1:12 p.m.8 views

Iranian Cyberespionage Tools Leaked Online

The source code of a set of Iranian cyberespionage tools was leaked online...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/28 5:48 p.m.8 views

Jumping Airgaps with a Laser and a Scanner

Researchers have configured two computers to talk to each other using a laser and a scanner. Scanners work by detecting reflected light on their glass pane. The light creates a charge that the scanner translates into binary, which gets converted into an image. But scanners are sensitive to any...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added yesterday7 views

The Language of AI Could Change How Humans Speak

Because of the way they are trained, large language models capture only a slice of human language. They're trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the unscripted conversations we...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 9:45 a.m.7 views

Hong Kong Police Can Force You to Reveal Your Encryption Keys

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.--even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/03 11:8 a.m.7 views

Company that Secretly Records and Publishes Zoom Meetings

WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes alternate link the recordings. It doesn't use the Zoom record feature, so Zoom can't do anything about it...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/02 10:5 a.m.7 views

Possible US Government iPhone Hacking Tool Leaked

Wired writes alternate source: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/31 11:5 a.m.7 views

Inventors of Quantum Cryptography Win Turing Award

Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it's largely unnecessary. I wrote up my thoughts back in 2008,...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/30 11:8 a.m.7 views

Apple’s Camera Indicator Lights

A thoughtful review of Apple's system to alert users that the camera is on. It's really well-designed, and important in a world where malware could surreptitiously start recording. The reason it's tempting to think that a dedicated camera indicator light is more secure than an on-display indicato...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/24 11:3 a.m.7 views

Team Mirai and Democracy

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/20 9:6 p.m.7 views

Friday Squid Blogging: Jumbo Flying Squid in the South Pacific

The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/09 10:57 a.m.7 views

New Attack Against Wi-Fi

It's called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs Service Set Identifiers. This cross-layer identity...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/24 12:6 p.m.7 views

Is AI Good for Democracy?

Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we might see advancements in AI tip the scales in a...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/23 12:3 p.m.7 views

On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/20 12:8 p.m.7 views

Ring Cancels Its Partnership with Flock

It's a demonstration of how toxic the surveillance-tech company Flock has become when Amazon's Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/19 12:5 p.m.7 views

Malicious AI

Interesting: Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream python library. This represents a first-of-its-kind cas...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/12 12:1 p.m.7 views

3D Printer Surveillance

New York is contemplating a bill that adds surveillance to 3D printers: New York’s 2026­2027 executive budget bill S.9005 / A.10005 includes language that should alarm every maker, educator, and small manufacturer in the state. Buried in Part C is a provision requiring all 3D printers sold or...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/09 12:4 p.m.7 views

LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days

This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bu...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/02 12:5 p.m.7 views

AI Coding Assistants Secretly Copying All Code to China

There's a new report about two AI coding assistants, used by 1.5 million developers, that are surreptitiously sending a copy of everything they ingest to China. Maybe avoid using them...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/23 12:1 p.m.7 views

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. Th...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/20 12:8 p.m.7 views

Could ChatGPT Convince You to Buy Something?

Eighteen months ago, it was plausible that artificial intelligence might take a different path than social media. Back then, AI's development hadn't consolidated under a small number of big tech firms. Nor had it capitalized on consumer attention, surveilling users and delivering ads...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/05 12:1 p.m.7 views

Telegram Hosting World’s Largest Darknet Market

Wired is reporting on Chinese darknet markets on Telegram. The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto tracing firm Elliptic. Despite a brief...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/24 12:3 p.m.7 views

Urban VPN Proxy Surreptitiously Intercepts AI Chats

This is pretty scary: Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok xAI, Meta AI. For each platform, the extension includes a dedicated "executor" script designed to intercept and capture conversations. The...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/16 12:2 p.m.7 views

Chinese Surveillance and AI

New report: "The Party's AI: How China's New AI Systems are Reshaping Human Rights." From a summary article: China is already the world's largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there...

6.7AI score
Exploits0
Total number of security vulnerabilities2981