Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2025/10/17 9:2 p.m.7 views

Friday Squid Blogging: Squid Inks Philippines Fisherman

Good video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/03 9:5 p.m.7 views

Friday Squid Blogging: Squid Overfishing in the Southwest Atlantic

Article. Report...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/29 11:7 a.m.7 views

Abusing Notion’s AI Agent for Data Theft

Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson's lethal trifecta, it's vulnerable to data theft though prompt injection. First, the trifecta: The lethal trifecta of capabilities is: Access to your private data --one of the most common purposes...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/24 11:9 a.m.7 views

US Disrupts Massive Cell Phone Array in New York

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/22 11:3 a.m.7 views

Details About Chinese Surveillance and Propaganda Companies

Details from leaked documents: While people often look at China’s Great Firewall as a single, all-powerful government system unique to China, the actual process of developing and maintaining it works the same way as surveillance technology in the West. Geedge collaborates with academic institutio...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/18 11:6 a.m.7 views

Time-of-Check Time-of-Use Attacks Against LLMs

This is a nice piece of research: "Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents".: Abstract: Large Language Model LLM-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/17 11:5 a.m.7 views

Hacking Electronic Safes

Vulnerabilities in electronic safes that use Securam Prologic locks: While both their techniques represent glaring security vulnerabilities, Omo says it's the one that exploits a feature intended as a legitimate unlock method for locksmiths that's the more widespread and dangerous. "This attack i...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/12 9:4 p.m.7 views

A Cyberattack Victim Notification Framework

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/08 6:37 p.m.7 views

Signed Copies of Rewiring Democracy

When I announced my latest book last week, I forgot to mention that you can pre-order a signed copy here. I will ship the books the week of 10/20, when it is published...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/06 12:5 a.m.7 views

Friday Squid Blogging: The Origin and Propagation of Squid

New research paywalled: Editor 's summary: Cephalopods are one of the most successful marine invertebrates in modern oceans, and they have a 500-million-year-old history. However, we know very little about their evolution because soft-bodied animals rarely fossilize. Ikegami et al. developed an...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/08 11:1 a.m.7 views

Google Project Zero Changes Its Disclosure Policy

Google's vulnerability finding team is again pushing the envelope of responsible disclosure: Google's Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/02 11:2 a.m.7 views

Ubuntu Disables Spectre/Meltdown Protections

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/30 11:5 a.m.7 views

Why Take9 Won’t Improve Cybersecurity

There's a new cybersecurity awareness campaign: Take9. The idea is that people--you, me, everyone--should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There's a...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/29 9:4 p.m.7 views

Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”

I hadn't known that the NGC 1068 galaxy is nicknamed the "Squid Galaxy." It is, and it's spewing neutrinos without the usual accompanying gamma rays. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 9:2 p.m.7 views

Friday Squid Blogging: Pyjama Squid

The small pyjama squid Sepioloidea lineolata produces toxic slime, "a rare example of a poisonous predatory mollusc." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/01 4:2 p.m.7 views

US as a Surveillance State

Two essays were just published on DOGE's data collection and aggregation, and how it ends with a modern surveillance state. It's good to see this finally being talked about. EDITED TO ADD 5/3: Here's a free link to that first essay...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/20 3:14 p.m.7 views

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/18 11:10 a.m.7 views

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

Really interesting research: "How WEIRD is Usable Privacy and Security Research?" by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract : In human factor fields such as human-computer interaction HCI and psychology, researchers have been concerned that participants mostly come from...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/11 5:14 p.m.7 views

Silk Typhoon Hackers Indicted

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China's Ministry of Publ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/21 10:2 p.m.7 views

Friday Squid Blogging: New Squid Fossil

A 450-million-year-old squid fossil was dug up in upstate New York. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/14 5:5 p.m.7 views

Friday Squid Blogging: Squid the Care Dog

The Vanderbilt University Medical Center has a pediatric care dog named "Squid." Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/14 5:1 p.m.7 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025. My talk is at 4:00 PM ET on the 15th. I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. The list is maintaine...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/30 12:44 p.m.7 views

Fake Reddit and WeTransfer Sites are Pushing Malware

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/23 2:58 p.m.7 views

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy IWORD 2024 at Johns Hopkins University's Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/17 12:5 p.m.7 views

Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/07 12:0 p.m.7 views

US Treasury Department Sanctions Chinese Company Over Cyberattacks

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/27 10:6 a.m.7 views

Friday Squid Blogging: Squid on Pizza

Pizza Hut in Taiwan has a history of weird pizzas, including a "2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle." Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/16 12:6 p.m.7 views

Short-Lived Certificates Coming to Let’s Encrypt

Starting next year: Our longstanding offering won't fundamentally change next year, but we are going to introduce a new offering that's a big shift from anything we've done before--short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/29 10:3 p.m.7 views

Friday Squid Blogging: Squid-Inspired Needle Technology

Interesting research: Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/27 12:5 p.m.7 views

NSO Group Spies on People on Behalf of Governments

The Israeli company NSO Group sells Pegasus spyware to countries around the world including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda. We assumed that those countries use the spyware themselves. Now we've learned that that's not true: that NSO Group employees operate the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/22 12:6 p.m.7 views

The Scale of Geoblocking by Nation

Interesting analysis: We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/13 12:6 p.m.7 views

Mapping License Plate Scanners in the US

DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/06 12:2 p.m.7 views

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in "highly evasive" password spraying. Not sure about the "highly evasive" part; the techniques seem basically what you get in a distributed password-guessing attack: "Any threat actor using the CovertNetwork-1658...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/31 3:16 p.m.7 views

Tracking World Leaders Using Strava

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/11 9:4 p.m.7 views

Indian Fishermen Are Catching Less Squid

Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/11 11:3 a.m.7 views

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback RLHF: "SEAL: Systematic Error Analysis for Value ALignment." The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract:...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/23 9:3 p.m.7 views

Friday Squid Blogging: Self-Healing Materials from Squid Teeth

Making self-healing materials based on the teeth in squid suckers. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/18 3:33 p.m.7 views

Criminal Gang Physically Assaulting People for Their Cryptocurrency

This is pretty horrific: …a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elder...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/11 3:9 p.m.7 views

Apple Is Alerting iPhone Users of Spyware Attacks

Not a lot of details: Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. Its the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/15 10:6 p.m.7 views

Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring

The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/14 5:1 p.m.7 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 6:18 a.m.7 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.7 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/03 9:7 p.m.6 views

Friday Squid Blogging: Jurassic Fish Chokes on Squid

Here's a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/01 9:59 a.m.6 views

A Taxonomy of Cognitive Security

Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but--even better--Menton has a long essay laying out the basic concepts and ideas. The whole thing is important and well worth reading, and...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/27 8:18 p.m.6 views

Friday Squid Blogging: Bioluminescent Bacteria in Squid

The Hawaiian bobtail squid has bioluminescent bacteria...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/25 11:2 a.m.6 views

Sen. Wyden Warns of Another Section 702 Abuse

Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved with support of many Democrats nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/20 9:6 p.m.6 views

Friday Squid Blogging: Jumbo Flying Squid in the South Pacific

The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/09 10:57 a.m.6 views

New Attack Against Wi-Fi

It's called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs Service Set Identifiers. This cross-layer identity...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/03 12:4 p.m.6 views

On Moltbook

The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network: Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are ultimately the result of people pulling the strings, more...

6AI score
Exploits0
Total number of security vulnerabilities2981