Lucene search
K
SchneierRecent

2979 matches found

Schneier on Security
Schneier on Security
added 2024/10/04 9:7 p.m.8 views

Friday Squid Blogging: Map of All Colossal Squid Sightings

Interesting map, from this paper. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/03 11:4 a.m.10 views

Weird Zimbra Vulnerability

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It's critical, but difficult to exploit reliably. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren't likely to lead to...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/02 11:1 a.m.10 views

California AI Safety Bill Vetoed

Governor Newsom has vetoed the state's AI safety bill. I have mixed feelings about the bill. There's a lot to like about it, and I want governments to regulate in this space. But, for now, it's all EU. Related, the Council of Europe treaty on AI is ready for signature. It'll be legally binding wh...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/10/01 11:7 a.m.8 views

Hacking ChatGPT by Planting False Memories into Its Data

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant "false memories" into that context window that could...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/30 11:0 a.m.18 views

AI and the 2024 US Elections

For years now, AI has undermined the public's ability to trust what it sees, hears, and reads. The Republican National Committee released a provocative ad offering an "AI-generated look into the country's possible future if Joe Biden is re-elected," showing apocalyptic, machine-made images of...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/27 9:6 p.m.8 views

Squid Fishing in Japan

Fishermen are catching more squid as other fish are depleted. Blog moderation policy...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/27 11:1 a.m.10 views

NIST Recommends Some Common-Sense Password Rules

NIST's second draft of its "SP 800-63-4"--its digital identify guidelines--finally contains some really good rules about passwords: The following requirements apply to passwords: 1. lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require...

7.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/26 11:3 a.m.9 views

An Analysis of the EU’s Cyber Resilience Act

A good--long, complex--analysis of the EU's new Cyber Resilience Act...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/25 11:0 a.m.10 views

New Windows Malware Locks Computer in Kiosk Mode

Clever: A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware "locks" the user's browser on Google's login page with no obviou...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/24 11:5 a.m.22 views

Israel’s Pager Attacks and Supply Chain Vulnerabilities

Israel's brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts have been warning about for years: Our international supply chains for computerized equipment leave us...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/23 3:46 p.m.9 views

Hacking the “Bike Angels” System for Moving Bikeshares

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/21 1:59 a.m.11 views

Friday Squid Blogging: Squid Game Season Two Teaser

The teaser for Squid Game Season Two dropped. Blog moderation policy...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/20 3:32 p.m.11 views

Clever Social Engineering Attack Using Captchas

This is really interesting. Its a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. Clever...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/19 3:40 p.m.9 views

FBI Shuts Down Chinese Botnet

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/17 3:54 p.m.12 views

Remotely Exploding Pagers

Wow. It seems they all exploded simultaneously, which means they were triggered. Were they each tampered with physically, or did someone figure out how to trigger a thermal runaway remotely? Supply chain attack? Malicious code update, or natural vulnerability? I have no idea, but I expect we will...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/17 11:2 a.m.8 views

Python Developers Targeted with Malware During Fake Job Interviews

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign agains...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/16 2:49 p.m.8 views

Legacy Ivanti Cloud Service Appliance Being Exploited

CISA wants everyone--and government agencies in particular--to remove or upgrade an Ivanti Cloud Service Appliance CSA that is no longer being supported. Welcome to the security nightmare that is the Internet of Things...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/14 4:1 p.m.6 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. I’m briefly speaking at the EPIC Champion of Freedom Awards in Washington, D...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/13 9:0 p.m.5 views

Friday Squid Blogging: Squid as a Legislative Negotiating Tactic

This is an odd story of serving squid during legislative negotiations in the Philippines. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/13 6:2 p.m.14 views

My TedXBillings Talk

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is live. Please share. Im hoping for more than 200 views…...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/12 3:42 p.m.13 views

Microsoft Is Adding New Cryptography Algorithms

Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsofts details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/11 11:3 a.m.6 views

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback RLHF: "SEAL: Systematic Error Analysis for Value ALignment." The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract:...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/10 11:4 a.m.18 views

New Chrome Zero-Day

According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency...

9.6CVSS7.1AI score0.19272EPSS
Exploits2
Schneier on Security
Schneier on Security
added 2024/09/09 11:3 a.m.10 views

Australia Threatens to Force Companies to Break Encryption

In 2018, Australia passed the Assistance and Access Act, which--among other things--gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/06 9:9 p.m.9 views

Friday Squid Blogging: Live Video of Promachoteuthis Squid

The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/06 3:16 p.m.9 views

YubiKey Side-Channel Attack

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. Its a complicated attack, requiring the victims username and password, and physical access to their YubiKey--as well as some technical expertise and equipment. Still, nice piece of security analysi...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/05 11:5 a.m.8 views

Long Analysis of the M-209

Really interesting analysis of the American M-209 encryption device and its security...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/04 11:3 a.m.11 views

Security Researcher Sued for Disproving Government Statements

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher. Lets hope the judge throws the case out...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/03 4:3 p.m.14 views

List of Old NSA Training Videos

The NSAs "National Cryptographic School Television Catalogue" from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/02 11:7 a.m.10 views

SQL Injection Attack on Airport Security

Interesting vulnerability: …a special lane at airport security called Known Crewmember KCM. KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips. The KCM process is fairly simple: the employee uses the dedicated la...

8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/30 9:4 p.m.138 views

Friday Squid Blogging: Economic Fallout from Falklands Halting Squid Fishing

Details. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/29 3:58 p.m.5 views

Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

The "long lost lecture" by Adm. Grace Hopper has been published by the NSA. Note that there are two parts. Its a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She wa...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/28 11:0 a.m.12 views

Matthew Green on Telegram’s Encryption

Matthew Green wrote a really good blog post on what Telegrams encryption is and is not. EDITED TO ADD 8/28: Another good explainer from Kaspersky...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/27 11:8 a.m.9 views

The Present and Future of TV Surveillance

Ars Technica has a good article on whats happening in the world of television surveillance. More than even I realized...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/26 11:5 a.m.8 views

US Federal Court Rules Against Geofence Warrants

This is a big deal. A US Appeals Court ruled that geofence warrants--these are general warrants demanding information about all people within a geographical boundary--are unconstitutional. The decision seems obvious to me, but you cant take anything for granted...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/23 9:3 p.m.6 views

Friday Squid Blogging: Self-Healing Materials from Squid Teeth

Making self-healing materials based on the teeth in squid suckers. Blog moderation policy...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/23 11:5 a.m.11 views

Take a Selfie Using a NY Surveillance Camera

This site will let you take a selfie with a New York City traffic surveillance camera. EDITED TO ADD: BoingBoing post...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/23 1:15 a.m.15 views

Surveillance Watch

This is a fantastic project mapping the global surveillance industry...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/21 1:56 p.m.4 views

Story of an Undercover CIA Agent who Penetrated Al Qaeda

Rolling Stone has a long investigative story non-paywalled version here about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the "real life spies" file: a fake Sudanese diving resort run by Mossad...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/20 11:8 a.m.10 views

Hacking Wireless Bicycle Shifters

This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news stor...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/19 11:5 a.m.15 views

The State of Ransomware

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/16 9:6 p.m.8 views

Friday Squid Blog: The Market for Squid Oil Is Growing

How did I not know before now that there was a market for squid oil? The squid oil market has experienced robust growth in recent years, expanding from $4.56 billion in 2023 to $4.94 billion in 2024 at a compound annual growth rate CAGR of 8.5%. The growth in the historic period can be attributed...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/16 11:7 a.m.65 views

New Windows IPv6 Zero-Click Vulnerability

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also share...

9.8CVSS6.9AI score0.70564EPSS
Exploits24
Schneier on Security
Schneier on Security
added 2024/08/15 3:37 p.m.8 views

NIST Releases First Post-Quantum Encryption Algorithms

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes:...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/14 5:1 p.m.8 views

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/14 4:48 p.m.12 views

Texas Sues GM for Collecting Driving Data without Consent

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN: In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to "collect, record, analyze, and transmit highly detailed driving data...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/13 11:4 a.m.13 views

On the Voynich Manuscript

Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript. No one has been able to understand the writing yet, but there are some new understandings: Davis presented her findings at the medieval-studies conference and published them ...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/12 10:14 a.m.8 views

Taxonomy of Generative AI Misuse

Interesting paper: "Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data”: Generative, multimodal artificial intelligence GenAI offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/09 7:4 p.m.13 views

Friday Squid Blogging: SQUID Is a New Computational Tool for Analyzing Genomic AI

Yet another SQUID acronym: SQUID, short for Surrogate Quantitative Interpretability for Deepnets, is a computational tool created by Cold Spring Harbor Laboratory CSHL scientists. Its designed to help interpret how AI models analyze the genome. Compared with other analysis tools, SQUID is more...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/08/09 1:24 p.m.9 views

People-Search Site Removal Services Largely Ineffective

Consumer Reports has a new study of people-search site removal services, concluding that they dont really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal...

7AI score
Exploits0
Total number of security vulnerabilities2979