Lucene search
K
SchneierMost viewed

2980 matches found

Schneier on Security
Schneier on Security
added 2025/07/21 11:4 a.m.5 views

Another Supply Chain Vulnerability

ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department's computer systems--with minimal supervision by U.S. personnel--leaving some of the nation's most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigatio...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/17 11:6 a.m.5 views

Security Vulnerabilities in ICEBlock

The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement ICE officials, promises that it "ensures user privacy by storing no personal data." But that claim has come under scrutiny. ICEBlock creator...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/11 9:4 p.m.5 views

Squid Dominated the Oceans in the Late Cretaceous

New research: One reason the early years of squids has been such a mystery is because squids' lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks--hard mouthparts with high fossilization potential that could help the team...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/07 11:20 a.m.5 views

Hiding Prompt Injections in Academic Papers

Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan's Waseda University, South Korea's KAIST, China's Peking University and the National University of Singapore, as wel...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/03 11:6 a.m.5 views

Surveillance Used by a Drug Cartel

Once you build a surveillance system, you can't control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/27 9:4 p.m.5 views

Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop”

Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/24 11:9 a.m.5 views

Here’s a Subliminal Channel You Haven’t Considered Before

Scientists can manipulate air bubbles trapped in ice to encode messages...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/23 11:4 a.m.5 views

Largest DDoS Attack to Date

It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/20 11:0 a.m.5 views

Surveillance in the US

Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/22 11:6 a.m.5 views

The Voter Experience

Technology and innovation have transformed every part of society, including our electoral experiences. Campaigns are spending and doing more than at any other time in history. Ever-growing war chests fuel billions of voter contacts every cycle. Campaigns now have better ways of scaling outreach...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/14 4:5 p.m.5 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking remotely at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/05 12:0 p.m.5 views

CISA Identifies Five New Vulnerabilities Currently Being Exploited

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don't have any details about who is exploiting them, or how. News article. Slashdot thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/20 12:1 p.m.5 views

An LLM Trained to Create Backdoors in Code

Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/14 1:3 p.m.5 views

AI and Civil Service Purges

Donald Trump and Elon Musk's chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/11 12:8 p.m.5 views

Trusted Execution Environments

Really good--and detailed--survey of Trusted Execution Environments TEEs...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/13 9:0 p.m.5 views

Friday Squid Blogging: Squid as a Legislative Negotiating Tactic

This is an odd story of serving squid during legislative negotiations in the Philippines. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/29 3:58 p.m.5 views

Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

The "long lost lecture" by Adm. Grace Hopper has been published by the NSA. Note that there are two parts. Its a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She wa...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/26 4:40 p.m.4 views

Meta Is Testing Facial Recognition for Police and Military

We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. Alternate news story...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/03/18 11:7 a.m.4 views

Meta’s AI Glasses and Privacy

Surprising no one, Meta's new AI glasses are a privacy disaster. I'm not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/04 12:2 p.m.4 views

US Declassifies Information on JUMPSEAT Spy Satellites

The US National Reconnaissance Office has declassified information about a fleet of spy satellites operating between 1971 and 2006. I'm actually impressed to see a declassification only two decades after decommission...

5.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/30 10:5 p.m.4 views

Friday Squid Blogging: New Squid Species Discovered

A new species of squid. pretends to be a plant: Scientists have filmed a never-before-seen species of deep-sea squid burying itself upside down in the seafloor--a behavior never documented in cephalopods. They captured the bizarre scene while studying the depths of the Clarion-Clipperton Zone CCZ...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/27 12:1 p.m.4 views

The Constitutionality of Geofence Warrants

The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in prison for stealing $195,000 at gunpoint. Police probing...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/23 10:3 p.m.4 views

Friday Squid Blogging: Giant Squid in the Star Trek Universe

Spock befriends a giant space squid in the comic Star Trek: Strange New Worlds: The Seeds of Salvation 5. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/21 12:5 p.m.4 views

Internet Voting is Too Insecure for Use in Elections

No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/13 12:9 p.m.4 views

1980s Hacker Manifesto

Forty years ago, The Mentor--Loyd Blankenship--published "The Conscience of a Hacker" in Phrack. You bet your ass we're all alike… we've been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominate...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/09 12:6 p.m.4 views

Palo Alto Crosswalk Signals Had Default Passwords

Palo Alto's crosswalk signals were hacked last year. Turns out the city never changed the default passwords...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/07 12:3 p.m.4 views

The Wegman’s Supermarket Chain Is Probably Using Facial Recognition

The New York City Wegman's is collecting biometric information about customers...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/02 10:4 p.m.4 views

Friday Squid Blogging: Squid Found in Light Fixture

Probably a college prank. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/26 10:8 p.m.4 views

Friday Squid Blogging: Squid Camouflage

New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/26 12:2 p.m.4 views

IoT Hack

Someone hacked an Italian ferry. It looks like the malware was installed by someone on the ferry, and not remotely...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/18 4:41 p.m.4 views

Someone Boarded a Plane at Heathrow Without a Ticket or Passport

I'm sure there's a story here: Sources say the man had tailgated his way through to security screening and passed security, meaning he was not detected carrying any banned items. The man deceived the BA check-in agent by posing as a family member who had their passports and boarding passes...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/09 12:7 p.m.4 views

AI vs. Human Drivers

Two competing arguments are making the rounds. The first is by a neurosurgeon in the New York Times. In an op-ed that honestly sounds like it was paid for by Waymo, the author calls driverless cars a "public health breakthrough": In medical research, there’s a practice of ending a study early whe...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/08 12:4 p.m.4 views

Substitution Cipher Based on The Voynich Manuscript

Here's a fun paper: "The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext": Abstract: In this article, I investigate the hypothesis that the Voynich Manuscript MS 408, Yale University Beinecke Library is compatible with being a ciphertext ...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/05 10:6 p.m.4 views

Friday Squid Blogging: Vampire Squid Genome

The vampire squid Vampyroteuthis infernalis has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That's more than twice as large as the biggest squid genomes. It's technically not a squid: "The vampire squid is a fascinating twig tenaciously hanging onto the cephalop...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/12 12:1 p.m.4 views

On Hacking Back

Former DoJ attorney John Carlin writes about hackback, which he defines thus: "A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are--­b...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/30 11:5 a.m.4 views

The AI-Designed Bioweapon Arms Race

Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they're created: The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used ...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/13 4:36 p.m.4 views

Rewiring Democracy is Coming Soon

My latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship , will be published in just over a week. No reviews yet, but you can read chapters 12 and 34 of 43 chapters total. You can order the book pretty much everywhere, and a copy signed by me here. Pleas...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/13 11:4 a.m.4 views

AI and the Future of American Politics

Two years ago, Americans anxious about the forthcoming 2024 presidential election were considering the malevolent force of an election influencer: artificial intelligence. Over the past several years, we have seen plenty of warning signs from elections worldwide demonstrating how AI can be used t...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/08 4:10 p.m.4 views

Flok License Plate Surveillance

The company Flok is surveilling us as we drive: A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia's 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in September, was more than four...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/07 11:4 a.m.4 views

AI-Enabled Influence Operation Against Iran

Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel. Key Findings A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer to as...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/02 4:19 p.m.4 views

Daniel Miessler on the AI Attack/Defense Balance

His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest. And if you’re...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/30 11:6 a.m.4 views

Details of a Scam

Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here's an almost: Then he added, "Here at Chase, we'll never ask for your personal information or passwords." On the contrary, he gave me more information--two "cancellation codes" and a long case numbe...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/26 9:3 p.m.4 views

Friday Squid Blogging: Jigging for Squid

A nice story...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/19 9:6 p.m.4 views

Friday Squid Blogging: Giant Squid vs. Blue Whale

A comparison aimed at kids...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/16 11:6 a.m.4 views

Microsoft Still Uses RC4

Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/09 11:2 a.m.4 views

New Cryptanalysis of the Fiat-Shamir Protocol

A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I don't see it leading to any practical real-world cryptanalysis...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/05 11:3 a.m.4 views

GPT-4o-mini Falls for Psychological Manipulation

Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024's GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/03 11:0 a.m.4 views

Indirect Prompt Injection Attacks Against LLM Assistants

Really good research on practical attacks against LLM agents. "Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous" Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/28 11:0 a.m.4 views

The UK May Be Dropping Its Backdoor Mandate

The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 11:4 a.m.4 views

AI Agents Need Data Integrity

Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a "Magna Carta for the Web" to restore the balance of power between individuals and institutions. This mirrors the original charter's purpose: ensuring that those who occupy a territory have ...

7.2AI score
Exploits0
Total number of security vulnerabilities2980