Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2025/05/02 11:3 a.m.8 views

NCSC Guidance on “Advanced Cryptography”

The UK's National Cyber Security Centre just released its white paper on "Advanced Cryptography," which it defines as "cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography." It includes things like...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/14 11:8 a.m.8 views

China Sort of Admits to Being Behind Volt Typhoon

The Wall Street Journal has the story: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers ar...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/07 10:4 p.m.8 views

Friday Squid Blogging: Squid Loyalty Cards

Squid is a loyalty card platform in Ireland. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/04 12:8 p.m.8 views

Trojaned AI Tool Leads to Disney Hack

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/19 3:7 p.m.8 views

Device Code Phishing

This isn't new, but it's increasingly popular: The technique is known as device code phishing. It exploits "device code flow," a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar...

7.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/14 5:1 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025. My talk is at 4:00 PM ET on the 15th. I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. The list is maintaine...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/03 12:5 p.m.8 views

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the 90 users in...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/22 12:4 p.m.8 views

AI Will Write Complex Laws

Artificial intelligence AI is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies--all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is onl...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/13 12:1 p.m.8 views

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Not sure this will matter in the end, but it's a positive move: Microsoft is accusing three individuals of running a "hacking-as-a-service" scheme that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content. The foreign-based...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/07 12:0 p.m.8 views

US Treasury Department Sanctions Chinese Company Over Cyberattacks

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/02 8:22 p.m.8 views

Google Is Allowing Device Fingerprinting

Lukasz Olejnik writes about device fingerprinting, and why Google's policy change to allow it in 2025 is a major privacy setback. EDITED TO ADD 1/12: Shashdot thread...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/31 12:2 p.m.8 views

Gift Card Fraud

It's becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/30 12:5 p.m.8 views

Salt Typhoon’s Reach Continues to Grow

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/18 4:40 p.m.8 views

New Advances in the Understanding of Prime Numbers

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/16 12:6 p.m.8 views

Short-Lived Certificates Coming to Let’s Encrypt

Starting next year: Our longstanding offering won't fundamentally change next year, but we are going to introduce a new offering that's a big shift from anything we've done before--short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/19 12:5 p.m.8 views

Why Italy Sells So Much Spyware

Interesting analysis: Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/18 3:49 p.m.8 views

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/14 12:5 p.m.8 views

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn't been used for a few days, it automatically goes into its "Before First Unlock" state and has to be rebooted. This is a really good security feature. But various police departments don't like it,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/04 12:2 p.m.8 views

Sophos Versus the Chinese Hackers

Really interesting story of Sophos's five-year war against Chinese hackers...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/31 3:16 p.m.8 views

Tracking World Leaders Using Strava

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/23 6:16 p.m.8 views

Are Automatic License Plate Scanners Constitutional?

An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. "The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/18 1:58 p.m.8 views

Justice Department Indicts Tech CEO for Falsifying Security Certifications

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/04 9:7 p.m.8 views

Friday Squid Blogging: Map of All Colossal Squid Sightings

Interesting map, from this paper. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/27 9:6 p.m.8 views

Squid Fishing in Japan

Fishermen are catching more squid as other fish are depleted. Blog moderation policy...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/17 11:2 a.m.8 views

Python Developers Targeted with Malware During Fake Job Interviews

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign agains...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/16 2:49 p.m.8 views

Legacy Ivanti Cloud Service Appliance Being Exploited

CISA wants everyone--and government agencies in particular--to remove or upgrade an Ivanti Cloud Service Appliance CSA that is no longer being supported. Welcome to the security nightmare that is the Internet of Things...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/07 11:10 a.m.8 views

Problems with Georgia’s Voter Registration Portal

Its possible to cancel other peoples voter registrations: On Friday, four days after Georgia Democrats began warning that bad actors could abuse the states new online portal for canceling voter registrations, the Secretary of States Office acknowledged to ProPublica that it had identified multipl...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/05 11:7 a.m.8 views

New Patent Application for Car-to-Car Surveillance

Ford has a new patent application for a system where cars monitor each others speeds, and then report then to some central authority. Slashdot thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/30 11:7 a.m.8 views

Providing Security Updates to Automobile Software

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servici...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/28 9:1 p.m.8 views

Friday Squid Blogging: New Squid Species

A new squid species--of the Gonatidae family--was discovered. The video shows her holding a brood of very large eggs. Research paper...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/01 10:5 p.m.8 views

Friday Squid Blogging: Strawberry Squid in the Galápagos

Scientists have found Strawberry Squid, "whose mismatched eyes help them simultaneously search for prey above and below them," among the coral reefs in the Galápagos Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/29 12:9 p.m.8 views

Breaking Laptop Fingerprint Sensors

Theyre not that good: Security researchers Jesse DAguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/13 11:20 a.m.8 views

French Police Will Be Able to Spy on People through Their Cell Phones

The French police are getting new surveillance powers: French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5. … Covering laptops, cars and other connected objects as well ...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/24 10:39 a.m.8 views

UK Threatens End-to-End Encryption

In an open letter, seven secure messaging apps--including Signal and WhatsApp--point out that the UKs Online Safety Bill could destroy end-to-end encryption: As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/11/09 12:18 p.m.8 views

Defeating Phishing-Resistant Multifactor Authentication

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that "phishing-resistant" is not "phishing proof," and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/10/10 11:9 a.m.8 views

Complex Impersonation Story

This is a story of one piece of what is probably a complex employment scam. Basically, real programmers are having their resumes copied and co-opted by scammers, who apply for jobs or, I suppose, get recruited from various job sites, then hire other people with Western looks and language skills a...

0.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/01 9:6 p.m.8 views

Friday Squid Blogging: Multiplexing SQUIDs for X-ray Telescopes

NASA is researching new techniques for multiplexing SQUIDs--thats superconducting quantum interference devices--for X-ray observatories. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/25 10:18 a.m.8 views

SMS Phishing Attacks are on the Rise

SMS phishing attacks -- annoyingly called "smishing" -- are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the "Fedex package delivered" messages the article talks about. Mine are usually of the form: "Thank you fo...

2.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/12 2:25 p.m.8 views

John Oliver on Data Brokers

John Oliver has an excellent segment on data brokers and surveillance capitalism...

3.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/04/19 1:12 p.m.8 views

Iranian Cyberespionage Tools Leaked Online

The source code of a set of Iranian cyberespionage tools was leaked online...

2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/04/28 5:48 p.m.8 views

Jumping Airgaps with a Laser and a Scanner

Researchers have configured two computers to talk to each other using a laser and a scanner. Scanners work by detecting reflected light on their glass pane. The light creates a charge that the scanner translates into binary, which gets converted into an image. But scanners are sensitive to any...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/07 9:45 a.m.7 views

Hong Kong Police Can Force You to Reveal Your Encryption Keys

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.--even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/03 11:8 a.m.7 views

Company that Secretly Records and Publishes Zoom Meetings

WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes alternate link the recordings. It doesn't use the Zoom record feature, so Zoom can't do anything about it...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/02 10:5 a.m.7 views

Possible US Government iPhone Hacking Tool Leaked

Wired writes alternate source: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/31 11:5 a.m.7 views

Inventors of Quantum Cryptography Win Turing Award

Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it's largely unnecessary. I wrote up my thoughts back in 2008,...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/30 11:8 a.m.7 views

Apple’s Camera Indicator Lights

A thoughtful review of Apple's system to alert users that the camera is on. It's really well-designed, and important in a world where malware could surreptitiously start recording. The reason it's tempting to think that a dedicated camera indicator light is more secure than an on-display indicato...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/25 11:2 a.m.7 views

Sen. Wyden Warns of Another Section 702 Abuse

Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved with support of many Democrats nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/24 11:3 a.m.7 views

Team Mirai and Democracy

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai, illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/20 9:6 p.m.7 views

Friday Squid Blogging: Jumbo Flying Squid in the South Pacific

The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/09 10:57 a.m.7 views

New Attack Against Wi-Fi

It's called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs Service Set Identifiers. This cross-layer identity...

5.8AI score
Exploits0
Total number of security vulnerabilities2981