Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2025/02/07 3:26 p.m.11 views

Screenshot-Reading Malware

Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition OCR to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/06 12:3 p.m.13 views

AIs and Robots Should Sound Robotic

Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance an...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/05 12:3 p.m.11 views

On Generative AI Security

Microsoft's AI Red Team just published "Lessons from Red Teaming 100 Generative AI Products." Their blog post lists "three takeaways," but the eight lessons in the report itself are more useful: 1. Understand what the system can do and where it is applied. 2. You don't have to compute gradients t...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/04 12:1 p.m.9 views

Deepfakes and the 2024 US Election

Interesting analysis: We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project source for our analysis, which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/02/03 12:5 p.m.8 views

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the 90 users in...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/31 10:3 p.m.12 views

Friday Squid Blogging: On Squid Brains

Interesting. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/30 12:44 p.m.6 views

Fake Reddit and WeTransfer Sites are Pushing Malware

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/29 12:4 p.m.10 views

ExxonMobil Lobbyist Caught Hacking Climate Activists

The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists: The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/28 12:9 p.m.13 views

CISA Under Trump

Jen Easterly is out as the Director of CISA. Read her final interview: There's a lot of unfinished business. We have made an impact through our ransomware vulnerability warning pilot and our pre-ransomware notification initiative, and I'm really proud of that, because we work on preventing somebo...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/27 12:2 p.m.15 views

New VPN Backdoor

A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/24 10:1 p.m.13 views

Friday Squid Blogging: Beaked Whales Feed on Squid

A Travers' beaked whale Mesoplodon traversii washed ashore in New Zealand, and scientists conlcuded that "the prevalence of squid remains in its stomachs suggests that these deep-sea cephalopods form a significant part of the whale's diet, similar to other beaked whale species." Blog moderation...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/23 2:58 p.m.7 views

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy IWORD 2024 at Johns Hopkins University's Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/22 12:4 p.m.8 views

AI Will Write Complex Laws

Artificial intelligence AI is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies--all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is onl...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/21 12:2 p.m.6 views

AI Mistakes Are Very Different from Human Mistakes

Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death. Over the...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/20 12:6 p.m.9 views

Biden Signs New Cybersecurity Order

President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates for protecting government networks...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/17 10:2 p.m.10 views

Friday Squid Blogging: Opioid Alternatives from Squid Research

Is there nothing that squid research can't solve? "If you're working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain," he said. … Researchers hope to...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/17 12:5 p.m.7 views

Social Engineering to Disable iMessage Protections

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/16 12:3 p.m.10 views

FBI Deletes PlugX Malware from Thousands of Computers

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from "approximately 4,258 U.S.-based computers and networks." Details: To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/15 12:0 p.m.8 views

Phishing False Alarm

A very security-conscious company was hit with a presumed massive state-actor phishing attack with gift cards, and everyone rallied to combat it--until it turned out it was company management sending the gift cards...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/14 5:5 p.m.6 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025. I’m also signing books there on Saturday, February 8, starting at 1:45 PM. I’m speaking at Boskone 62 in Boston,...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/14 12:0 p.m.9 views

The First Password on the Internet

It was created in 1973 by Peter Kirstein: So from the beginning I put password protection on my gateway. This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password. In fact this was the first...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/13 12:1 p.m.8 views

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Not sure this will matter in the end, but it's a positive move: Microsoft is accusing three individuals of running a "hacking-as-a-service" scheme that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content. The foreign-based...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/10 10:6 p.m.10 views

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

News: A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests. … The study tested the material in an irrigation ditch, a...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/10 4:27 p.m.14 views

Apps That Are Spying on Your Location

404 Media and Wired are reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating ap...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/09 5:16 p.m.12 views

Zero-Day Vulnerability in Ivanti VPN

It's being actively exploited...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/07 12:0 p.m.7 views

US Treasury Department Sanctions Chinese Company Over Cyberattacks

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/06 12:6 p.m.11 views

Privacy of Photos.app’s Enhanced Visual Search

Initial speculation about a new Apple feature...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/03 10:4 p.m.9 views

Friday Squid Blogging: Anniversary Post

I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week with maybe only a few exceptions. There is a lot out there about squid, even more if you count the other meanings of the word. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/03 2:46 p.m.9 views

ShredOS

ShredOS is a stripped-down operating system designed to destroy data. GitHub page here...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/01/02 8:22 p.m.7 views

Google Is Allowing Device Fingerprinting

Lukasz Olejnik writes about device fingerprinting, and why Google's policy change to allow it in 2025 is a major privacy setback. EDITED TO ADD 1/12: Shashdot thread...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/31 12:2 p.m.8 views

Gift Card Fraud

It's becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/30 12:5 p.m.8 views

Salt Typhoon’s Reach Continues to Grow

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/27 12:3 p.m.12 views

Casino Players Using Hidden Cameras for Cheating

The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card values, which are interpreted by an accomplice off-site and fed back to the player via a hidden microphone. Miniaturization is making these devices harder to detect. Presumably AI will soon...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/27 10:6 a.m.7 views

Friday Squid Blogging: Squid on Pizza

Pizza Hut in Taiwan has a history of weird pizzas, including a "2022 scalloped pizza with Oreos around the edge, and deep-fried chicken and calamari studded throughout the middle." Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/26 4:9 p.m.11 views

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/24 12:4 p.m.11 views

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/23 5:4 p.m.9 views

Criminal Complaint against LockBit Ransomware Writer

The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/20 10:0 p.m.8 views

Friday Squid Blogging: Squid Sticker

A sticker for your water bottle. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/19 3:24 p.m.13 views

Mailbox Insecurity

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier, but it's very fragile security...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/18 4:40 p.m.8 views

New Advances in the Understanding of Prime Numbers

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/17 5:4 p.m.12 views

Hacking Digital License Plates

Not everything needs to be digital and "smart." License plates, for example: Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/16 12:6 p.m.7 views

Short-Lived Certificates Coming to Let’s Encrypt

Starting next year: Our longstanding offering won't fundamentally change next year, but we are going to introduce a new offering that's a big shift from anything we've done before--short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/14 5:1 p.m.9 views

Upcoming Speaking Events

This is a current list of where and when I am scheduled to speak: I'm speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM, in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/13 10:5 p.m.9 views

Friday Squid Blogging: Biology and Ecology of the Colossal Squid

Good survey paper. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/13 4:33 p.m.14 views

Ultralytics Supply-Chain Attack

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­--which has almost 60 million downloads--was published to the Python Package Index PyPI package repository. The...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/11 12:2 p.m.12 views

Jailbreaking LLM-Controlled Robots

Surprising no one, it's easy to trick an LLM-controlled robot into ignoring its safety instructions...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/10 12:6 p.m.20 views

Full-Face Masks to Frustrate Identification

This is going to be interesting. It's a video of someone trying on a variety of printed full-face masks. They won't fool anyone for long, but will survive casual scrutiny. And they're cheap and easy to swap...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/09 12:1 p.m.6 views

Trust Issues in AI

This essay was written with Nathan E. Sanders. It originally appeared as a response to Evgeny Morozov in Boston Review's forum, "The AI We Deserve." For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/06 10:5 p.m.10 views

Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device

Fifteen years ago I blogged about a different SQUID. Here's an update: Fleeing drivers are a common problem for law enforcement. They just won’t stop unless persuaded­--persuaded by bullets, barriers, spikes, or snares. Each option is risky business. Shooting up a fugitive’s car is one possibilit...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/06 12:9 p.m.9 views

Detecting Pegasus Infections

This tool seems to do a pretty good job. The company's Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify...

7.1AI score
Exploits0
Total number of security vulnerabilities2979