Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2024/12/04 12:9 p.m.12 views

AI and the 2024 Elections

It's been the biggest year for elections in human history: 2024 is a "super-cycle" year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/03 12:0 p.m.13 views

Algorithms Are Coming for Democracy—but It’s Not All Bad

In 2025, AI is poised to change every aspect of democratic politics--but it won't necessarily be for the worse. India's prime minister, Narendra Modi, has used AI to translate his speeches for his multilingual electorate in real time, demonstrating how AI can help diverse democracies to be more...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/12/02 12:8 p.m.10 views

Details about the iOS Inactivity Reboot Feature

I recently wrote about the new iOS feature that forces an iPhone to reboot after it's been inactive for a longish period of time. Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/29 10:3 p.m.7 views

Friday Squid Blogging: Squid-Inspired Needle Technology

Interesting research: Using jet propulsion inspired by squid, researchers demonstrate a microjet system that delivers medications directly into tissues, matching the effectiveness of traditional needles. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/29 12:1 p.m.13 views

Race Condition Attacks against LLMs

These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and mo...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/27 12:5 p.m.7 views

NSO Group Spies on People on Behalf of Governments

The Israeli company NSO Group sells Pegasus spyware to countries around the world including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda. We assumed that those countries use the spyware themselves. Now we've learned that that's not true: that NSO Group employees operate the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/26 12:1 p.m.10 views

What Graykey Can and Can’t Unlock

This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple's mobile operating system,...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/25 12:9 p.m.13 views

Security Analysis of the MERGE Voting Protocol

Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/22 10:1 p.m.9 views

Friday Squid Blogging: Transcriptome Analysis of the Indian Squid

Lots of details that are beyond me. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/22 12:6 p.m.7 views

The Scale of Geoblocking by Nation

Interesting analysis: We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/21 12:3 p.m.19 views

Secret Service Tracking People’s Locations without Warrant

This feels important: The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn't need a warrant...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/20 4:22 p.m.9 views

Steve Bellovin’s Retirement Talk

Steve Bellovin is retiring. Here's his retirement talk, reflecting on his career and what the cybersecurity field needs next...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/19 12:5 p.m.8 views

Why Italy Sells So Much Spyware

Interesting analysis: Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/18 3:49 p.m.8 views

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023,...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/15 10:7 p.m.9 views

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/15 12:5 p.m.10 views

Good Essay on the History of Bad Password Policies

Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson's work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistak...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/14 12:5 p.m.8 views

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn't been used for a few days, it automatically goes into its "Before First Unlock" state and has to be rebooted. This is a really good security feature. But various police departments don't like it,...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/13 12:6 p.m.7 views

Mapping License Plate Scanners in the US

DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The mobile scanners on cars are not mapped...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/12 12:5 p.m.4 views

Criminals Exploiting FBI Emergency Data Requests

I've been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/08 10:4 p.m.6 views

Friday Squid Blogging: Squid-A-Rama in Des Moines

Squid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers. How are they doing a live squid release? Simple: this is Des Moines, Washington; not Des...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/08 12:3 p.m.8 views

AI Industry is Trying to Subvert the Definition of “Open Source AI”

The Open Source Initiative has published news article here its definition of "open source AI," and it's terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code--it's how the model...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/07 4:13 p.m.10 views

Prompt Injection Defenses Against LLM Cyberattacks

Interesting research: "Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks": Large language models LLMs are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defens...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/07 12:7 p.m.11 views

Subverting LLM Coders

Really interesting research: "An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection": Abstract : Large Language Models LLMs have transformed code completion tasks, providing context-based suggestions to boost...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/06 12:2 p.m.7 views

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in "highly evasive" password spraying. Not sure about the "highly evasive" part; the techniques seem basically what you get in a distributed password-guessing attack: "Any threat actor using the CovertNetwork-1658...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/05 12:8 p.m.8 views

AIs Discovering Vulnerabilities

I've been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren't very good at it yet, but they're...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/04 12:2 p.m.8 views

Sophos Versus the Chinese Hackers

Really interesting story of Sophos's five-year war against Chinese hackers...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/01 9:4 p.m.9 views

Friday Squid Blogging: Squid Sculpture in Massachusetts Building

Great blow-up sculpture. Blog moderation policy. The post Friday Squid Blogging: Squid Sculpture in Massachusetts Building appeared first on Schneier on Security...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/31 3:43 p.m.11 views

Roger Grimes on Prioritizing Cybersecurity Advice

This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guidelin...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/31 3:16 p.m.7 views

Tracking World Leaders Using Strava

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/30 2:48 p.m.9 views

Simson Garfinkel on Spooky Cryptographic Action at a Distance

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/29 11:2 a.m.9 views

Law Enforcement Deanonymizes Tor Users

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/28 4:12 p.m.8 views

Criminals Are Blowing up ATMs in Germany

It's low tech, but effective. Why Germany? It has more ATMs than other European countries, and--if I read the article right--they have more money in them...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/25 9:1 p.m.8 views

Friday Squid Blogging: Giant Squid Found on Spanish Beach

A giant squid has washed up on a beach in Northern Spain. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/25 1:56 p.m.8 views

Watermark for LLM-Generated Text

Researchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this hard is 1 how much text is required for the...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/23 6:16 p.m.8 views

Are Automatic License Plate Scanners Constitutional?

An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. "The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored ...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/22 11:3 a.m.11 views

No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

The headline is pretty scary: "China's Quantum Computer Scientists Crack Military-Grade Encryption." No, it's not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn't bad but was taken widely out of proportion. Cryptography is...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/21 11:9 a.m.10 views

AI and the SEC Whistleblower Program

Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue,...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/18 9:8 p.m.9 views

Friday Squid Blogging: Squid Scarf

Cute squid scarf. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/18 1:58 p.m.8 views

Justice Department Indicts Tech CEO for Falsifying Security Certifications

The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/16 11:3 a.m.11 views

Cheating at Conkers

The men's world conkers champion is accused of cheating with a steel chestnut...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/15 11:6 a.m.10 views

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

The Washington Post has a long and detailed story about the operation that's well worth reading alternate version here. The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/14 4:49 p.m.9 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/14 11:6 a.m.25 views

Perfectl Malware

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security...

9.8CVSS7.4AI score0.96604EPSS
Exploits11
Schneier on Security
Schneier on Security
added 2024/10/11 9:4 p.m.7 views

Indian Fishermen Are Catching Less Squid

Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/11 7:0 p.m.11 views

More on My AI and Democracy Book

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: 1. Rewiring the Republic: How AI Wi...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/11 11:8 a.m.11 views

IronNet Has Shut Down

After retiring in 2014 from an uncharacteristically long tenure running the NSA and US CyberCommand, Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/10 11:0 a.m.13 views

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs's privacy policy--available elsewhere in the app--allows for blanket...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/09 11:5 a.m.10 views

Auto-Identification Smart Glasses

Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious--something similar was done in 2011--but the sort of creepy demo that gets attention. News article...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/08 11:0 a.m.10 views

China Possibly Hacking US “Lawful Access” Backdoor

The Wall Street Journal is reporting that Chinese hackers Salt Typhoon penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law--CALEA--since...

7.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/07 11:2 a.m.10 views

Largest Recorded DDoS Attack is 3.8 Tbps

Cloudflare just blocked the current record DDoS attack: 3.8 terabits per second. Lots of good information on the attack, and DDoS in general, at the link. News article...

7AI score
Exploits0
Total number of security vulnerabilities2979