Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2026/02/23 12:3 p.m.7 views

On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/19 12:5 p.m.7 views

Malicious AI

Interesting: Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream python library. This represents a first-of-its-kind cas...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/12 12:1 p.m.7 views

3D Printer Surveillance

New York is contemplating a bill that adds surveillance to 3D printers: New York’s 2026­2027 executive budget bill S.9005 / A.10005 includes language that should alarm every maker, educator, and small manufacturer in the state. Buried in Part C is a provision requiring all 3D printers sold or...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/09 12:4 p.m.7 views

LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days

This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bu...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/02 12:5 p.m.7 views

AI Coding Assistants Secretly Copying All Code to China

There's a new report about two AI coding assistants, used by 1.5 million developers, that are surreptitiously sending a copy of everything they ingest to China. Maybe avoid using them...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/23 12:1 p.m.7 views

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. Th...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/20 12:8 p.m.7 views

Could ChatGPT Convince You to Buy Something?

Eighteen months ago, it was plausible that artificial intelligence might take a different path than social media. Back then, AI's development hadn't consolidated under a small number of big tech firms. Nor had it capitalized on consumer attention, surveilling users and delivering ads...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/24 12:3 p.m.7 views

Urban VPN Proxy Surreptitiously Intercepts AI Chats

This is pretty scary: Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok xAI, Meta AI. For each platform, the extension includes a dedicated "executor" script designed to intercept and capture conversations. The...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/16 12:2 p.m.7 views

Chinese Surveillance and AI

New report: "The Party's AI: How China's New AI Systems are Reshaping Human Rights." From a summary article: China is already the world's largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/12 10:0 p.m.7 views

Friday Squid Blogging: Giant Squid Eating a Diamondback Squid

I have no context for this video--it's from Reddit--but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting. With so many people carrying around cameras, we're getting more videos of giant squid at the surface than in...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/28 2:54 p.m.7 views

Prompt Injection Through Poetry

In a new paper, "Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models," researchers found that turning LLM prompts into poetry resulted in jailbreaking the models: Abstract : We present evidence that adversarial poetry functions as a universal single-turn...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/24 12:3 p.m.7 views

IACR Nullifies Election Because of Lost Decryption Key

The International Association of Cryptologic Research--the academic cryptography association that's been putting conferences like Crypto back when "crypto" meant "cryptography" and Eurocrypt since the 1980s--had to nullify an online election when trustee Moti Yung lost his decryption key. For thi...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/21 12:1 p.m.7 views

AI as Cyberattacker

From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­--using AI not just as an advisor, but to execute the cyberattacks...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/20 12:7 p.m.7 views

Scam USPS and E-Z Pass Texts and Websites

Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused "a cybercriminal group in China" of selling "phishing for dummies" kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/18 12:1 p.m.7 views

AI and Voter Engagement

Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integrating social...

6.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/13 12:9 p.m.7 views

Book Review: The Business of Secrets

The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch May 24, 2024 From the vantage point of today, it's surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn't know whether the cryptography they so...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/10 12:4 p.m.7 views

New Attacks Against Secure Enclaves

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I've written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/07 10:1 p.m.7 views

Friday Squid Blogging: Squid Game: The Challenge, Season Two

The second season of the Netflix reality competition show Squid Game: The Challenge has dropped. Too many links to pick a few--search for it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/03 12:5 p.m.7 views

AI Summarization Optimization

These days, the most important meeting attendee isn’t a person: It’s the AI notetaker. This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence. But clever meeting...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/31 11:8 a.m.7 views

Will AI Strengthen or Undermine Democracy?

Listen to the Audio on NextBigIdeaClub.com Below, co-authors Bruce Schneier and Nathan E. Sanders share five key insights from their new book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship. What's the big idea? AI can be used both for and against the public...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/23 11:4 a.m.7 views

Serious F5 Breach

This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a "sophisticated" threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a "long-term." Security researchers who have...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/03 9:5 p.m.7 views

Friday Squid Blogging: Squid Overfishing in the Southwest Atlantic

Article. Report...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/26 11:4 a.m.7 views

Digital Threat Modeling Under Authoritarianism

Today's world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/25 11:2 a.m.7 views

Malicious-Looking URL Creation Service

This site turns your URL into something sketchy-looking. For example, www.schneier.com becomes...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/24 11:9 a.m.7 views

US Disrupts Massive Cell Phone Array in New York

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/22 11:3 a.m.7 views

Details About Chinese Surveillance and Propaganda Companies

Details from leaked documents: While people often look at China’s Great Firewall as a single, all-powerful government system unique to China, the actual process of developing and maintaining it works the same way as surveillance technology in the West. Geedge collaborates with academic institutio...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/17 11:5 a.m.7 views

Hacking Electronic Safes

Vulnerabilities in electronic safes that use Securam Prologic locks: While both their techniques represent glaring security vulnerabilities, Omo says it's the one that exploits a feature intended as a legitimate unlock method for locksmiths that's the more widespread and dangerous. "This attack i...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/12 9:4 p.m.7 views

A Cyberattack Victim Notification Framework

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/08 6:37 p.m.7 views

Signed Copies of Rewiring Democracy

When I announced my latest book last week, I forgot to mention that you can pre-order a signed copy here. I will ship the books the week of 10/20, when it is published...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/06 12:5 a.m.7 views

Friday Squid Blogging: The Origin and Propagation of Squid

New research paywalled: Editor 's summary: Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history. However, we know very little about their evolution because soft-bodied animals rarely fossilize. Ikegami et al. developed an...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/29 11:1 a.m.7 views

Baggage Tag Scam

I just heard about this: There's a travel scam warning going around the internet right now: You should keep your baggage tags on your bags until you get home, then shred them, because scammers are using luggage tags to file fraudulent claims for missing baggage with the airline. First, the scam i...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 7:0 p.m.7 views

I’m Spending the Year at the Munk School

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. It's not a real sabbatical--I'm just an adjunct--but it's the same idea. I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/14 11:8 a.m.7 views

LLM Coding Integrity Breach

Here's an interesting story about a failure being introduced by LLM-written code. Specifically, the LLM was doing some code refactoring, and when it moved a chunk of code from one file to another it changed a "break" to a "continue." That turned an error logging statement into an infinite loop,...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/08 11:22 p.m.7 views

Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server

In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/08 11:1 a.m.7 views

Google Project Zero Changes Its Disclosure Policy

Google's vulnerability finding team is again pushing the envelope of responsible disclosure: Google's Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/31 11:0 a.m.7 views

Cheating on Quantum Computing Benchmarks

Peter Gutmann and Stephan Neuhaus have a new paper--I think it's new, even though it has a March 2025 date--that makes the argument that we shouldn't trust any of the quantum factorization benchmarks, because everyone has been cooking the books: Similarly, quantum factorisation is performed using...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/30 11:5 a.m.7 views

Why Take9 Won’t Improve Cybersecurity

There's a new cybersecurity awareness campaign: Take9. The idea is that people--you, me, everyone--should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There's a...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/29 9:4 p.m.7 views

Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”

I hadn't known that the NGC 1068 galaxy is nicknamed the "Squid Galaxy." It is, and it's spewing neutrinos without the usual accompanying gamma rays. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 9:2 p.m.7 views

Friday Squid Blogging: Pyjama Squid

The small pyjama squid Sepioloidea lineolata produces toxic slime, "a rare example of a poisonous predatory mollusc." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/01 4:2 p.m.7 views

US as a Surveillance State

Two essays were just published on DOGE's data collection and aggregation, and how it ends with a modern surveillance state. It's good to see this finally being talked about. EDITED TO ADD 5/3: Here's a free link to that first essay...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/20 3:14 p.m.7 views

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/18 11:10 a.m.7 views

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

Really interesting research: "How WEIRD is Usable Privacy and Security Research?" by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract : In human factor fields such as human-computer interaction HCI and psychology, researchers have been concerned that participants mostly come from...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/11 5:14 p.m.7 views

Silk Typhoon Hackers Indicted

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China's Ministry of Publ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/21 10:2 p.m.7 views

Friday Squid Blogging: New Squid Fossil

A 450-million-year-old squid fossil was dug up in upstate New York. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/14 5:5 p.m.7 views

Friday Squid Blogging: Squid the Care Dog

The Vanderbilt University Medical Center has a pediatric care dog named "Squid." Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/30 12:44 p.m.7 views

Fake Reddit and WeTransfer Sites are Pushing Malware

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/23 2:58 p.m.7 views

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy IWORD 2024 at Johns Hopkins University's Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/17 12:5 p.m.7 views

Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/27 10:6 a.m.7 views

Friday Squid Blogging: Squid on Pizza

Pizza Hut in Taiwan has a history of weird pizzas, including a "2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle." Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/29 10:3 p.m.7 views

Friday Squid Blogging: Squid-Inspired Needle Technology

Interesting research: Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy...

7.3AI score
Exploits0
Total number of security vulnerabilities2981