Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2023/12/15 10:6 p.m.7 views

Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring

The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/14 5:1 p.m.7 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 6:18 a.m.7 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.7 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/03 9:7 p.m.6 views

Friday Squid Blogging: Jurassic Fish Chokes on Squid

Here's a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/01 9:59 a.m.6 views

A Taxonomy of Cognitive Security

Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but--even better--Menton has a long essay laying out the basic concepts and ideas. The whole thing is important and well worth reading, and...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/27 8:18 p.m.6 views

Friday Squid Blogging: Bioluminescent Bacteria in Squid

The Hawaiian bobtail squid has bioluminescent bacteria...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/25 11:2 a.m.6 views

Sen. Wyden Warns of Another Section 702 Abuse

Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved with support of many Democrats nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/16 9:46 a.m.6 views

Possible New Result in Quantum Factorization

I'm skeptical about--and not qualified to review--this new result in factorization with a quantum computer, but if it's true it's a theoretical improvement in the speed of factoring large numbers with a quantum computer...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/03 12:4 p.m.6 views

On Moltbook

The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network: Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are ultimately the result of people pulling the strings, more...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/06 10:1 p.m.6 views

Friday Squid Blogging: Squid Fishing Tips

This is a video of advice for squid fishing in Puget Sound. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/26 12:4 p.m.6 views

Ireland Proposes Giving Police New Digital Surveillance Powers

This is coming: The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/19 12:2 p.m.6 views

AI-Powered Surveillance in Schools

It all sounds pretty dystopian: Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition database. Behavioral analysis AI reviews the footage for signs of violent behavior. Behind a bathroom door, a smoke detector-shaped device...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/14 5:0 p.m.6 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada, on January 27, 2026, at 1:30 PM ET. I’m speaking at the Université de Montréal in Montreal, Quebec, Canada, on January 29, 2026, at 4:00...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/12 12:2 p.m.6 views

Corrupting LLMs Through Weird Generalizations

Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs. Abstract LLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/17 12:2 p.m.6 views

Deliberate Internet Shutdowns

For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted "to prevent immoral activities." No additional explanation...

6.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/15 12:2 p.m.6 views

Against the Federal Moratorium on State-Level Regulation of AI

Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence. To many,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/12 12:0 p.m.6 views

Building Trustworthy AI Agents

The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/11 5:6 p.m.6 views

AIs Exploiting Smart Contracts

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature. Here's some interesting research on training AIs to automatically exploit smart contracts: AI models are increasingly good at cyber tasks, as we've written about before. But what is t...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/01 12:59 p.m.6 views

Banning VPNs

This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of "protecting children" in A.B. 105/S.B. 130. It’s an age verification bill that...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/26 12:5 p.m.6 views

Huawei and Chinese Surveillance

This quote is from House of Huawei: The Secret History of China 's Most Powerful Company. "Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been China's star entrepreneur in the 1980s, with his company, the Stone Group, touted as "China's IBM." Wan had believed that economic...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/21 12:1 p.m.6 views

AI as Cyberattacker

From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­--using AI not just as an advisor, but to execute the cyberattacks...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/20 12:7 p.m.6 views

Scam USPS and E-Z Pass Texts and Websites

Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused "a cybercriminal group in China" of selling "phishing for dummies" kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/10 12:4 p.m.6 views

New Attacks Against Secure Enclaves

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I've written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/07 12:1 p.m.6 views

Faking Receipts with AI

Over the past few decades, it's become easier and easier to create fake receipts. Decades ago, it required special paper and printers--I remember a company in the UK advertising its services to people trying to cover up their affairs. Then, receipts became computerized, and faking them required...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/05 12:4 p.m.6 views

Scientists Need a Positive Vision for AI

For many in the research community, it's gotten harder to be optimistic about the impacts of artificial intelligence. As authoritarianism is rising around the world, AI-generated "slop" is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/04 12:5 p.m.6 views

Cybercriminals Targeting Payroll Sites

Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people's credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what is happening. I feel li...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/31 9:6 p.m.6 views

Friday Squid Blogging: Giant Squid at the Smithsonian

I can't believe that I haven't yet posted this picture of a giant squid at the Smithsonian. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/29 11:9 a.m.6 views

Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation. Ars Technica has a really good article with details: Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it ha...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/24 9:7 p.m.6 views

Friday Squid Blogging: “El Pulpo The Squid”

There is a new cigar named "El Pulpo The Squid." Yes, that means "The Octopus The Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/16 11:6 a.m.6 views

Cryptocurrency ATMs

CNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money. The fees are usurious, and they're a common place for scammers to send victims to buy cryptocurrency for them. The companies behind the ATMs, at best, do not care about the harm they cause; the profits...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/26 11:4 a.m.6 views

Digital Threat Modeling Under Authoritarianism

Today's world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/23 11:7 a.m.6 views

Apple’s New Memory Integrity Enforcement

Apple has introduced a new hardware/software security feature in the iPhone 17: "Memory Integrity Enforcement," targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/29 11:1 a.m.6 views

Baggage Tag Scam

I just heard about this: There's a travel scam warning going around the internet right now: You should keep your baggage tags on your bags until you get home, then shred them, because scammers are using luggage tags to file fraudulent claims for missing baggage with the airline. First, the scam i...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/26 11:6 a.m.6 views

Encryption Backdoor in Military/Police Radios

I wrote about this in 2023. Here's the story: Three Dutch security analysts discovered the vulnerabilities­--five in total--­in a European radio standard called TETRA Terrestrial Trunked Radio, which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radio...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 7:0 p.m.6 views

I’m Spending the Year at the Munk School

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. It's not a real sabbatical--I'm just an adjunct--but it's the same idea. I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/14 11:8 a.m.6 views

LLM Coding Integrity Breach

Here's an interesting story about a failure being introduced by LLM-written code. Specifically, the LLM was doing some code refactoring, and when it moved a chunk of code from one file to another it changed a "break" to a "continue." That turned an error logging statement into an infinite loop,...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/01 11:7 a.m.6 views

Spying on People Through Airportr Luggage Delivery Service

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it's used by wealthy or important people. So if the company's website is insecure, you'd be able to spy on lots of wealthy or important people. And mayb...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/31 11:0 a.m.6 views

Cheating on Quantum Computing Benchmarks

Peter Gutmann and Stephan Neuhaus have a new paper--I think it's new, even though it has a March 2025 date--that makes the argument that we shouldn't trust any of the quantum factorization benchmarks, because everyone has been cooking the books: Similarly, quantum factorisation is performed using...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/25 11:10 a.m.6 views

Subliminal Learning in AIs

Today's freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a "student" model learns to prefer owls when trained on sequences of numbers generated by a...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/11 9:4 p.m.6 views

Squid Dominated the Oceans in the Late Cretaceous

New research: One reason the early years of squids has been such a mystery is because squids' lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks--hard mouthparts with high fossilization potential that could help the team...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/09 11:5 a.m.6 views

Yet Another Strava Privacy Leak

This time it's the Swedish prime minister's bodyguards. Last year, it was the US Secret Service and Emmanuel Macron's bodyguards. in 2018, it was secret US military bases. This is ridiculous. Why do people continue to make their data public?...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/27 9:4 p.m.6 views

Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop”

Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/19 11:6 a.m.6 views

Self-Driving Car Video Footage

Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/18 2:37 p.m.6 views

Ghostwriting Scam

The variations seem to be endless. Here's a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopes of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/06 2:41 p.m.6 views

Report on the Malicious Uses of AI

OpenAI just published its annual report on malicious uses of AI. By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/02 6:4 p.m.6 views

Privacy for Agentic AI

Sooner or later, it's going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it's worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a company that is commercializing Tim...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/14 4:3 p.m.6 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. I'm speaking at the University of Toronto's Rotman School of Management in Toronto, Canada, on April 3, 2025. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/07 5:3 p.m.6 views

Rayhunter: Device to Detect Cellular Surveillance

The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area. It runs on a $20 mobile hotspot...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/26 12:7 p.m.6 views

UK Demanded Apple Add a Backdoor to iCloud

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. I...

6.9AI score
Exploits0
Total number of security vulnerabilities2981