Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2025/01/17 12:5 p.m.7 views

Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/27 10:6 a.m.7 views

Friday Squid Blogging: Squid on Pizza

Pizza Hut in Taiwan has a history of weird pizzas, including a "2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle." Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/29 10:3 p.m.7 views

Friday Squid Blogging: Squid-Inspired Needle Technology

Interesting research: Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/27 12:5 p.m.7 views

NSO Group Spies on People on Behalf of Governments

The Israeli company NSO Group sells Pegasus spyware to countries around the world including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda. We assumed that those countries use the spyware themselves. Now we've learned that that's not true: that NSO Group employees operate the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/22 12:6 p.m.7 views

The Scale of Geoblocking by Nation

Interesting analysis: We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/13 12:6 p.m.7 views

Mapping License Plate Scanners in the US

DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/08 10:4 p.m.7 views

Friday Squid Blogging: Squid-A-Rama in Des Moines

Squid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers. How are they doing a live squid release? Simple: this is Des Moines, Washington; not Des...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/06 12:2 p.m.7 views

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in "highly evasive" password spraying. Not sure about the "highly evasive" part; the techniques seem basically what you get in a distributed password-guessing attack: "Any threat actor using the CovertNetwork-1658...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/11 9:4 p.m.7 views

Indian Fishermen Are Catching Less Squid

Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/11 11:3 a.m.7 views

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback RLHF: "SEAL: Systematic Error Analysis for Value ALignment." The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract:...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/23 9:3 p.m.7 views

Friday Squid Blogging: Self-Healing Materials from Squid Teeth

Making self-healing materials based on the teeth in squid suckers. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/18 3:33 p.m.7 views

Criminal Gang Physically Assaulting People for Their Cryptocurrency

This is pretty horrific: …a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elder...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/07/11 3:9 p.m.7 views

Apple Is Alerting iPhone Users of Spyware Attacks

Not a lot of details: Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. Its the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/06/14 5:1 p.m.7 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022. The list is maintained on this page...

1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/03 6:18 a.m.7 views

2017 Tesla Hack

Interesting story of a class break against the entire Tesla fleet...

1.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/09/02 7:2 a.m.7 views

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

3.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/08/31 5:45 a.m.7 views

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

2.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/03 9:7 p.m.6 views

Friday Squid Blogging: Jurassic Fish Chokes on Squid

Here's a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/01 9:59 a.m.6 views

A Taxonomy of Cognitive Security

Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but--even better--Menton has a long essay laying out the basic concepts and ideas. The whole thing is important and well worth reading, and...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/27 8:18 p.m.6 views

Friday Squid Blogging: Bioluminescent Bacteria in Squid

The Hawaiian bobtail squid has bioluminescent bacteria...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/16 9:46 a.m.6 views

Possible New Result in Quantum Factorization

I'm skeptical about--and not qualified to review--this new result in factorization with a quantum computer, but if it's true it's a theoretical improvement in the speed of factoring large numbers with a quantum computer...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/06 10:1 p.m.6 views

Friday Squid Blogging: Squid Fishing Tips

This is a video of advice for squid fishing in Puget Sound. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/26 12:4 p.m.6 views

Ireland Proposes Giving Police New Digital Surveillance Powers

This is coming: The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/19 12:2 p.m.6 views

AI-Powered Surveillance in Schools

It all sounds pretty dystopian: Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition database. Behavioral analysis AI reviews the footage for signs of violent behavior. Behind a bathroom door, a smoke detector-shaped device...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/14 5:0 p.m.6 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada, on January 27, 2026, at 1:30 PM ET. I’m speaking at the Université de Montréal in Montreal, Quebec, Canada, on January 29, 2026, at 4:00...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/12 12:2 p.m.6 views

Corrupting LLMs Through Weird Generalizations

Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs. Abstract LLMs are useful because they generalize so well. But can you have too much of a good thing? We show that a small amount of finetuning in narrow contexts can dramatically shift behavior outside...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/17 12:2 p.m.6 views

Deliberate Internet Shutdowns

For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted "to prevent immoral activities." No additional explanation...

6.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/15 12:2 p.m.6 views

Against the Federal Moratorium on State-Level Regulation of AI

Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence. To many,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/12 12:0 p.m.6 views

Building Trustworthy AI Agents

The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/11 5:6 p.m.6 views

AIs Exploiting Smart Contracts

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature. Here's some interesting research on training AIs to automatically exploit smart contracts: AI models are increasingly good at cyber tasks, as we've written about before. But what is t...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/01 12:59 p.m.6 views

Banning VPNs

This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of "protecting children" in A.B. 105/S.B. 130. It’s an age verification bill that...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/26 12:5 p.m.6 views

Huawei and Chinese Surveillance

This quote is from House of Huawei: The Secret History of China 's Most Powerful Company. "Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been China's star entrepreneur in the 1980s, with his company, the Stone Group, touted as "China's IBM." Wan had believed that economic...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/12 12:1 p.m.6 views

On Hacking Back

Former DoJ attorney John Carlin writes about hackback, which he defines thus: "A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are--­b...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/07 12:1 p.m.6 views

Faking Receipts with AI

Over the past few decades, it's become easier and easier to create fake receipts. Decades ago, it required special paper and printers--I remember a company in the UK advertising its services to people trying to cover up their affairs. Then, receipts became computerized, and faking them required...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/05 12:4 p.m.6 views

Scientists Need a Positive Vision for AI

For many in the research community, it's gotten harder to be optimistic about the impacts of artificial intelligence. As authoritarianism is rising around the world, AI-generated "slop" is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/04 12:5 p.m.6 views

Cybercriminals Targeting Payroll Sites

Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people's credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what is happening. I feel li...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/31 9:6 p.m.6 views

Friday Squid Blogging: Giant Squid at the Smithsonian

I can't believe that I haven't yet posted this picture of a giant squid at the Smithsonian. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/29 11:9 a.m.6 views

Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation. Ars Technica has a really good article with details: Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it ha...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/24 9:7 p.m.6 views

Friday Squid Blogging: “El Pulpo The Squid”

There is a new cigar named "El Pulpo The Squid." Yes, that means "The Octopus The Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/16 11:6 a.m.6 views

Cryptocurrency ATMs

CNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money. The fees are usurious, and they're a common place for scammers to send victims to buy cryptocurrency for them. The companies behind the ATMs, at best, do not care about the harm they cause; the profits...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/23 11:7 a.m.6 views

Apple’s New Memory Integrity Enforcement

Apple has introduced a new hardware/software security feature in the iPhone 17: "Memory Integrity Enforcement," targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily...

7.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/15 11:5 a.m.6 views

Lawsuit About WhatsApp Security

Attaullah Baig, WhatsApp's former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/29 9:4 p.m.6 views

Friday Squid Blogging: Catching Humboldt Squid

First-person account of someone accidentally catching several Humboldt squid on a fishing line. No photos, though. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/26 11:6 a.m.6 views

Encryption Backdoor in Military/Police Radios

I wrote about this in 2023. Here's the story: Three Dutch security analysts discovered the vulnerabilities­--five in total--­in a European radio standard called TETRA Terrestrial Trunked Radio, which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radio...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/25 11:3 a.m.6 views

Poor Password Choices

Look at this: McDonald's chose the password "123456" for a major corporate system...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 9:2 p.m.6 views

Friday Squid Blogging: Bobtail Squid

Nice short article on the bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/12 11:1 a.m.6 views

The “Incriminating Video” Scam

A few years ago, scammers invented a new phishing email. They would claim to have hacked your computer, turned your webcam on, and videoed you watching porn or having sex. BuzzFeed has an article talking about a "shockingly realistic" variant, which includes photos of you and your house--more...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/01 11:7 a.m.6 views

Spying on People Through Airportr Luggage Delivery Service

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it's used by wealthy or important people. So if the company's website is insecure, you'd be able to spy on lots of wealthy or important people. And mayb...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/29 11:2 a.m.6 views

Aeroflot Hacked

Looks serious...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/25 11:10 a.m.6 views

Subliminal Learning in AIs

Today's freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a "student" model learns to prefer owls when trained on sequences of numbers generated by a...

7.3AI score
Exploits0
Total number of security vulnerabilities2981