Lucene search
K
SchneierMost viewed

2981 matches found

Schneier on Security
Schneier on Security
added 2025/09/19 9:6 p.m.4 views

Friday Squid Blogging: Giant Squid vs. Blue Whale

A comparison aimed at kids...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/09 11:2 a.m.4 views

New Cryptanalysis of the Fiat-Shamir Protocol

A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I don't see it leading to any practical real-world cryptanalysis...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/05 11:3 a.m.4 views

GPT-4o-mini Falls for Psychological Manipulation

Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024's GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/09/03 11:0 a.m.4 views

Indirect Prompt Injection Attacks Against LLM Assistants

Really good research on practical attacks against LLM agents. "Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous" Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/28 11:0 a.m.4 views

The UK May Be Dropping Its Backdoor Mandate

The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/22 11:4 a.m.4 views

AI Agents Need Data Integrity

Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a "Magna Carta for the Web" to restore the balance of power between individuals and institutions. This mirrors the original charter's purpose: ensuring that those who occupy a territory have ...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/19 11:7 a.m.4 views

Zero-Day Exploit in WinRAR File

A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature ...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/07 11:5 a.m.4 views

China Accuses Nvidia of Putting Backdoors into Their Chips

The government of China has accused Nvidia of inserting a backdoor into their H20 chips: China's cyber regulator on Thursday said it had held a meeting with Nvidia over what it called "serious security issues" with the company's artificial intelligence chips. It said US AI experts had "revealed...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/05 11:6 a.m.4 views

Surveilling Your Children with AirTags

Skechers is making a line of kid's shoes with a hidden compartment for an AirTag...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/08/04 11:1 a.m.4 views

First Sentencing in Scheme to Help North Koreans Infiltrate US Companies

An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers. From an article: According to court documents, Chapman hosted the North Korean IT workers' computers in her own home between October...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/25 9:0 p.m.4 views

Friday Squid Blogging: Stable Quasi-Isodynamic Designs

Yet another SQUID acronym: "Stable Quasi-Isodynamic Design." It's a stellarator for a fusion nuclear power plant...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/23 11:4 a.m.4 views

Google Sues the Badbox Botnet Operators

It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google's security...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/18 9:6 p.m.4 views

Friday Squid Blogging: The Giant Squid Nebula

Beautiful photo. Difficult to capture, this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth's sky. Discovered in 2011 by French astro-imager Nicolas Outters, the Squid Nebula's bipolar shape is distinguished here by the telltale blue emission from doubly...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/16 4:57 p.m.4 views

Hacking Trains

Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device FRED, also known as an End-of-Train EOT device, is attached to the back of a train and sends...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/14 6:46 p.m.4 views

Report from the Cambridge Cybercrime Conference

The Cambridge Cybercrime Conference was held on 23 June. Summaries of the presentations are here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/04 9:1 p.m.4 views

Friday Squid Blogging: How Squid Skin Distorts Light

New research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/30 11:5 a.m.4 views

How Cybersecurity Fears Affect Confidence in Voting Systems

American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn't just political polarization--it's a creeping...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/20 9:4 p.m.4 views

Friday Squid Blogging: Gonate Squid Video

This is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/05/05 4:2 p.m.4 views

Another Move in the Deepfake Creation/Detection Arms Race

Deepfakes are now mimicking heartbeats In a nutshell Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats. The...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/06 12:1 p.m.4 views

The Combined Cipher Machine

Interesting article--with photos!--of the US/UK "Combined Cipher Machine" from WWII...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/21 1:56 p.m.4 views

Story of an Undercover CIA Agent who Penetrated Al Qaeda

Rolling Stone has a long investigative story non-paywalled version here about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the "real life spies" file: a fake Sudanese diving resort run by Mossad...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added yesterday3 views

Friday Squid Blogging: “Squidbleed” Vulnerability

In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.1AI score
Exploits0
Schneier on Security
Schneier on Security
added yesterday3 views

AI Surveillance and Social Progress

In the near future, AI-powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong--shoplift, litter, jaywalk, you name it--the system will notice, retain it, tie it to your official government record, communicate...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/24 11:3 a.m.3 views

Embedding Forbidden Text in Spyware to Discourage AI Analysis

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/02 12:5 p.m.3 views

Flock Exposes Its AI-Enabled Surveillance Cameras

404 Media has the story: Unlike many of Flock's cameras, which are designed to capture license plates as people drive by, Flock's Condor cameras are pan-tilt-zoom PTZ cameras designed to record and track people, not vehicles. Condor cameras can be set to automatically zoom in on people's faces as...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/14 11:9 a.m.3 views

The Trump Administration’s Increased Use of Social Media Surveillance

This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US: The administration has also adapted its methods of social media surveillance. Though agencies like the State Department have gathered millions of handles and monitored political...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/28 7:0 p.m.3 views

That Time Tom Lehrer Pranked the NSA

Bluesky thread. Here's the paper, from 1957. Note reference 3...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/10 11:8 a.m.3 views

Using Signal Groups for Activism

Good tutorial by Micah Lee. It includes some nonobvious use cases...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/04/11 12:35 a.m.3 views

Reimagining Democracy

Imagine that all of us--all of society--have landed on some alien planet and need to form a government: clean slate. We do not have any legacy systems from the United States or any other country. We do not have any special or unique interests to perturb our thinking. How would we govern ourselves...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/03/13 4:12 p.m.3 views

RIP Mark Klein

2006 AT&T whistleblower Mark Klein has died...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/30 11:7 a.m.2 views

Measuring the Attack/Defense Balance

"Who's winning on the internet, the attackers or the defenders?" I'm asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain's latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all...

7.3AI score
Exploits0
Total number of security vulnerabilities2981